1c5196162c96d4ca3e12c1a4d1c9fb8f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1c5196162c96d4ca3e12c1a4d1c9fb8f_JaffaCakes118
Size

380KB
MD5

1c5196162c96d4ca3e12c1a4d1c9fb8f
SHA1

9569cae8bab81c6e4c441a78f310dd0911e50ba4
SHA256

aa5b6352952b8d28bb21d075c498a7f214a1fa50f49346e40adc3a5407f70270
SHA512

9690209fa276d6f605c908d5a7550f956069320272d58acff68404b02f509632f51e468ca3e2f792eab0a45b3462731f41f66bb1da9d94385faa2978bd01d4bc
SSDEEP

6144:9o7PQr+IYm8Gx4bgM/DXM4NkHxLONuUh/tE1cI4c+rP8cphN+YFAxusHU:9UPbv/DXMoeTOeR4p78cph0JnU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c5196162c96d4ca3e12c1a4d1c9fb8f_JaffaCakes118

Files

1c5196162c96d4ca3e12c1a4d1c9fb8f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5dc1145b4abbd4db94112489c68363cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

p:\out_win32\release\avp.pdb

Imports

prremote

PRCreateProcess
PRStopServer
PRIsValidProxy
PRGetObjectProxy
PRReleaseObjectProxy
PRInitialize
PRCloseProcessRequest
PRRegisterObject
PRUnregisterObject
PRDeinitialize

fssync

FSSync_ScreeState
FSSync_ScreeStateEx
FSSync_ScreeActive
FSSync_SetCheck
FSSync_ScreeNotify
FSSync_ScreeSet

kernel32

FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetCommandLineW
GetFileType
GetStdHandle
OpenMutexA
CreateEventA
LoadLibraryExA
MultiByteToWideChar
lstrlenA
SetProcessAffinityMask
SetErrorMode
InitializeCriticalSection
FreeConsole
SetConsoleCtrlHandler
WaitForMultipleObjects
DeleteCriticalSection
CreateProcessA
SetProcessWorkingSetSize
lstrcatA
GetLocaleInfoA
GetPrivateProfileStringA
GetVersion
LocalFree
FormatMessageA
SetConsoleMode
GetConsoleMode
SetConsoleTitleA
AllocConsole
GetModuleFileNameW
GetCurrentThread
SetConsoleCursorPosition
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
GetFileAttributesA
GetFullPathNameA
WideCharToMultiByte
GetTempFileNameA
CreateDirectoryA
GetTempPathA
lstrlenW
CreateSemaphoreA
ReleaseSemaphore
LoadLibraryW
OutputDebugStringA
GetModuleHandleA
GetProcessHeap
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
HeapSize
GetTickCount
CreateMutexA
lstrcpyA
GetLocalTime
GetDriveTypeA
GetDiskFreeSpaceExA
GetExitCodeProcess
GetModuleFileNameA
SetEvent
GetVersionExA
Sleep
ReleaseMutex
SetUnhandledExceptionFilter
TerminateProcess
DeviceIoControl
CreateThread
WaitForSingleObject
GetExitCodeThread
FlushFileBuffers
GetDiskFreeSpaceA
WriteFile
FindFirstFileA
lstrcmpiA
FindNextFileA
FindClose
DeleteFileA
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetFileSize
CloseHandle
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
UnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetACP
GetThreadLocale
HeapDestroy
HeapReAlloc
ExpandEnvironmentStringsA

user32

wsprintfA
GetSystemMetrics
RegisterWindowMessageA
ExitWindowsEx
DefWindowProcA
IsWindow
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
DestroyWindow
CreateWindowExA
RegisterClassA
PostMessageA
MsgWaitForMultipleObjects
MessageBoxW

advapi32

RegDeleteKeyW
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
StartServiceA
ControlService
QueryServiceStatus
DeleteService
CreateServiceA
RegSetValueExW
RegDeleteValueA
SetServiceStatus
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
OpenSCManagerA
OpenServiceA
CloseServiceHandle
GetUserNameA
LookupAccountNameA
IsValidSid
GetLengthSid
CopySid
RegQueryValueExW
RegNotifyChangeKeyValue
AllocateAndInitializeSid
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegEnumValueA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
SetThreadToken
RevertToSelf
OpenThreadToken
RegOpenKeyExW
RegEnumKeyExW
SetSecurityDescriptorSacl

shell32

SHFileOperationA
ShellExecuteExA

msvcr80

_set_invalid_parameter_handler
atoi
strchr
strrchr
wcsrchr
_mbscmp
_mbsicmp
_mbsnbicmp
_time32
memset
_snprintf_s
_itoa
strtoul
_getch
printf
sprintf
wcscpy_s
free
calloc
_recalloc
_beginthreadex
__argc
__argv
_wcsicmp
_makepath
_splitpath
setlocale
atol
_mbslen
??2@YAPAXI@Z
??_V@YAXPAX@Z
setvbuf
_fdopen
_open_osfhandle
__iob_func
malloc
_ismbblead
_localtime32
fflush
fprintf
_vsnprintf
fclose
fgets
fopen
strerror
_errno
_snprintf
getchar
getc
_flushall
sscanf
_invalid_parameter_noinfo
strcpy_s
sprintf_s
_ltoa
memmove_s
wcscat_s
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memmove
memcpy
??_U@YAPAXI@Z
strcat_s

msvcp80

??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0ABV12@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIABV12@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.prdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5dc1145b4abbd4db94112489c68363cc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

prremote

fssync

kernel32

user32

advapi32

shell32

msvcr80

msvcp80

Sections

.text Size: 184KB - Virtual size: 180KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 20KB - Virtual size: 16KB

.prdata Size: 76KB - Virtual size: 76KB

.text
Size: 184KB - Virtual size: 180KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 20KB - Virtual size: 16KB

.prdata
Size: 76KB - Virtual size: 76KB