263ece12358e33ac431164e3fe97d898_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

263ece12358e33ac431164e3fe97d898_JaffaCakes118
Size

832KB
MD5

263ece12358e33ac431164e3fe97d898
SHA1

68f3210c1235bb1f51300f9fc417c83528cc52ae
SHA256

188c9ae2fa8b751023ab131672b87a8b9bad9d541d3302bce974b703fca62afa
SHA512

dedc29f56a44164a130620d1901052b908a4a8d1ad93c6cd5972086098c63b0071fd2aa8d122b131d0180c2558af8fa7dd2a5f36a74cfca0cb6e9eb800965484
SSDEEP

6144:Ejdu/+P5a/5u2gjreHPqZeabQSPi6nOy47WVu4q65694xIoqe7Y1XTW3WLXhLN4c:Ea/5d+6PqZe+vPWY76ku13cukVA0JhS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
263ece12358e33ac431164e3fe97d898_JaffaCakes118

Files

263ece12358e33ac431164e3fe97d898_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d080fb0fe316581721f23c7a66697ee7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\DailyBuild\sources\NeroBackItUp_OCTANE_RELEASE\NeroBackItUp\NBService\UnicodeRelease\NBService.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetCommandLineW
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
GetModuleHandleA
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetCurrentThreadId
lstrcatW
lstrcpynW
GetCurrentThread
GetCurrentProcess
CloseHandle
LocalAlloc
LocalFree
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrcpyW
lstrlenW
GetModuleFileNameW
FreeLibrary
LoadLibraryW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentProcessId
InterlockedExchange
ExitProcess
GetVersionExA
WaitForMultipleObjects
CreateSemaphoreW
SetEvent
ResetEvent
CreateEventW
ReleaseSemaphore
WaitForSingleObject
BackupSeek
BackupWrite
BackupRead
SetFilePointer
GetFileSize
SetFileTime
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
WriteFile
ReadFile
CreateFileW
GetVolumeInformationW
GetWindowsDirectoryW
GetSystemDirectoryW
GetShortPathNameW
IsBadReadPtr
IsBadStringPtrW
IsBadStringPtrA
CompareStringW
WideCharToMultiByte
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
FindNextFileW
SetLastError
FindClose
FindFirstFileW
GetDiskFreeSpaceW
GetDriveTypeW
GetFileAttributesW
MoveFileW
ExpandEnvironmentStringsW
CopyFileW
FormatMessageW
GetLogicalDriveStringsW
GetTempPathW
DeleteFileW
GetTempFileNameW
IsBadWritePtr

user32

GetMessageW
LoadStringW
UnregisterClassW
MessageBoxW
CharNextW
UnregisterClassA
FindWindowW
PostThreadMessageW
DispatchMessageW

advapi32

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
OpenThreadToken
OpenProcessToken
RegEnumKeyExW
QueryServiceConfigW
QueryServiceStatus
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ControlService
DeleteService
CreateServiceW
ChangeServiceConfig2W
OpenSCManagerW
OpenServiceW
CloseServiceHandle
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
LogonUserW
RegCreateKeyW
GetUserNameW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoRegisterClassObject
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoUninitialize
CoRevokeClassObject
StringFromGUID2
StringFromCLSID
CoCreateGuid

oleaut32

SysAllocString
VariantClear
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SysFreeString
SysStringLen
VariantInit

shlwapi

PathFindExtensionW

msvcp71

?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@ios_base@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?_Id_cnt@id@locale@std@@0HA
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?_Xran@_String_base@std@@QBEXXZ
?_Nomemory@std@@YAXXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z

msvcr71

_wcsnicmp
_wcsupr
_wcslwr
_wcsrev
iswspace
wcschr
wcsrchr
wcscat
wcscpy
wcscmp
_wcsicmp
wcsstr
wcspbrk
vswprintf
wcsncmp
iswdigit
_wtoi
strncpy
isspace
floor
localtime
swscanf
mktime
wcsftime
_wfullpath
_wsplitpath
_mbsupr
_mbsinc
_mbsrchr
?swprintf@@YAHPAGIPBGZZ
iswascii
_callnewh
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memset
_except_handler3
__CxxFrameHandler
free
??0exception@@QAE@ABV0@@Z
??0bad_cast@@QAE@ABV0@@Z
_resetstkoflw
fclose
realloc
wcsncpy
_wfopen
_purecall
fwrite
wcslen
fflush
memcpy
malloc
memcmp
memmove
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??_V@YAXPAX@Z
??3@YAXPAX@Z
_CxxThrowException
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ

winmm

PlaySoundW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 536KB - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.erdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d080fb0fe316581721f23c7a66697ee7

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

winmm

version

shell32

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 536KB - Virtual size: 535KB

.erdata Size: 76KB - Virtual size: 76KB

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 536KB - Virtual size: 535KB

.erdata
Size: 76KB - Virtual size: 76KB