JaffaCakes118_48f22300d025bdd32df83777cb07b728

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_48f22300d025bdd32df83777cb07b728
Size

159KB
MD5

48f22300d025bdd32df83777cb07b728
SHA1

7baa39f3dcc34b9eedc1e8d10c84a87213683e24
SHA256

26ffd6dfc46314ff1cbe2299f82db84567b805f63000cae1b47b5dfd2aae89b7
SHA512

b59b8bd172ee73fb73548c07fc1fb1c2228e6779e85495c5fdeef2e661a79c3693d0b22e84f1cbb06290c6e5e12a7575ce3e384b9a4fdb393537b8afafb3dcad
SSDEEP

3072:HRccpvUG4OmCnxYWI5SEsjCkoxNSzQF9eSkWa+2Fr2TLSO85:yYU7cJcZZNIoxkT+Yr2nSO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_48f22300d025bdd32df83777cb07b728

Files

JaffaCakes118_48f22300d025bdd32df83777cb07b728
.dll windows:4 windows x86 arch:x86

4a8471176721c0667754c7ab16216f74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\cm\build\public\TkbkWinCln_P5M1B1A.06-10-26\talkback\build\client\vs2003\Release\talkback\tbdiag.pdb

Imports

msvcrt

_adjust_fdiv
_initterm
memmove
memcmp
strcmp
free
malloc
strlen
_strnicmp
rename
_mbsrchr
sprintf
strncpy
_except_handler3
_vsnprintf
time
srand
rand
memchr
memset
memcpy
strrchr
strcpy
strcat
__CxxFrameHandler

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

kernel32

CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenMutexA
GlobalMemoryStatus
QueryPerformanceFrequency
QueryPerformanceCounter
lstrlenA
CreateMutexA
ReleaseMutex
VirtualAlloc
CreateProcessA
CreateDirectoryA
ExitProcess
lstrcmpiA
IsBadStringPtrA
GetFileAttributesA
GetModuleFileNameA
IsBadReadPtr
GetProcAddress
WriteProcessMemory
GetCurrentProcess
VirtualProtect
VirtualQuery
GetSystemInfo
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetModuleHandleA
GetVersion
GetCommandLineA
VirtualFree
CloseHandle
GetCurrentProcessId
SetUnhandledExceptionFilter
IsBadCodePtr
WaitForSingleObject
CreateThread
DuplicateHandle
GetCurrentThreadId
SetErrorMode
LoadLibraryA
FreeLibrary
TlsAlloc
ReadFile
SetFilePointer
CreateFileA
TlsSetValue
TlsGetValue
Sleep
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
IsBadWritePtr
DeleteFileA
SetEndOfFile
GetFileSize
GetTempFileNameA
GetVersionExA
GetThreadContext
GetLastError
TlsFree
GetTickCount
MoveFileA
GetLongPathNameA
OpenProcess
WideCharToMultiByte
InterlockedExchange
TerminateThread
ReleaseSemaphore
TerminateProcess
CreateSemaphoreA
WriteFile
FindClose
FindFirstFileA
FindNextFileA
CopyFileA
ExpandEnvironmentStringsA

user32

LoadStringA
EnumWindows
GetWindowLongA
GetWindowThreadProcessId
CallWindowProcW
GetForegroundWindow
IsWindowUnicode
SetWindowLongW
IsWindow
SetWindowLongA
GetSystemMenu
AppendMenuA
wsprintfA
CallWindowProcA
KillTimer
SetTimer
UnhookWindowsHookEx
GetMenuItemInfoA
GetClassNameA
CallNextHookEx
SetWindowsHookExA
GetWindowTextA
wvsprintfA
EnumChildWindows
IsWindowVisible

advapi32

AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
LookupPrivilegeValueA
OpenThreadToken
RegCloseKey
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
RegOpenKeyA
GetUserNameA

Exports

Exports

FCAddDataToKey
FCAddDateToKey
FCAddIntToKey
FCAddStringToKey
FCAssert
FCAssertInternal1
FCAssertParam
FCAssertParamInternal1
FCCleanup
FCClearCounters
FCClearKey
FCClearKeys
FCCreateCounter
FCCreateKey
FCCreatePersistentCounter
FCCreatePersistentKey
FCCreateSupportIncidentInternal
FCDecrementCounter
FCDeleteDataFromKey
FCDeleteDateFromKey
FCDeleteIntFromKey
FCDeleteKey
FCDeleteStringFromKey
FCEndTimer
FCExceptionHandler
FCFlushNonSharedPersistentKeys
FCGetCounter
FCGetSessionUniqueID
FCHeartbeatTimer
FCIncrementCounter
FCInitialize
FCInitializeInternal
FCInitializeWithManifestInternal
FCInitializeWithManifestInternalEx
FCLibraryVersion
FCRegisterMemory
FCRunMemTest
FCSetCounter
FCSetKeyOptions
FCSetLocale
FCSetMiniDump
FCSetUIState
FCStartTimer
FCTrace
FCTraceInternal
FCTraceParam
FCTraceParamInternal
FCTrigger
FCTriggerInternal
FCTriggerInternal1
FCUnregisterMemory

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4a8471176721c0667754c7ab16216f74

Headers

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

.rmnet
Size: 56KB - Virtual size: 60KB