eab1ce186838ed5307b66edea2408a6c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eab1ce186838ed5307b66edea2408a6c_JaffaCakes118
Size

176KB
MD5

eab1ce186838ed5307b66edea2408a6c
SHA1

34642bef3ab1dc959e78f7a5e9e20195e1c36590
SHA256

5fd8dde032555c51bc3b004827b3649985d5054629f58feb6eaa23ecb2fdfaaa
SHA512

e34baa66d97fbc654cb79c394f162b607f955665d44f0acb6e3d685bf401a546d8a7049d10a85339620ff7971ac62cb291b406c94df680b6daa3f8399c23c257
SSDEEP

3072:gQ8Ioy6rIHuCPi19X9SOlFXEhpxgFfuapPh+FsdYetaK:W7/gi19NxFXNFfuapPh+sdY1K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eab1ce186838ed5307b66edea2408a6c_JaffaCakes118

Files

eab1ce186838ed5307b66edea2408a6c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

59c7376aa79c0751a723274e8861dd12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

b:\source\source.IC\11976\Release_WDExe_2\Release\WDExe.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
isdigit
vsprintf
_mbclen
_mbsinc
_ismbcspace
atoi
realloc
_mbctoupper
_mbspbrk
_mbsrchr
_makepath
_stati64
memmove
_mbsstr
wcscat
wcschr
_mbschr
memchr
_vsnprintf
wcslen
_stricmp
_mbscmp
gmtime
time
free
malloc
_mbsnbicmp
_mbsnbcpy
sprintf
memset
strlen
strncmp
memcpy
_mbsicmp
strcat
strcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException

kernel32

UnmapViewOfFile
RaiseException
CreateThread
TerminateThread
ResumeThread
CreateProcessA
InterlockedExchange
MultiByteToWideChar
CompareStringA
GetCurrentThreadId
TlsFree
TlsAlloc
VirtualProtect
VirtualQuery
TlsGetValue
TlsSetValue
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
SetFileAttributesA
GetFileAttributesA
FindClose
FindFirstFileA
CreateDirectoryA
CopyFileA
MoveFileA
DeleteFileA
GetVersion
SetEndOfFile
FlushFileBuffers
UnlockFile
LockFile
SetFilePointer
WriteFile
SetLastError
CreateFileA
SetErrorMode
WideCharToMultiByte
GetDriveTypeA
GetVolumeInformationA
GetLogicalDriveStringsA
GetFileInformationByHandle
lstrlenA
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateMailslotA
ExpandEnvironmentStringsA
GetLocalTime
GetComputerNameA
ReadFile
GetMailslotInfo
GetCommandLineA
GetPrivateProfileStringA
GetPrivateProfileIntA
LocalFree
FormatMessageA
LoadLibraryA
GetModuleFileNameA
GetProcAddress
FreeLibrary
GetSystemDefaultLangID
FindResourceA
LoadResource
LockResource
FreeResource
GetProfileStringA
Sleep
GetExitCodeProcess
CloseHandle
CreateFileMappingA
GetLastError
MapViewOfFile
OpenFileMappingA
GetVersionExA
GetModuleHandleA
CreateEventA
GetStartupInfoA
MulDiv
SetEvent
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetCurrentProcessId
GetTempPathA
GetTempFileNameA

Exports

Exports

CommandeComposante
DeclareProxy
LibereMutex

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59c7376aa79c0751a723274e8861dd12

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 80KB - Virtual size: 77KB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 80KB - Virtual size: 77KB