b4ef9f71253e1fd9646b840772c9cc9d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b4ef9f71253e1fd9646b840772c9cc9d_JaffaCakes118
Size

312KB
MD5

b4ef9f71253e1fd9646b840772c9cc9d
SHA1

fce9d0fb264ec0147a1f2495332fb209a7883f36
SHA256

bc598762a43e9c592ee6f3a1a77052f2013afb1d371e2a9a36496cc83e9f99c9
SHA512

66ee68fdd1d3892b640b80b96f1cbce8fee65c6d8ed3079765212e019f37cbee650a93d739fd06980bb2a6e01bdc2b33ae3c9820c0ae4aaac60a05b7784da12e
SSDEEP

3072:QH9xJxGDpDsnPYU0Mcu0AaeUw4msHwpL3xMZ2+vDQN+eD7psfgeWjYrp:MVG8gXMcDygwL3Gjvs4eD7GYVU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4ef9f71253e1fd9646b840772c9cc9d_JaffaCakes118

Files

b4ef9f71253e1fd9646b840772c9cc9d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7e1ddf2c0250aa56eea0e13e97574292

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

n:\anafreeze\release\analySIS.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mfc71

ord762
ord1069
ord1115
ord2348
ord4031
ord764
ord566
ord6248
ord4467
ord2766
ord4469
ord4473
ord4541
ord4543
ord4293
ord4548
ord4553
ord310
ord2468
ord5403
ord304
ord5529
ord3997
ord781
ord578
ord4108
ord911
ord907
ord784
ord757
ord3333
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord1207
ord5566
ord5230
ord3948
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord3806
ord3801
ord4014
ord4038
ord2176
ord1308
ord1084
ord1187
ord1191
ord3683

msvcr71

_setmbcp
_mbsrchr
malloc
free
_controlfp
_except_handler3
_mktime64
strncpy
strrchr
__CxxFrameHandler
_strdup
atol
_time64
?set_terminate@@YAP6AXXZP6AXXZ@Z
strstr
sscanf
_mbschr
_mbslen
sprintf
_mbsnbcpy
printf
memset
memcpy
__security_error_handler
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

kernel32

WritePrivateProfileStringA
GetProcAddress
GetPrivateProfileStringA
lstrcpyA
GetModuleHandleA
GetPrivateProfileIntA
lstrlenA
lstrcmpiA
GetLastError
GetVersionExA
GetCommandLineA
GetTickCount
SetErrorMode
CreateFileA
WritePrivateProfileSectionA
WritePrivateProfileStructA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
CopyFileA
MoveFileA
GetModuleFileNameA
GetFileAttributesA
lstrcmpA
lstrcatA
SetLastError
LoadLibraryExA
SetCurrentDirectoryA
GetCurrentDirectoryA
SearchPathA
IsBadWritePtr
GetCurrentThread
GetTempFileNameA
GetTempPathA
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetCurrentThreadId
ResumeThread
FlushInstructionCache
GetCurrentProcess
GetThreadContext
SetThreadContext
SuspendThread
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId

user32

wsprintfA
GetActiveWindow
MessageBoxA
CharNextA
IsCharLowerA
LoadStringA
CharUpperA
CharLowerA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

StrCmpNIA

msvcp71

?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e1ddf2c0250aa56eea0e13e97574292

Headers

File Characteristics

PDB Paths

Imports

version

mfc71

msvcr71

kernel32

user32

shell32

shlwapi

msvcp71

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 268KB - Virtual size: 264KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 268KB - Virtual size: 264KB