eda8f776c5ee92ae3d035ac651d77e9b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eda8f776c5ee92ae3d035ac651d77e9b_JaffaCakes118
Size

892KB
MD5

eda8f776c5ee92ae3d035ac651d77e9b
SHA1

09db333fb4f4ac1bd3d4d1a57e54f48d3008f1a0
SHA256

27952bdc14f992f92319154af111081ad2e6a68c269cf5dd838b89078fbfa24d
SHA512

26c374cc4462e88ce8019ff79ac9d145e8ecf6355cf25f34ed004dfc80c8047768da9848e83d5e190e90c9aa83014be042dd2b1cc0237289962e99173c7654b4
SSDEEP

6144:0WGnhPCEPQlYNcadjWcPS6NsOL4yBwxQcsUnL6Pgzauois4vGeJ/ymiCqB:0WSUE4lYNcaddN7wfssLiKTM/epNiH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eda8f776c5ee92ae3d035ac651d77e9b_JaffaCakes118

Files

eda8f776c5ee92ae3d035ac651d77e9b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9a3c617bda1299af1120cb508af0d4e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\JOB\FY12EPP\SOUECE_WW\Step1\release\EPQuicker.pdb

Imports

gdiplus

GdiplusStartup
GdiplusShutdown

eplib

_EPLibSetLaunchAppNo@4
_EPLibSetValue@8
_EPLibGetValue@8
_EPLibSetPrinter@4
_EPLibDoQuickPrint@4
_EPLibGetQuickPrintInfo@12
ord2
_EPLibSetMode@4
ord3
ord1
ord4

mfc80

ord2408
ord2413
ord5200
ord2396
ord5214
ord3879
ord6703
ord4580
ord3875
ord299
ord3641
ord1903
ord1489
ord4125
ord2902
ord297
ord427
ord4735
ord4212
ord664
ord3441
ord784
ord354
ord870
ord605
ord2092
ord4238
ord2958
ord3230
ord1425
ord3023
ord5866
ord658
ord907
ord3934
ord556
ord744
ord5097
ord5346
ord334
ord593
ord2131
ord908
ord3255
ord1486
ord911
ord745
ord6006
ord2176
ord5715
ord1308
ord1185
ord557
ord1084
ord1091
ord5320
ord6296
ord1181
ord2306
ord1191
ord1187
ord5330
ord5089
ord2259
ord1183
ord914
ord913
ord6286
ord3997
ord4108
ord5529
ord3514
ord1031
ord865
ord384
ord629
ord317
ord584
ord380
ord5493
ord2703
ord2702
ord301
ord1211
ord1159
ord305
ord3201
ord3806
ord5583
ord2018
ord2063
ord1025
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord273
ord4541
ord3683
ord3333
ord4481
ord2838
ord5566
ord566
ord5213
ord757
ord5230
ord4568
ord3948
ord5226
ord2248
ord2931
ord1920
ord3830
ord3832
ord1054
ord5224
ord5382
ord6219
ord5102
ord3317
ord1955
ord4100
ord2094
ord3758
ord6063
ord3244
ord501
ord709
ord5563
ord3302
ord6090
ord2234
ord2371
ord332
ord5613
ord4118
ord2372
ord2160
ord3952
ord1395
ord2168
ord1063
ord1283
ord1482
ord2272
ord2938
ord3195
ord620
ord2271
ord347
ord602
ord1279
ord5637
ord3182
ord3161
ord2368
ord5731
ord3595
ord570
ord5567
ord759
ord4569
ord5227
ord378
ord628
ord2249
ord3635
ord5833
ord2164
ord3576
ord2367
ord1968
ord589
ord330
ord631
ord2280
ord386
ord5803
ord3684
ord3401
ord1412
ord2497
ord5658
ord4320
ord2657
ord2264
ord4353
ord356
ord4115
ord1085
ord2654
ord6065
ord3583
ord3423
ord3989
ord1290
ord1979
ord5642
ord3164
ord4232
ord1545
ord2086
ord587
ord3454
ord4085
ord4081
ord6180
ord6174
ord3202
ord2758
ord1207
ord1460
ord4094
ord2887
ord2892
ord2576
ord2288
ord2751
ord2755
ord783
ord2748
ord2904
ord2886
ord2891
ord2575
ord3931
ord1440
ord2346
ord1580
ord5331
ord262
ord6297
ord1198
ord1452
ord6310
ord555
ord313
ord5490
ord4888
ord1467
ord1929
ord5727
ord6037
ord4109
ord3439
ord5719
ord5921
ord5401
ord5414
ord5588
ord5523
ord5647
ord5888
ord6057
ord4161
ord6054
ord5608
ord6060
ord5611
ord2527
ord2392
ord265
ord2415
ord2403
ord2385
ord2991
ord2387
ord2405
ord2178
ord3163
ord2172
ord2322
ord1522
ord3761
ord6279
ord3802
ord876
ord6277
ord3345
ord4967
ord1362
ord5175
ord310
ord1964
ord6067
ord1656
ord2020
ord1655
ord5182
ord1599
ord266
ord578
ord2537
ord5403
ord4890
ord2731
ord1671
ord6725
ord2835
ord1670
ord5915
ord4307
ord1794
ord1551
ord1620
ord2714
ord1617
ord2862
ord2468
ord304
ord6724
ord3946
ord2540
ord5912
ord1402
ord2646
ord1401
ord2533
ord3210
ord5491
ord4244
ord5152
ord1908
ord3718
ord5203
ord5073
ord3719
ord4262
ord6275
ord3709
ord4185
ord2644
ord3949
ord4486
ord4261
ord1123
ord3403
ord4722
ord1934
ord4282
ord762
ord1600
ord5960
ord5235
ord1280
ord5233
ord923
ord928
ord932
ord781
ord930
ord741
ord934
ord2390
ord2095
ord2410
ord572
ord1591
ord2394
ord4240
ord2400
ord1917
ord2398
ord764
ord1010
ord3150

