295c6d08a26fecc11b799d0ef923d8bd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

295c6d08a26fecc11b799d0ef923d8bd_JaffaCakes118
Size

17.1MB
MD5

295c6d08a26fecc11b799d0ef923d8bd
SHA1

a23b961d0bad0f3560c7d55f2a378cdd942d43cf
SHA256

c491e2315fa2cef1589a68d5ffa23ad5e3d379236552394bfe8deeb79ca17106
SHA512

92c3dfa4f15c2479163d56024bbcec0a4c24f5e40a6f55495b94374d3af0c31f27f2852033924ca5aeb46e0ee612bd85e887f07df3609a9fa13a0fb7f9c971df
SSDEEP

196608:1DnW00FesRePaLz80RvjZt/xNcgDJc3B/m4r0CZVYLFHswu8/p:1Cnes7TNcgDux/m4r9ZV6F48x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
295c6d08a26fecc11b799d0ef923d8bd_JaffaCakes118

Files

295c6d08a26fecc11b799d0ef923d8bd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4eed0a885f6f8476ec07e8d032162079

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build\ob\bora-1744117\bora\build\release\ws\vmware-vmx.pdb

Imports

msvcr90

floor
iswctype
wcsstr
_gmtime64
_CIsin
_CIcos
_CIlog
_wcsicmp
isgraph
_wtoi
wcsncpy
fopen
bsearch
atof
_CIlog10
_CIpow
feof
getc
strpbrk
strspn
_snwprintf
isprint
_ctime64
mbtowc
_ecvt_s
_fcvt_s
fread
rewind
sprintf
getenv
strcat_s
sprintf_s
strncpy_s
strcpy_s
fputc
isxdigit
ceil
strftime
toupper
_get_timezone
_localtime64
_amsg_exit
_mktime64
_CIsqrt
_setjmp3
longjmp
srand
atol
islower
_strlwr
_strupr
localeconv
wcrtomb
abort
fseek
_CIatan2
_CIacos
ldexp
_CIatan
_CIexp
strlen
memcmp
ferror
_dup
_lseek
_read
_write
_dup2
_close
_chsize
fwrite
_commit
frexp
_getpid
isalpha
wcscspn
wcschr
towupper
wcsspn
_wmktemp_s
_wgetenv
_waccess
_wunlink
_wrename
_wstat64i32
_wmkdir
_wchdir
_wfopen
_wopen
_fdopen
strcspn
_wcsdup
_open_osfhandle
_fileno
_setmode
strerror
strtod
_strtoui64
_strtoi64
strtol
wcsrchr
isdigit
isalnum
tolower
_snprintf
strstr
wcsncmp
_wgetdcwd
_errno
_wfullpath
_time64
rand
_mbslwr
fclose
wcsncat
strncat
scanf
fgets
fflush
fgetc
strtoul
isspace
_ftime64
memchr
_strdup
calloc
realloc
strtok_s
qsort
malloc
fputs
_get_osfhandle
_fstat64i32
sscanf
atoi
memset
strrchr
_aligned_free
_aligned_malloc
strncpy
_strnicmp
strncmp
strchr
__wargv
__argc
memmove
printf
vfprintf
__iob_func
fprintf
memcpy
free
_stricmp
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
ftell
_setjmp

