e254df86e4e11010704a5b1728d2d297_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e254df86e4e11010704a5b1728d2d297_JaffaCakes118
Size

441KB
MD5

e254df86e4e11010704a5b1728d2d297
SHA1

24ed117b6aa709eef053078d351427cb6eebd995
SHA256

c3395f2648abf54bb1a2b5bec3657c834534e5407219d8fb4d42487b2ed07ddd
SHA512

a027482b523c3d218502c2a1f3b88ca71e18eeb007d619849a84c069713703666f36b749f4c19e9157a781f2273554f5f2c48c44944998920152d86d029bb7ed
SSDEEP

6144:U5e07WZvBOxkCChRZiONX11111111111n21N1v11JToKVjYS09WPghFZ0KX9:U5e07WZBCC0ONGx097Z0O9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e254df86e4e11010704a5b1728d2d297_JaffaCakes118

Files

e254df86e4e11010704a5b1728d2d297_JaffaCakes118
.exe windows:4 windows x86 arch:x86

497aba6d3bb6f3f813c240a1b8b49a1d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\wc\divxmediaappsrepository\divxconverterx-08_00_01_sandiego\bin\release\divxconverterlauncher\DivXConverterLauncher.pdb

Imports

kernel32

LoadLibraryW
GetProcAddress
FreeLibrary
WaitForSingleObject
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetModuleHandleW
SetEnvironmentVariableW
GetEnvironmentVariableW
FormatMessageW
SetDllDirectoryW
GetModuleFileNameW
GetLastError
LocalFree
GetCommandLineW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange

advapi32

RegDeleteValueW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW

msvcp80

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEHPBGH@Z
?uncaught_exception@std@@YA_NXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
??$?6GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?str@?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??_D?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?swap@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z

msvcr80

??1exception@std@@UAE@XZ
__CxxFrameHandler3
_CxxThrowException
_controlfp_s
_invoke_watson
_except_handler4_common
??0exception@std@@QAE@XZ
_decode_pointer
_onexit
_lock
memset
_beginthread
_endthread
strstr
memmove_s
__dllonexit
_unlock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_purecall
??_V@YAXPAX@Z
??3@YAXPAX@Z
_invalid_parameter_noinfo
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
memcpy

shlwapi

SHDeleteKeyW
PathFindFileNameW
PathFindExtensionW

user32

EnumWindows
GetWindowLongW
GetMessageW
SendMessageW
PostQuitMessage
DispatchMessageW
IsWindow
GetWindowTextW
DefWindowProcW
PostMessageW
CreateWindowExW
RegisterClassW
SetWindowLongW
MessageBoxW
TranslateMessage
GetClassNameW
DestroyWindow

shell32

CommandLineToArgvW

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

497aba6d3bb6f3f813c240a1b8b49a1d

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msvcp80

msvcr80

shlwapi

user32

shell32

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 284KB - Virtual size: 280KB

.rrdata Size: 76KB - Virtual size: 76KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 284KB - Virtual size: 280KB

.rrdata
Size: 76KB - Virtual size: 76KB