e8a0a0548d710c85bd665b87d88d8abf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e8a0a0548d710c85bd665b87d88d8abf_JaffaCakes118
Size

101KB
MD5

e8a0a0548d710c85bd665b87d88d8abf
SHA1

5906206729a8d47e6dbb49b9f9925995157356d2
SHA256

0e9ada2b0e75eb654d86e11efb2b7eb7352a1d089ff702f8aaca762d81869906
SHA512

5f2450dd050c2b12e9277961e8ad2563e1caf8f5f5d192dfec9104dbf9cf2a488ef462777039a766947497b6baf100bff5b6d3420412a234116d5134cfffd61c
SSDEEP

3072:pYHwlyi0UP+WHOmPKeZO7djuCJcrIcxN/+U:N2mPK1jufxN/J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8a0a0548d710c85bd665b87d88d8abf_JaffaCakes118

Files

e8a0a0548d710c85bd665b87d88d8abf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e3b066c063bc5ab63eb1cce6f523d5e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\dev\work\lucy\682_20060727_0005\Yahoo\YPager\msgrcli\ymsgr_tray\Release\ymsgr_tray.pdb

Imports

kernel32

lstrcmpiA
lstrcmpiW
CompareStringA
CompareStringW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
GetPrivateProfileStringA
GetModuleFileNameA
lstrcpynA
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
GetTimeFormatA
GlobalAddAtomA
GlobalDeleteAtom
GetVersion
InterlockedIncrement
InterlockedDecrement
CloseHandle
GetModuleHandleA
FreeLibrary
LoadLibraryExA
IsDBCSLeadByte
LoadLibraryA
WaitForSingleObject
GetCommandLineA
CreateMutexA
WinExec
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
lstrlenW
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
lstrlenA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
DeleteCriticalSection
InitializeCriticalSection
RaiseException
ReleaseMutex

user32

CharLowerW
CharUpperA
CharUpperW
CharLowerA
UnregisterClassA
GetSubMenu
RegisterWindowMessageA
SetMenuDefaultItem
GetCursorPos
TrackPopupMenu
DestroyMenu
GetMessageA
TranslateMessage
DispatchMessageA
IsDialogMessageA
LoadImageA
RegisterClassExA
CallWindowProcA
PostQuitMessage
wsprintfA
GetClassInfoExA
PostMessageA
UnregisterHotKey
RegisterHotKey
EnumChildWindows
GetWindow
SystemParametersInfoA
MapWindowPoints
GetWindowTextLengthA
GetWindowTextA
ScreenToClient
RedrawWindow
SetTimer
SetFocus
KillTimer
LoadMenuA
SetWindowLongA
GetMenuStringA
GetMenuItemCount
LoadStringA
GetSysColor
CreateWindowExA
GetClientRect
MoveWindow
SetForegroundWindow
GetActiveWindow
DialogBoxParamA
CreateDialogParamA
IsWindow
DestroyWindow
LoadCursorA
RegisterClassA
EndDialog
DefWindowProcA
BeginPaint
FillRect
DrawTextA
EndPaint
CharNextA
SetMenuItemInfoA
GetDesktopWindow
GetWindowLongA
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
SetWindowTextA
EnableWindow
ShowWindow
GetDlgItem
GetParent
SendDlgItemMessageA
SendMessageA

gdi32

SetTextColor
SetBkMode
SetBkColor
CreateSolidBrush
DeleteObject
SelectObject
GetDeviceCaps

advapi32

RegQueryInfoKeyA
RegDeleteKeyA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyA
RegCreateKeyExA
RegCloseKey
RegEnumKeyExA

shell32

Shell_NotifyIconA

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoInitialize

oleaut32

SysAllocStringLen
SysFreeString
VarUI4FromStr

msvcp71

?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?width@ios_base@std@@QBEHXZ
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?to_int_type@?$char_traits@D@std@@SAHABD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?to_int_type@?$char_traits@G@std@@SAGABG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?eof@?$char_traits@G@std@@SAGXZ
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?to_char_type@?$char_traits@G@std@@SAGABG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ

msvcr71

_stricmp
isdigit
islower
isupper
_except_handler3
free
malloc
_resetstkoflw
_CxxThrowException
_mbsstr
memmove
wcscpy
__CxxFrameHandler
??3@YAXPAX@Z
??_V@YAXPAX@Z
atoi
_itoa
_mbsinc
_mbsnbcat
_mbsnbcpy
_mbslwr
strncat
wcsncat
wcslen
_vsnprintf
_mbsicmp
??0exception@@QAE@ABV0@@Z
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
rand
srand
realloc
memset
_callnewh
__dllonexit
_onexit
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_mbsrchr

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e3b066c063bc5ab63eb1cce6f523d5e7

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp71

msvcr71

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 80KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 80KB