kernel32

InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetSystemPowerStatus
CreateEventW
BackupWrite
EscapeCommFunction
SetCommBreak
ClearCommBreak
GetCommProperties
GetCommState
SetCommState
SetCommMask
SetCommTimeouts
WaitCommEvent
GetCommModemStatus
GetExitCodeProcess
ReleaseMutex
GenerateConsoleCtrlEvent
GetNamedPipeInfo
LoadResource
SizeofResource
LockResource
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
MapViewOfFileEx
TerminateThread
ReleaseSemaphore
GlobalAlloc
GlobalLock
GlobalUnlock
IsSystemResumeAutomatic
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
ReadFileScatter
WriteFileGather
GlobalFree
GetACP
CreateThread
SetThreadPriority
ExitProcess
GetSystemDirectoryA
FormatMessageA
GetLocalTime
GetSystemTime
DisconnectNamedPipe
ConnectNamedPipe
IsBadReadPtr
GetDriveTypeA
VirtualQuery
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
GetProcAddress
GetModuleHandleW
SetPriorityClass
GetPriorityClass
SetProcessShutdownParameters
SetEnvironmentVariableW
GetLastError
VirtualAlloc
VirtualFree
SetEndOfFile
SetFilePointer
SetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
FlushFileBuffers
GetVersionExA
GetSystemInfo
lstrcmpiA
SetThreadAffinityMask
SetThreadIdealProcessor
GetProcessAffinityMask
GetCurrentThread
FreeLibrary
GlobalMemoryStatus
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceFrequency
GetModuleHandleA
CloseHandle
OpenProcess
ExitThread
SetWaitableTimer
CreateWaitableTimerA
GetSystemTimeAdjustment
SetProcessAffinityMask
GetNumaNodeProcessorMask
GetNumaHighestNodeNumber
VirtualProtect
OutputDebugStringA
LocalFree
LoadLibraryW
SetProcessWorkingSetSize
GetProcessWorkingSetSize
CreateFileW
TlsSetValue
TlsGetValue
RaiseException
TlsAlloc
DebugBreak
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetDiskFreeSpaceExW
MoveFileExW
GetFileTime
SetFileTime
FindFirstFileW
FindNextFileW
FindClose
GetFileInformationByHandle
GetFileAttributesW
DeleteFileW
CreateDirectoryW
RemoveDirectoryW
GetFileType
GetFileAttributesExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetDriveTypeW
ReadFile
GetHandleInformation
SetEvent
WaitForMultipleObjectsEx
CreateEventA
ResetEvent
GetSystemDefaultLangID
GetUserDefaultLangID
VerifyVersionInfoA
VerSetConditionMask
SetDllDirectoryW
GetModuleFileNameW
GetShortPathNameW
OutputDebugStringW
GetFileAttributesA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TryEnterCriticalSection
WriteFile
DuplicateHandle
TlsFree
GetExitCodeThread
OpenThread
LoadLibraryA
GetFullPathNameW
GetLogicalDriveStringsW
GetComputerNameExW
LoadLibraryExW
GetVolumeInformationW
CopyFileW
CreateFileMappingW
SetFileAttributesW
GetDiskFreeSpaceW
FindResourceW
QueryDosDeviceW
GetTempPathW
GetTimeFormatW
GetDateFormatW
FormatMessageW
GetVersionExW
CreateProcessW
CreateMutexW
CreateNamedPipeW
WaitNamedPipeW
CreateSemaphoreW
GetCompressedFileSizeW
DeviceIoControl
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetOverlappedResult
CancelIo
SetErrorMode

user32

keybd_event
GetMessageA
ClientToScreen
SystemParametersInfoA
SetWindowsHookExA
MsgWaitForMultipleObjects
CallNextHookEx
UnhookWindowsHookEx
GetDC
ReleaseDC
CreateCursor
CreateIconIndirect
GetWindow
RegisterClassA
GetParent
SendNotifyMessageA
RegisterWindowMessageW
GetAsyncKeyState
mouse_event
SendInput
DispatchMessageA
SetCursor
ShowWindow
GetKeyboardState
GetForegroundWindow
IsChild
SetFocus
TrackMouseEvent
ScreenToClient
GetUpdateRect
BeginPaint
UnionRect
EndPaint
RemovePropW
GetCursorPos
SetCursorPos
GetMessageExtraInfo
IsWindowVisible
GetKeyState
WindowFromPoint
EmptyClipboard
SetClipboardData
EnumDisplaySettingsExA
GetMonitorInfoA
MonitorFromWindow
EnumDisplayMonitors
DestroyCursor
AttachThreadInput
SetTimer
SetWindowPos
GetWindowRect
PostThreadMessageA
LoadStringW
CreateWindowExW
LoadCursorW
SetWindowTextW
MessageBoxW
PeekMessageA
MsgWaitForMultipleObjectsEx
GetDesktopWindow
DialogBoxParamA
CallWindowProcA
DefWindowProcA
PostQuitMessage
UnregisterClassW
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
RegisterClassW
PostMessageA
CloseClipboard
GetClipboardData
OpenClipboard
GetSystemMetrics
SetPropW
GetDlgItem
SendMessageA
EndDialog

gdi32

SelectObject
DeleteDC
CreateDIBSection
CreateCompatibleDC
SwapBuffers
ChoosePixelFormat
SetPixelFormat
GetPixelFormat
DescribePixelFormat
BitBlt
CreateBitmap
DeleteObject

ole32

CoInitializeEx
CoUninitialize
CoInitialize
CoSetProxyBlanket
CoTaskMemFree
CoQueryProxyBlanket
CoCreateInstance

advapi32

RegQueryValueExA
OpenThreadToken
OpenProcessToken
AllocateAndInitializeSid
FreeSid
DuplicateToken
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
AccessCheck
GetUserNameW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
DeregisterEventSource
RegOpenKeyExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
MapGenericMask
GetFileSecurityW
RevertToSelf
ImpersonateSelf
IsValidSid
SetEntriesInAclW
GetSecurityInfo
LookupPrivilegeValueW
QueryServiceStatus
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
CheckTokenMembership
SetSecurityDescriptorControl
GetNamedSecurityInfoW
GetSecurityDescriptorControl
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
OpenSCManagerW
CryptAcquireContextA
CryptGenRandom
LookupAccountNameW
RegCreateKeyExW
RegSetValueExW
GetExplicitEntriesFromAclW
EqualSid
CryptReleaseContext
OpenServiceW
CloseServiceHandle
GetTokenInformation
GetAce
SetFileSecurityW

