f6797ac962aacffe446e46a981cbce05_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f6797ac962aacffe446e46a981cbce05_JaffaCakes118
Size

4.9MB
MD5

f6797ac962aacffe446e46a981cbce05
SHA1

e7b4219026a746c4d2e2f96d7f0f0bfa09fadc67
SHA256

c28ddedb5716c4adae1d425602d799a6456e427409eae22a98974d93afae2673
SHA512

2a3e20a7e44a9ee7cfa51f308c9c7f7c285d7f42088ed8b5a7b40ce7f2b194a27d4824b687903f8d1393b1bf259195990ee312243bf13970838d9eaf4c37bf1b
SSDEEP

98304:MfcQzCWpwSlpLYgsc5WQAKIpOps5fIzl1:MfcQGWpbMwCZIzl1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6797ac962aacffe446e46a981cbce05_JaffaCakes118

Files

f6797ac962aacffe446e46a981cbce05_JaffaCakes118
.exe windows:4 windows x86 arch:x86

787826da1ef2cea7327d9311532ed1bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\_Projects\WinAntiSpyware\_Reuse\FSDriver\FileCreationFilter\Release\uwasffNT.pdb

Imports

kernel32

GetLastError
lstrlenA
lstrcmpiA
lstrlenW
lstrcpyA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
lstrcpynA
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
QueryDosDeviceW
CreateThread
Sleep
CreateEventA
lstrcatA
GetCurrentThreadId
SetEvent
FreeLibrary
SizeofResource
LoadResource
WideCharToMultiByte
LoadLibraryExA
GetCommandLineA
GetVersionExA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
MultiByteToWideChar
CreateFileA
DeviceIoControl
CloseHandle
WaitForSingleObject
GetModuleFileNameA
DeleteCriticalSection
InitializeCriticalSection
FindResourceA
RaiseException
GetSystemTimeAsFileTime

user32

CharNextA
TranslateMessage
DispatchMessageA
GetMessageA
PostThreadMessageA
CharUpperA

advapi32

RegQueryInfoKeyA
RegDeleteValueA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
CreateServiceA

shell32

SHGetFileInfoA

ole32

StringFromCLSID
CreateStreamOnHGlobal
CoMarshalInterface
CoReleaseMarshalData
CoUnmarshalInterface
CoInitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoUninitialize

oleaut32

RegisterTypeLi
UnRegisterTypeLi
SysStringLen
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString

shlwapi

PathFindExtensionA

msvcr71

??2@YAPAXI@Z
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
?terminate@@YAXXZ
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_onexit
__dllonexit
__security_error_handler
??1type_info@@UAE@XZ
memset
wcsncpy
_mbslwr
_mbsstr
_resetstkoflw
_wcslwr
wcslen
wcsncmp
_XcptFilter
_exit
_mbschr
memmove
_CxxThrowException
_except_handler3
free
__CxxFrameHandler
malloc
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_purecall
??3@YAXPAX@Z
realloc
wcscpy
wcscat
_c_exit

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

787826da1ef2cea7327d9311532ed1bf

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcr71

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 856B

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 856B

.rsrc
Size: 4KB - Virtual size: 3KB