0b88e37cfef697ee7494e05d13441d0c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b88e37cfef697ee7494e05d13441d0c_JaffaCakes118
Size

813KB
MD5

0b88e37cfef697ee7494e05d13441d0c
SHA1

4a15ec49d89cc77d6e379b2ea9db0ef0f35daf84
SHA256

19ad038984c99c722cfb0827a1b9e83b56babe62f26158b356b939654f9a61ba
SHA512

3d48886dc693975f308e8d873d16c460bfdf6b891bce2dc17277ff089d3fa2fd014018c50bf9541d7f11c4dd78b248793cd765b8b3fce42effa6f571c2f27e07
SSDEEP

6144:O8KzxGTwyOpabsscx0iBks3FErOdzwiUfGOKYdYt0dinQ1fSjcuf+ZmrQ9mpj:O8BTyabsscx0iC5iJOxmnQlHmrQ9K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b88e37cfef697ee7494e05d13441d0c_JaffaCakes118

Files

0b88e37cfef697ee7494e05d13441d0c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

729a25b0eeca9dc183e05faddc2fc129

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Build\Chili\CHILI2_RELEASE\NeroMediaManager\Browser\src\NeroMediaBrowser\Release Unicode\NeroHome.pdb

Imports

winmm

mixerGetNumDevs
mixerGetLineControlsW
mixerGetDevCapsW
mixerGetLineInfoW
mixerSetControlDetails
mixerGetControlDetailsW
mixerClose
mixerOpen

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

kernel32

LockResource
GetSystemTimeAsFileTime
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
CloseHandle
WaitForSingleObject
GetCommandLineW
FreeConsole
Sleep
CreateThread
CreateEventW
GetModuleFileNameW
SetEvent
lstrlenW
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
GetModuleHandleW
GetCurrentThreadId
FindClose
FindNextFileW
FindFirstFileW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
GetCurrentProcessId
LoadLibraryExW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
FindResourceW
WideCharToMultiByte
lstrlenA
InterlockedCompareExchange
WriteFile
CreateFileW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
GetModuleFileNameA
FormatMessageW
LocalFree
IsBadReadPtr
GetEnvironmentVariableW
GetProcAddress
LoadLibraryW
GetSystemDefaultLangID
GetLocaleInfoW
FreeResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent

user32

DispatchMessageW
PostMessageW
CharNextW
CharUpperW
CreateWindowExW
RegisterClassW
DestroyWindow
UnregisterClassW
UnregisterClassA
PostThreadMessageW
MessageBoxW
GetKeyState
SetWindowLongW
GetWindowLongW
SetForegroundWindow
SetTimer
KillTimer
PostQuitMessage
TranslateMessage
IsWindow
IsWindowVisible
LoadImageW
SendMessageW
LoadIconW
SetWindowTextW
GetMessageW
DefWindowProcW

advapi32

RegCreateKeyExW
RegOpenCurrentUser
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteExW

ole32

CoRevokeClassObject
CoRegisterClassObject
CoSuspendClassObjects
CoCreateInstance
CoResumeClassObjects
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx
CoUninitialize
StringFromGUID2
CreateStreamOnHGlobal
OleLoadFromStream
CoDisconnectObject

oleaut32

VariantClear
SysFreeString
SysAllocString
GetActiveObject
RegisterActiveObject
VariantChangeTypeEx
RevokeActiveObject
VariantChangeType
VariantInit
VarBstrCmp
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VariantCopy
SysAllocStringLen
VarBstrCat
SysStringLen
SysStringByteLen
SysAllocStringByteLen

shlwapi

PathRemoveFileSpecW

msvcp80

??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

msvcr80

memmove
strcat_s
_exit
fclose
fseek
ftell
fread
_vsnprintf_s
sscanf_s
tolower
isalpha
isalnum
strncmp
strchr
_vsnwprintf_s
_vscwprintf
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
fprintf
__p__commode
__p__fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_lock
_onexit
_invoke_watson
_controlfp_s
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__getmainargs
_cexit
isspace
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
??2@YAPAXI@Z
malloc
free
memcpy_s
wcscpy_s
wcsncpy_s
wcscat_s
??_V@YAXPAX@Z
calloc
_recalloc
memset
memcpy
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
_purecall
_wsplitpath_s
strlen
wcscmp
_stricmp
_wtoi
strcmp
_strupr_s
strncpy_s
_snwprintf_s
fopen_s

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 536KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.erdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

729a25b0eeca9dc183e05faddc2fc129

Headers

File Characteristics

PDB Paths

Imports

winmm

setupapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp80

msvcr80

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 20KB - Virtual size: 22KB

.rsrc Size: 536KB - Virtual size: 532KB

.erdata Size: 72KB - Virtual size: 72KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 20KB - Virtual size: 22KB

.rsrc
Size: 536KB - Virtual size: 532KB

.erdata
Size: 72KB - Virtual size: 72KB