06a47247c44a8246c0b427f5597c7834_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06a47247c44a8246c0b427f5597c7834_JaffaCakes118
Size

7.8MB
MD5

06a47247c44a8246c0b427f5597c7834
SHA1

83fca177b6dbb7b8cfdd1e5b76074adde3f56998
SHA256

7b455ac3b21e186453199628dc11590a22826b749028bf9ad3e00c22386c5de8
SHA512

ff6fc0655f07a3ff9336cde496b912e7e72140cff4c66493855f9d9ea2d2acb8ecf0023bd4f1769546b1b892e3897bce4b9aa3243313e0ab48ebdb5adbb01d46
SSDEEP

196608:nkp8EQFx1/s/wjssRTNG7WLB0mdxJLn6zr3fcqv:nkphQ9k/nAYytxJrYUC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06a47247c44a8246c0b427f5597c7834_JaffaCakes118

Files

06a47247c44a8246c0b427f5597c7834_JaffaCakes118
.exe windows:5 windows x86 arch:x86

31105208a02e7bc4a39607ba352b8589

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\proj\QvodSetup\Bin\QvodSetup.pdb

Imports

mfc90u

ord1553
ord404
ord663
ord5869
ord1599
ord293
ord4405
ord6013
ord367
ord636
ord3486
ord1353
ord2758
ord6091
ord6574
ord1665
ord3355
ord6411
ord1493
ord4652
ord5664
ord3489
ord595
ord611
ord9272
ord4044
ord2592
ord337
ord2597
ord613
ord6065
ord4527
ord1047
ord6780
ord586
ord3513
ord6174
ord6418
ord5850
ord5863
ord6040
ord5974
ord6101
ord6096
ord6183
ord6547
ord6372
ord6569
ord4579
ord6566
ord6060
ord6572
ord6063
ord2447
ord6482
ord1098
ord4211
ord7332
ord7138
ord4043
ord4967
ord2695
ord5939
ord2479
ord4490
ord1603
ord2069
ord6579
ord4516
ord2676
ord1329
ord814
ord5737
ord5559
ord690
ord2084
ord813
ord441
ord266
ord265
ord799
ord4631
ord5167
ord5324
ord2208
ord1810
ord1809
ord1675
ord3353
ord6408
ord1754
ord1751
ord4345
ord1492
ord4664
ord5602
ord2074
ord5512
ord6800
ord4603
ord5653
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord2771
ord2983
ord2501
ord2490
ord665
ord406
ord3515
ord4519
ord5182
ord744
ord524
ord4442
ord2596
ord1486
ord5008
ord2057
ord12404
ord13194
ord9972
ord10457
ord10304
ord13136
ord12165
ord12617
ord7766
ord9965
ord3112
ord4728
ord2966
ord3140
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4910
ord4682
ord1354
ord3543
ord2106
ord2537
ord1183
ord3537
ord6760
ord2904
ord4530
ord935
ord4448
ord4423
ord6801
ord4173
ord285
ord3220
ord1607
ord6803
ord4747
ord938
ord286
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord4347
ord4996
ord5680
ord5663
ord6018
ord3115
ord4905
ord5632
ord4681
ord4000
ord1938
ord1137
ord1108
ord639
ord374
ord3794
ord2694
ord811
ord296
ord600
ord280
ord4815
ord1272
ord801

msvcr90

__CxxFrameHandler3
memset
memcpy
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
malloc
free
_fseeki64
_ftelli64
fwrite
fclose
ferror
fread
fopen
?what@exception@std@@UBEPBDXZ
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
exit
_CxxThrowException

kernel32

GetSystemInfo
Process32NextW
CloseHandle
FindResourceW
LoadResource
SizeofResource
OutputDebugStringW
WideCharToMultiByte
Process32FirstW
CreateToolhelp32Snapshot
CreateDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
Sleep
GetLastError
MultiByteToWideChar
CreateProcessW
GetModuleFileNameW
UnhandledExceptionFilter
IsDebuggerPresent
DeleteFileW
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GlobalLock
GlobalAlloc
LockResource
GlobalFree
GlobalUnlock
GetDiskFreeSpaceExW
CreateMutexW
GetSystemDirectoryW
WriteFile
CreateFileW
lstrcpyW
GetModuleHandleW
GetProcAddress
GetVersionExW

user32

IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
EqualRect
wsprintfW
AppendMenuW
GetParent
GetWindowRect
SetTimer
KillTimer
GetSystemMenu
EnableWindow
SendMessageW
LoadIconW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
IsWindow
InvalidateRect

gdi32

PtVisible
RectVisible
DeleteObject
Escape
ExtTextOutW
BitBlt
CreateFontW
CreateCompatibleBitmap
CreateCompatibleDC
TextOutW

advapi32

DeleteService
OpenServiceW
StartServiceW
CreateServiceW
OpenSCManagerW
CloseServiceHandle

shell32

SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFileExistsW

ole32

CoTaskMemFree
CreateStreamOnHGlobal

gdiplus

GdiplusStartup
GdiplusShutdown
GdipFree
GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipDeleteGraphics
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageI

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31105208a02e7bc4a39607ba352b8589

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

gdiplus

msvcp90

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 7.7MB - Virtual size: 7.7MB

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 7.7MB - Virtual size: 7.7MB

.reloc
Size: 26KB - Virtual size: 26KB