f5cd89bb9ecbd518f2986cf9a1ab0125_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f5cd89bb9ecbd518f2986cf9a1ab0125_JaffaCakes118
Size

123KB
MD5

f5cd89bb9ecbd518f2986cf9a1ab0125
SHA1

e97e28a0c1234eb5b466d839a1a43403ca14c696
SHA256

53778f0d694ef23df404d9bd854503c34602b41cb4709ea7f5cc30631d4ced9b
SHA512

2de907a0e53676c258818f282c827f8a4062600cba6b74bc054129a34e83690129f7bf16e9065f1b0bb9568754c54042b8c57e257d910142f32c0978fb949c64
SSDEEP

3072:/OpPTI5dKiJC0eo+UiBLBYqadG8AVJOFVgau8NIicruAEZ6Wc:NBJCFczG8gJOFVgYIjm0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5cd89bb9ecbd518f2986cf9a1ab0125_JaffaCakes118

Files

f5cd89bb9ecbd518f2986cf9a1ab0125_JaffaCakes118
.exe windows:5 windows x86 arch:x86

77a20bf6245d30ffd8efb056c55bf614

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bld_area\cc\Common_Client_1000\src\r10.0.0\Bin\Win32\Release Unicode\ccSvcHst.pdb

Imports

kernel32

SetErrorMode
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetProcAddress
FreeLibrary
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
lstrlenW
GetFileAttributesW
TerminateProcess
CloseHandle
Sleep
CreateProcessW
GetModuleFileNameW
GetCurrentProcessId
GetStdHandle
DuplicateHandle
GetCurrentProcess
GetCurrentThread
SetProcessShutdownParameters
GetProcessShutdownParameters
WaitForMultipleObjects
GetModuleHandleW
SetPriorityClass
GetPriorityClass
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
LoadLibraryA
InterlockedExchange
LocalAlloc
GetSystemTimeAsFileTime

user32

RegisterWindowMessageW
RegisterDeviceNotificationW
SystemParametersInfoW
UnregisterDeviceNotification

ole32

CoInitializeSecurity

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr90

_vscwprintf
wcsnlen
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
memmove_s
free
calloc
_recalloc
??2@YAPAXI@Z
wcscat_s
??_V@YAXPAX@Z
memcmp
??0exception@std@@QAE@ABQBDH@Z
memcpy
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
??0exception@std@@QAE@XZ
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
wcsstr
_purecall
_CxxThrowException
memcpy_s
_endthreadex
wcslen
memset
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_XcptFilter
vswprintf_s
__CxxFrameHandler3

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77a20bf6245d30ffd8efb056c55bf614

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

msvcp90

msvcr90

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 3KB

.rsrc Size: 36KB - Virtual size: 36KB

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 3KB

.rsrc
Size: 36KB - Virtual size: 36KB