576d4c026dc7c89d27a46b30ee5c3ce6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

576d4c026dc7c89d27a46b30ee5c3ce6_JaffaCakes118
Size

348KB
MD5

576d4c026dc7c89d27a46b30ee5c3ce6
SHA1

f70c63e647d07407d1fa2f015dd9c62c11204c97
SHA256

2a0510b2b0c034587ca4aa00af3a19a63b2afd7ad536eb0e8efeb1ec9019ffae
SHA512

d6eb0c0d3169daad5903e6ed1eb082bc6c901924164bc0ec5bf4b229e02ff4873825abc7e78c94e174848c1773acf391101530c3929542ebe74a0881d1e8c548
SSDEEP

6144:9U+qd/XISYeJZA1Wxat38fVqRajhilXwdS/Hy9xHpVKRCwnTIIGxGIVEZN4PjNcn:9U+qNXI2VqREhilXwdSvy99pVGCwnTID

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
576d4c026dc7c89d27a46b30ee5c3ce6_JaffaCakes118

Files

576d4c026dc7c89d27a46b30ee5c3ce6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8486d8a1f52c50a4863923999292f82b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\graphviz-ms\bin\gvpr.pdb

Imports

cgraph

agfstin
agnxtout
agfstout
agnxtedge
agfstedge
agcanonStr
agwrite
agidnode
agstrdup_html
agstrfree
agedge
agopen
agbindrec
AgMemDisc
AgIdDisc
agread
aginit
agnxtattr
agparent
agobjkind
agxset
Agdirected
agnameof
agfstsubg
agnxtsubg
agnode
agdegree
agcontains
agisdirected
agisstrict
agnedges
agattrsym
agraphof
agattr
agxget
aghtmlstr
agclose
agroot
agnxtnode
agfstnode
agsetfile
agdelete
agnnodes
agsubg
aggetrec
agsubedge
agsubnode
agnxtin

vmalloc

Vmdcheap
vmopen
vmstrdup
Vmdcsbrk
Vmdebug
vmclear
Vmbest
vmclose

gvc

strncasecmp
strcasecmp

cdt

dtwalk
dtview
Dtset
dtsize
Dtoset
dtopen
dtclose
Dtstack
Dtqueue

msvcr90

_strdup
_access
_read
_open
_close
_write
_dup
_isatty
_lseek
strrchr
_environ
sprintf
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
fclose
fopen
_stat64i32
_fstat64i32
localeconv
frexp
ldexp
_strtoui64
_localtime64
memcpy
strftime
_setjmp3
free
calloc
malloc
realloc
isspace
fprintf
__iob_func
strlen
getenv
strchr
longjmp
exit
strcmp
system
log
pow
exp
atan2
sin
cos
sqrt
atof
atoi
_wassert
strncpy
sscanf
islower
tolower
isupper
strncmp
_getcwd
printf
bsearch
qsort
isalpha
toupper
isdigit
clock
strerror
_errno
ispunct
isprint
iscntrl
isalnum
strcspn
strspn
strcoll
_strtoi64
strtod
rand
srand
_time64
strcpy
memset

kernel32

IsDebuggerPresent
Sleep
InterlockedCompareExchange
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
InterlockedExchange

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 93KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

f27��uT
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8486d8a1f52c50a4863923999292f82b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cgraph

vmalloc

gvc

cdt

msvcr90

kernel32

Sections

.text Size: 223KB - Virtual size: 223KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 93KB - Virtual size: 110KB

.rsrc Size: 1024B - Virtual size: 760B

f27��uT Size: 16KB - Virtual size: 20KB

.text
Size: 223KB - Virtual size: 223KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 93KB - Virtual size: 110KB

.rsrc
Size: 1024B - Virtual size: 760B

f27��uT
Size: 16KB - Virtual size: 20KB