ff1825d15469d80ecad35fbff1253179_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ff1825d15469d80ecad35fbff1253179_JaffaCakes118
Size

553KB
MD5

ff1825d15469d80ecad35fbff1253179
SHA1

ab0df4ce8e1a9048c5a9df526de6374df30e439d
SHA256

5e7bd4b450cb750f1f49ce990296bc6752188494d39cb957cfe66052c3f0b5ba
SHA512

df41b0d1afdeff110d69a52a4fba1441726234f7d8fa98e4aaf9e8d2938cefa755dc86ad9454fcdb35e24d7179a9e365e0321e05773c20de4917cab2467a4c34
SSDEEP

6144:shprHM/hWMybzW64o8rLKhhZtI6MV0l/4kJlJFY4IvxtAo/Smbw0Upfn:AgUM4Wh+E0l/4kJlJFYPxtAl7Zn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff1825d15469d80ecad35fbff1253179_JaffaCakes118

Files

ff1825d15469d80ecad35fbff1253179_JaffaCakes118
.exe .vbs windows:4 windows x86 arch:x86 polyglot

9009b6f8f97a60e7d37a695bf88da2b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\Consumer_Licensing_Technologies_r7.0\Engine\SSAutoRN\Release\SSAutoRN.pdb

Imports

kernel32

ReleaseMutex
SetEvent
CloseHandle
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameA
GetLastError
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
TerminateThread
WaitForSingleObject
CreateEventA
CreateMutexA
GetProcAddress
FindResourceExA
LockResource
GetFileAttributesA
LeaveCriticalSection
GetTickCount
OpenMutexA
GetVersion
lstrcmpA
LocalAlloc
lstrcmpiW
CompareStringA
CompareStringW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoA
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LoadLibraryA
EnterCriticalSection
LocalFree
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LoadLibraryExA
lstrlenA
WaitForMultipleObjects
lstrcpyA

user32

TranslateMessage
CharNextA
UnregisterClassA
wsprintfA
DispatchMessageA
MsgWaitForMultipleObjects
CharUpperW
CharUpperA
CharLowerW
CharLowerA
GetKeyboardType
PeekMessageA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumValueA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA

shell32

SHGetSpecialFolderPathA

ole32

StringFromGUID2
CLSIDFromString
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathFileExistsA
PathAddBackslashA
PathRemoveBackslashA
PathAppendA

msvcp71

?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?_Nomemory@std@@YAXXZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?to_int_type@?$char_traits@G@std@@SAGABG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?eof@?$char_traits@G@std@@SAGXZ
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?to_char_type@?$char_traits@G@std@@SAGABG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
?id@?$ctype@G@std@@2V0locale@2@A
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@ios_base@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?to_int_type@?$char_traits@D@std@@SAHABD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ

msvcr71

memmove
_controlfp
?terminate@@YAXXZ
__set_app_type
__p__fmode
_cexit
_ismbblead
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
_XcptFilter
memset
??3@YAXPAX@Z
strcat
_stricmp
_splitpath
_except_handler3
free
_purecall
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
_endthreadex
??0exception@@QAE@ABV0@@Z
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
sprintf
_beginthreadex
memcpy
malloc
_resetstkoflw
??_V@YAXPAX@Z
realloc
_mbsrchr
swprintf
strlen
_exit
memcmp
atoi
strcpy
abs
_mbslen
wcscpy
_callnewh
__security_error_handler
__dllonexit
_onexit
??1type_info@@UAE@XZ
_c_exit
exit

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 384KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.2rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9009b6f8f97a60e7d37a695bf88da2b5

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 384KB - Virtual size: 380KB

.2rdata Size: 76KB - Virtual size: 76KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 384KB - Virtual size: 380KB

.2rdata
Size: 76KB - Virtual size: 76KB