29829b4b6f9df2494d135722e6c7d375_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29829b4b6f9df2494d135722e6c7d375_JaffaCakes118
Size

452KB
MD5

29829b4b6f9df2494d135722e6c7d375
SHA1

f98857463ddf7e7b9824b022b4d801cff7ed3c86
SHA256

c35da88ca8ce6f5de77d703b28b43ddbe01b4a96634149cc6f07b3833e1ce973
SHA512

1eefa81fef8e635c5728965d0f8a1fadf6ca3449164ef32add5ed2f286fdbedd87ce6d1737fbbf5a198bc0b92b70ea91bfb4a1167b755b3de5a0c60fb3076745
SSDEEP

6144:WJVudLtpCyGUyJ0qvORErmBuJdBTPOegvao2YL++M3JjDkU8Pi6chEBwLFJ/:PLyJ0qFrmYdQeIaxYg5jDkrihaU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29829b4b6f9df2494d135722e6c7d375_JaffaCakes118

Files

29829b4b6f9df2494d135722e6c7d375_JaffaCakes118
.exe windows:4 windows x86 arch:x86

711f844e84e3c39e3f9ce89decc37740

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\work\HEAD_Desktop10\bin\win32\release\vsserv.pdb

Imports

bdfltlib

FlGetLogFile
FlSetTraceFile
FlGetTraceFile
FlQueryDriver
FlStartDriver
FlUnregisterBypassPid
FlRegisterBypassPid
FlSetOpt
FlGetOpt
FlStartScanner
FlStopScanner
FlSetOptVarlen
FlSetLogFile
FlGetDriverVersion

zlib

ord34
ord17
ord12
ord16

ws2_32

getservbyport
inet_ntoa
WSACleanup
WSAStartup
htons
ntohl
ntohs
gethostbyaddr

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

xcomm

ord11
ord13
ord12
ord1
ord7
ord8
ord9
ord3
ord4
ord5
ord15
ord2

procinf

ord1
ord2

mimeinf

ord1

bdch

ord1

bdsubmit

ord14
ord18
ord15
ord22
ord1
ord2
ord17
ord3
ord19
ord21

url

InetIsOffline

bdfdll_x86

start_dll_injection
uninit_bdfdll_module
set_dll_fname
start_proc_monitor
init_bdfdll_module

kernel32

HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetStartupInfoA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetSystemDirectoryA
GetWindowsDirectoryA
TerminateThread
ResumeThread
SuspendThread
GetThreadPriority
SetThreadPriority
DuplicateHandle
MoveFileA
GetFileSize
InterlockedCompareExchange
WaitForMultipleObjects
GetFileTime
FileTimeToSystemTime
GetSystemTime
CreateProcessA
ExitProcess
OutputDebugStringA
FormatMessageA
GetPrivateProfileIntA
SetErrorMode
InterlockedDecrement
InterlockedIncrement
LocalAlloc
LocalFree
CreateMutexA
OpenMutexA
WriteFile
SetFilePointer
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
GetVersion
lstrcmpiA
lstrlenA
FreeLibrary
GetTickCount
LoadLibraryA
CompareStringA
GetEnvironmentVariableA
GetStringTypeExA
SetEvent
GetTempPathA
ResetEvent
GetModuleFileNameA
CloseHandle
WaitForSingleObject
OpenProcess
GetCurrentProcess
CreateEventA
ReleaseSemaphore
Sleep
GetCurrentProcessId
DeleteFileA
CopyFileA
CreateSemaphoreA
SetProcessWorkingSetSize
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetPrivateProfileStringA
CreateFileA
DeviceIoControl
LeaveCriticalSection
EnterCriticalSection
lstrcpynA
AreFileApisANSI
SetLastError
GetFullPathNameA
GetFileAttributesA
GetModuleHandleA
GetTempFileNameA
GetCurrentThreadId
GetShortPathNameA
FindClose
FindFirstFileA
CreateDirectoryA
ReleaseMutex

