110eaf52c169c6adaae4549229c73190_JaffaCakes118

General

Target

110eaf52c169c6adaae4549229c73190_JaffaCakes118
Size

609KB
MD5

110eaf52c169c6adaae4549229c73190
SHA1

e9a9b254558596b274374ab6431059f94e326d66
SHA256

42af37b11f8b59007510327fbfaaba30810af88492f44bafc4a74ce42320d986
SHA512

593aa4b2639a698f0d2855252a22eb6cca167d4e5de190e00c9549e99a16ecd46c824f3e12bdca94daf3fc7a23f480b57e3d434413917e171830fb3068007d90
SSDEEP

6144:XBp4/7Uop+U1bVbPxt1SuDuH73tAYe0fPYNRa:XcbVbP3ub9XbSRa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
110eaf52c169c6adaae4549229c73190_JaffaCakes118

Files

110eaf52c169c6adaae4549229c73190_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f917e64062e93f6e1fb84c6d467d9bbf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\CO3\mura_temp\BizCom\050Plus\0906保守対応\src\IFVer2_CO6_BizComUA_DirectSound_1_1_0_27\BizCom_UA\release\Uninstall.pdb

Imports

mfc80u

ord2461
ord896
ord577
ord899
ord6171
ord1431
ord2742
ord3925
ord1479
ord2279
ord282
ord2271
ord764
ord631
ord6700
ord386
ord2311
ord293
ord283

msvcr80

_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_waccess
_adjust_fdiv
__CxxFrameHandler3
memset

kernel32

GetLocalTime
RemoveDirectoryW
DeleteFileW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetTempPathW

user32

GetForegroundWindow
MessageBoxW

shell32

SHGetFolderPathW

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f917e64062e93f6e1fb84c6d467d9bbf

Headers

File Characteristics

PDB Paths

Imports

mfc80u

msvcr80

kernel32

user32

shell32

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 928B

.rsrc Size: 52KB - Virtual size: 48KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 928B

.rsrc
Size: 52KB - Virtual size: 48KB