e904bb179ec66802899b2df70011ca57_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e904bb179ec66802899b2df70011ca57_JaffaCakes118
Size

608KB
MD5

e904bb179ec66802899b2df70011ca57
SHA1

c3832deed3a261b562e7d79ce617b401ce095e21
SHA256

c4cde94ac379b926c29ef73288b54852720fcb3e63a82995d97c4f3d125279c5
SHA512

57dec2c5f6af150967e77064b9875384f242a5e4bd4e7397225f2bd4d5200db3562d6bd9f25383f35a47c37c9d1fef19503624f59fe5ba41c9631f94afa39570
SSDEEP

6144:kKpUFQdP17LQ+OPdYVL2PyBCOtCqK24zIQZdpI0R7pvCUp4K1y4IFzhwhRzWjkxo:kKpUFQdRadYVCqHKdUUd6otzmZvYNZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e904bb179ec66802899b2df70011ca57_JaffaCakes118

Files

e904bb179ec66802899b2df70011ca57_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3bd995a5d0bfbdb93246d25a0e3e8d77

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\sdcore\AlertMgr\AlertMgrProj\release\hpqbam08.pdb

Imports

comctl32

_TrackMouseEvent
InitCommonControlsEx

winmm

PlaySoundW

msimg32

GradientFill

kernel32

SetEvent
GetCommandLineW
ReleaseMutex
CreateMutexW
LocalFree
LocalAlloc
lstrcpynW
GetACP
lstrcpyW
FreeResource
CreateFileW
SetFilePointer
LoadLibraryW
SetErrorMode
GetProcAddress
WriteFile
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
InterlockedExchange
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FreeLibrary
FlushInstructionCache
GetCurrentProcess
GetTickCount
CloseHandle
GetCurrentThreadId
SetLastError
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GlobalAlloc
GetTimeFormatW
GetDateFormatW
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalFree
GlobalHandle
LockResource
lstrlenA
WaitForSingleObject
Sleep
CreateThread
CreateEventW

user32

RedrawWindow
SetTimer
ShowWindow
GetWindowRgn
SetWindowRgn
IsWindow
InvalidateRect
UpdateWindow
ReleaseDC
GetDC
ScreenToClient
GetClientRect
GetWindowRect
SetWindowPos
SetWindowTextW
SendMessageW
GetDesktopWindow
PostMessageW
GetWindowLongW
SetWindowLongW
CharNextW
GetClassInfoExW
LoadCursorW
CopyRect
SetRect
InflateRect
FrameRect
DrawIconEx
LoadImageW
DrawTextExW
PostThreadMessageW
GetCursorPos
DestroyWindow
DefWindowProcW
AnimateWindow
SetLayeredWindowAttributes
RegisterClassExW
FillRect
PtInRect
CreateWindowExW
GetSystemMetrics
SetCursor
EndPaint
BeginPaint
OffsetRect
GetMessageW
DispatchMessageW
TranslateMessage
CallWindowProcW
GetSysColor
MoveWindow
ClientToScreen
InvalidateRgn
SetCapture
IsChild
GetParent
GetDlgItem
GetClassNameW
ReleaseCapture
MsgWaitForMultipleObjects
PostQuitMessage
PeekMessageW
LoadStringW
GetDialogBaseUnits
SystemParametersInfoW
LoadBitmapW
CharUpperW
MapDialogRect
SetWindowContextHelpId
SendDlgItemMessageW
CreateDialogIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
CreateAcceleratorTableW
DestroyAcceleratorTable
SetFocus
GetFocus
GetWindow
KillTimer
UnregisterClassA

gdi32

CreateFontW
GetTextMetricsW
DPtoLP
CreateFontIndirectW
GetDeviceCaps
CreateRoundRectRgn
GetLayout
SetLayout
SetBkMode
StretchBlt
GetObjectW
GetTextExtentPoint32W
CreateRectRgn
GetClipBox
SelectClipRgn
RectVisible
FrameRgn
SetTextColor
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
GetStockObject
CreatePen
SelectObject
Rectangle
CreateSolidBrush
MoveToEx
LineTo
DeleteObject

advapi32

RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW

ole32

CoResumeClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoSuspendClassObjects
OleUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

LoadTypeLi
LoadRegTypeLi
VariantCopy
VarUI4FromStr
OleCreateFontIndirect
UnRegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantInit
SysFreeString
SysStringLen
RegisterTypeLi
SetErrorInfo
CreateErrorInfo
VarBstrCat
SysAllocStringLen
VariantClear

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
?terminate@@YAXXZ
_except_handler4_common
toupper
_chdrive
_wchdir
_wgetcwd
_itow_s
_wcsicmp
wcscat_s
_resetstkoflw
_wcmdln
_endthreadex
calloc
_adjust_fdiv
wcscpy_s
_purecall
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??_V@YAXPAX@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memset
__CxxFrameHandler3
swprintf_s
wcsncpy_s
_CxxThrowException
memcpy_s
free
malloc
floor
ceil
??3@YAXPAX@Z
_initterm
_initterm_e
_configthreadlocale
_beginthreadex
__setusermatherr
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
_recalloc
__p__commode
_controlfp_s

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 336KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

[
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3bd995a5d0bfbdb93246d25a0e3e8d77

Headers

File Characteristics

PDB Paths

Imports

comctl32

winmm

msimg32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp80

msvcr80

Sections

.text Size: 156KB - Virtual size: 153KB

.rdata Size: 48KB - Virtual size: 46KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 336KB - Virtual size: 333KB

[ Size: 52KB - Virtual size: 52KB

.text
Size: 156KB - Virtual size: 153KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 336KB - Virtual size: 333KB

[
Size: 52KB - Virtual size: 52KB