shell32

SHGetFolderPathW

cfgmgr32

CM_Get_Parent
CM_Get_Device_IDA

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces

ws2_32

getservbyname
gethostbyaddr
getservbyport
ntohs
ntohl
WSAIoctl
recvfrom
WSALookupServiceBeginA
WSADuplicateSocketA
gethostname
getpeername
WSACloseEvent
WSACreateEvent
WSAResetEvent
WSASend
WSARecv
WSASetEvent
WSAGetOverlappedResult
WSALookupServiceNextA
WSALookupServiceEnd
gethostbyname
htons
htonl
inet_ntoa
select
__WSAFDIsSet
WSASocketA
setsockopt
accept
socket
inet_addr
bind
ioctlsocket
listen
getsockname
connect
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
getsockopt
closesocket
send
recv
WSASetLastError
WSAStartup
WSAAddressToStringA
WSACleanup
getaddrinfo
freeaddrinfo
getprotobyname

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

winmm

mixerSetControlDetails
waveOutGetErrorTextA
waveOutPause
waveInGetErrorTextA
waveInGetDevCapsA
waveInGetNumDevs
waveInStop
waveOutGetPosition
waveOutRestart
waveOutSetVolume
waveOutGetVolume
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutPrepareHeader
waveOutWrite
waveOutReset
waveInReset
waveOutUnprepareHeader
waveOutClose
timeGetTime
waveOutGetNumDevs
waveInGetErrorTextW
waveOutGetErrorTextW
waveOutGetDevCapsA
waveOutOpen
waveInOpen
mixerOpen
mixerClose
waveInUnprepareHeader
waveInClose

dsound

ord1

crypt32

CryptExportPKCS8
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CryptAcquireCertificatePrivateKey
CertFreeCertificateChain
CertGetCertificateChain
CertCreateCertificateContext
CertAddEncodedCertificateToStore

ntdll

_wcsnicmp

winscard

SCardReconnect
SCardCancel
g_rgSCardT0Pci
g_rgSCardT1Pci
SCardListReadersA
SCardConnectW
SCardGetStatusChangeA
g_rgSCardRawPci
SCardTransmit
SCardDisconnect
SCardEstablishContext
SCardBeginTransaction
SCardStatusA
SCardEndTransaction
SCardReleaseContext

winhttp

WinHttpOpen
WinHttpGetProxyForUrl
WinHttpCloseHandle

wtsapi32

WTSRegisterSessionNotification

Exports

Exports

opus_decode
opus_decode_float
opus_decoder_create
opus_decoder_ctl
opus_decoder_destroy
opus_decoder_get_nb_samples
opus_decoder_get_size
opus_decoder_init
opus_encode
opus_encode_float
opus_encoder_create
opus_encoder_ctl
opus_encoder_destroy
opus_encoder_get_size
opus_encoder_init
opus_get_version_string
opus_packet_get_bandwidth
opus_packet_get_nb_channels
opus_packet_get_nb_frames
opus_packet_get_samples_per_frame
opus_packet_parse
opus_repacketizer_cat
opus_repacketizer_create
opus_repacketizer_destroy
opus_repacketizer_get_nb_frames
opus_repacketizer_get_size
opus_repacketizer_init
opus_repacketizer_out
opus_repacketizer_out_range
opus_strerror

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 183KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 418KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4eed0a885f6f8476ec07e8d032162079

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

kernel32

user32

gdi32

ole32

advapi32

shell32

cfgmgr32

setupapi

ws2_32

oleaut32

winmm

dsound

crypt32

ntdll

winscard

winhttp

wtsapi32

Exports

Exports

Sections

.text Size: 5.7MB - Virtual size: 5.7MB

.rdata Size: 3.1MB - Virtual size: 3.1MB

.data Size: 183KB - Virtual size: 1.6MB

.rsrc Size: 7.8MB - Virtual size: 7.8MB

.reloc Size: 418KB - Virtual size: 418KB

.text
Size: 5.7MB - Virtual size: 5.7MB

.rdata
Size: 3.1MB - Virtual size: 3.1MB

.data
Size: 183KB - Virtual size: 1.6MB

.rsrc
Size: 7.8MB - Virtual size: 7.8MB

.reloc
Size: 418KB - Virtual size: 418KB