msvcr80

_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_initterm_e
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_mbscmp
memcpy
fopen
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_decode_pointer
_setmbcp
_purecall
_access
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
_mbsrchr
_invalid_parameter_noinfo
malloc
free
_strdup
__argc
__argv
__RTDynamicCast
_recalloc
_resetstkoflw
calloc
wcscpy_s
__CxxFrameHandler3
_CxxThrowException
memmove_s
_mbsnbcpy
_ismbstrail
_splitpath
_mktime64
_wmakepath_s
_wsplitpath_s
_wfullpath
memset
strtol
atoi
strcpy_s
fclose
fread
_controlfp_s

kernel32

LoadLibraryA
GetPrivateProfileIntA
GetModuleFileNameA
GetPrivateProfileStringA
MultiByteToWideChar
GetLocaleInfoA
GetModuleHandleA
GetVersionExA
InterlockedExchange
FileTimeToLocalFileTime
SetLastError
lstrlenA
GetLongPathNameA
GetFullPathNameA
GetProcAddress
LoadResource
FindResourceA
lstrcatA
lstrcpyA
LocalAlloc
RaiseException
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FreeLibrary
GetCurrentProcessId
CreateFileMappingA
GetLastError
MapViewOfFileEx
CloseHandle
FlushViewOfFile
UnmapViewOfFile
GetTempPathA
CreateDirectoryA
GetFileAttributesA
SetFileAttributesA
DeleteFileA
ResumeThread
CreateMutexA
RemoveDirectoryA
ReleaseMutex
SetThreadLocale
IsDBCSLeadByte
WaitForSingleObject
SetEvent
GetCurrentThreadId
LockResource
GetACP
GetThreadLocale
FileTimeToSystemTime

user32

UpdateWindow
GetUpdateRect
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetDlgCtrlID
PtInRect
ClientToScreen
GetWindowLongA
GetKeyState
ReleaseCapture
GetCapture
GetNextDlgGroupItem
WindowFromPoint
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetSysColorBrush
WindowFromDC
CharPrevA
CharNextA
RegisterWindowMessageA
GetParent
UnhookWindowsHookEx
DispatchMessageA
TranslateMessage
EqualRect
SetWindowsHookExA
SetForegroundWindow
ReleaseDC
SetTimer
LoadBitmapA
GetDesktopWindow
ModifyMenuA
InsertMenuA
AppendMenuA
LoadMenuA
SetPropA
LoadIconA
GetMonitorInfoA
MonitorFromRect
GetWindow
SetWindowRgn
GetTopWindow
GetActiveWindow
IsRectEmpty
SetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
IsWindowVisible
DrawIcon
InvalidateRect
PostQuitMessage
RemovePropA
IsIconic
CopyRect
PeekMessageA
GetSysColor
IsZoomed
IntersectRect
TranslateAcceleratorA
LoadAcceleratorsA
GetSystemMetrics
SetRectEmpty
GetDC
SetRect
KillTimer
keybd_event
SendMessageA
GetWindowRect
GetClientRect
PostMessageA
EnableWindow
FillRect

gdi32

CreateDIBSection
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateBitmap
GetCurrentObject
GetTextColor
GetBkMode
GetBkColor
PtInRegion
CreateCompatibleBitmap
StretchDIBits
BitBlt
CreateSolidBrush
DeleteObject
CreateFontIndirectA
GetObjectA
StretchBlt
CreateCompatibleDC
CombineRgn
CreateRectRgn
GetStockObject
CreateDIBPatternBrushPt

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExA

shell32

SHGetSpecialFolderPathA

comctl32

_TrackMouseEvent
InitCommonControlsEx

ole32

CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysAllocStringLen
VariantClear
SysFreeString

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 644KB - Virtual size: 650KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9a3c617bda1299af1120cb508af0d4e7

Headers

File Characteristics

PDB Paths

Imports

gdiplus

eplib

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp80

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 644KB - Virtual size: 650KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 644KB - Virtual size: 650KB