bdutils

??1CFileVersionInfo@@UAE@XZ
?create_tdlist@@YAPAU_TDLIST@@PAD@Z
?add_tdmember@@YAPAU_TDLIST@@PAU1@PAXH@Z
?get_tdhead@@YAPAU_TDLIST@@PAU1@@Z
?destroy_tdlist@@YAXPAU_TDLIST@@@Z
?dup_section@@YAHPAU_TDFILE@@PAD1@Z
?sm_bDefaultDirectoryInitialized@CBDDebug@@2_NA
?get_value@@YAHPAU_TDFILE@@PAD1PAX1H@Z
?GetOriginalFileName@CFileVersionInfo@@QBEPBDXZ
?set_value@@YAHPAU_TDFILE@@PAD1PAX1H@Z
?save_tdfile@@YAHPAU_TDFILE@@@Z
?close_tdfile@@YAXPAU_TDFILE@@@Z
?Trace@CBDDebug@@QAAXPBDZZ
?load_tdfile@@YAPAU_TDFILE@@PBD@Z
?section_exists@@YAHPAU_TDFILE@@PAD@Z
?get_tdtail@@YAPAU_TDLIST@@PAU1@@Z
?GetFileDescription@CFileVersionInfo@@QBEPBDXZ
?Create@CFileVersionInfo@@QAEHPBD@Z
??0CFileVersionInfo@@QAE@XZ
?GetMode@CBDDebug@@QAEHXZ
?save_tdfile_as@@YAHPAU_TDFILE@@PAD@Z
?SetOutputFile@CBDDebug@@QAEXPBD@Z
?SetMode@CBDDebug@@QAEXH@Z
??0CBDDebug@@QAE@H@Z
??1CBDDebug@@QAE@XZ
?create_tdfile@@YAPAU_TDFILE@@PBD@Z
?sm_szDefaultOutputPath@CBDDebug@@2PADA

wslib

WSLibNew
WSLibDelete

user32

TranslateMessage
GetMessageA
ShowWindow
RegisterClassA
CreateWindowExA
DispatchMessageA
DefWindowProcA
PostQuitMessage
UnregisterClassA
CharLowerA
CharUpperA
SendMessageA
FindWindowA

advapi32

SetSecurityDescriptorDacl
RegSetValueExA
RegCreateKeyExA
OpenSCManagerA
CloseServiceHandle
CreateServiceA
StartServiceA
OpenServiceA
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
AdjustTokenPrivileges
GetTokenInformation
LookupPrivilegeValueA
RegQueryValueExA
StartServiceCtrlDispatcherA
LockServiceDatabase
QueryServiceLockStatusA
ChangeServiceConfigA
UnlockServiceDatabase
RegOpenKeyExA
RegCloseKey
RegisterServiceCtrlHandlerA
SetServiceStatus
QueryServiceStatus
EnumServicesStatusA
InitializeSecurityDescriptor
DeleteService
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
RegDeleteValueA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetSpecialFolderPathA
SHGetFolderPathA

msvcp71

?clear@ios_base@std@@QAEXH_N@Z
?_Nomemory@std@@YAXXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?reserve@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?is@?$ctype@G@std@@QBE_NFG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

shlwapi

StrStrIA
UrlUnescapeA
PathFileExistsA

msvcr71

__security_error_handler
strftime
fwrite
strchr
_purecall
strstr
strtok
_unlink
_endthread
printf
strrchr
getc
_stat
_wcsdup
strncpy
sprintf
wcscpy
_resetstkoflw
fread
_snprintf
sscanf
fseek
_strdup
time
localtime
_stat64
vsprintf
_vscprintf
_mbsstr
_mbsinc
_stricmp
_time64
atoi
fopen
fprintf
fclose
strncmp
_strnicmp
??_V@YAXPAX@Z
??0exception@@QAE@ABQBD@Z
malloc
memmove
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
free
__RTDynamicCast
isdigit
strtol
_strlwr
_except_handler3
_CxxThrowException
??3@YAXPAX@Z
__CxxFrameHandler
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_beginthread
_beginthreadex
realloc
isalnum
_sys_errlist
_errno
_endthreadex
ftell
_snwprintf
wcsncpy
exit
_mbslwr
_itoa
wcsrchr
_wcsicmp
_vsnprintf
_vsnwprintf
wcsstr
_wcslwr
_controlfp
_wcsnicmp
wcslen
_callnewh
memset
??1type_info@@UAE@XZ
_localtime64
__dllonexit
_onexit
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
_adjust_fdiv
__setusermatherr
_acmdln
_amsg_exit
__getmainargs
_initterm

Sections

.text
Size: 340KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

711f844e84e3c39e3f9ce89decc37740

Headers

File Characteristics

PDB Paths

Imports

bdfltlib

zlib

ws2_32

wininet

xcomm

procinf

mimeinf

bdch

bdsubmit

url

bdfdll_x86

kernel32

bdutils

wslib

user32

advapi32

shell32

msvcp71

shlwapi

msvcr71

Sections

.text Size: 340KB - Virtual size: 338KB

.rdata Size: 92KB - Virtual size: 90KB

.data Size: 4KB - Virtual size: 120KB

.rsrc Size: 12KB - Virtual size: 9KB

.text
Size: 340KB - Virtual size: 338KB

.rdata
Size: 92KB - Virtual size: 90KB

.data
Size: 4KB - Virtual size: 120KB

.rsrc
Size: 12KB - Virtual size: 9KB