f66b3a4800f4363756e894055756aada_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f66b3a4800f4363756e894055756aada_JaffaCakes118
Size

141KB
MD5

f66b3a4800f4363756e894055756aada
SHA1

b9e9132bf327917d2ea4367ea77db4689a69253b
SHA256

fd306a79545841d9ed57df6b088a8a4fa4088ce40795f5cb76e84e3ab1004865
SHA512

7c68dc3b422257679ad2a0f1b93d92f4d09640ddd525a810726238986cc3bb4197cf3cc24633043ecc192ce0539da13d69bd5f40bad4739a598ec932da50b7c4
SSDEEP

3072:Lc3AdasdOK/1ecv5RtMq5KHFhXVPBovBt:Y3A0WOK/RZ0lhfovBt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f66b3a4800f4363756e894055756aada_JaffaCakes118

Files

f66b3a4800f4363756e894055756aada_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b5c0b3ee9279e3115386b076ba9cddc4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\AngusBuilds\July_06_2010\Release\Impdwg.pdb

Imports

xlate

?TMessageBox@@YAHPAUHWND__@@PBD1G@Z

cadlink.exe

?translate_point@@YGXPAN0PBUTM@@@Z
_mul_tm@8

basedir

?GetDoubleCadlink@@YGNPBD0N@Z
?GetIntCadlink@@YGHPBD0H@Z

mfc90

ord800

msvcr90

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
?terminate@@YAXXZ
memcpy
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
ceil
_fpreset
vsprintf_s
_clearfp
signal
_controlfp
_CIsin
_CIcos
_CItan
_crt_debugger_hook
__CxxFrameHandler3
_CIsqrt
_CIatan2
memset

kernel32

GetSystemTimeAsFileTime
_llseek
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcessId
_lopen
_lread
LoadLibraryA
HeapSize
GetProcAddress
GetProcessHeap
_lclose
HeapFree
HeapAlloc
FreeLibrary
lstrcmpA
HeapReAlloc

user32

wsprintfA
GetWindowLongA
FindWindowA

Exports

Exports

?FloatErrorMsg@@YAXHH@Z
CheckFile
CloseFile
GetFileHandle
GetImportCommand

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5c0b3ee9279e3115386b076ba9cddc4

Headers

File Characteristics

PDB Paths

Imports

xlate

cadlink.exe

basedir

mfc90

msvcr90

kernel32

user32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 9KB

.rsrc Size: 100KB - Virtual size: 100KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 9KB

.rsrc
Size: 100KB - Virtual size: 100KB

.reloc
Size: 3KB - Virtual size: 2KB