2a05f8cf7e81e8c4f11c75d68e0814d9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a05f8cf7e81e8c4f11c75d68e0814d9_JaffaCakes118
Size

468KB
MD5

2a05f8cf7e81e8c4f11c75d68e0814d9
SHA1

22ca8f49d06ddd57f758c477cd7413301ccedc56
SHA256

b0b5a6c4f14433f9a053832de41e5a0aa86daa33de403f2779e8f68e1a5b870b
SHA512

739f1f032912292fbe6b3d7606356bda6878943e2670c79b259af5ee68ae4667ee3ef36ccf0dcb37c0d5b6358947058a730a0618ebb6ee4c802730ef6cf48b1d
SSDEEP

12288:uhj+FzRdu2d766fZWBgReoizwtUlW6svUx:uhSFddLd7ZWBgRe3wtUlWdMx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a05f8cf7e81e8c4f11c75d68e0814d9_JaffaCakes118

Files

2a05f8cf7e81e8c4f11c75d68e0814d9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f94d49c44202d4af1840b5ecf7b369a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
WriteFile
LocalFree
FormatMessageA
CreateEventA
OutputDebugStringA
CloseHandle
WaitForSingleObject
SetEvent
InterlockedIncrement
GetVolumeInformationA
lstrcmpiA
GetFileAttributesA
MoveFileA
DeleteFileA
ResumeThread
GetLocaleInfoA
GetSystemTime
InterlockedDecrement
GetStartupInfoA
GetModuleFileNameA
lstrcmpA
lstrcatA
lstrlenA
lstrcpyA
CreateThread
GetDriveTypeA
HeapDestroy
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetFileSize
ReadFile
EnterCriticalSection
FileTimeToSystemTime
CreateDirectoryA
LoadLibraryA
LeaveCriticalSection
GetVersionExA
IsDBCSLeadByte
GetProcAddress
InitializeCriticalSection
GetLastError
lstrcpynA
LoadLibraryExA
SizeofResource
FindResourceA
LoadResource
GetShortPathNameA
FreeLibrary
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
Sleep
GetCommandLineA
GetCurrentThreadId
DeleteCriticalSection
GetFullPathNameA

user32

IsIconic
GetSystemMetrics
SetTimer
GetMessageA
DispatchMessageA
KillTimer
CharNextA
SetDlgItemInt
SetFocus
EnableWindow
DialogBoxParamA
ScreenToClient
LoadMenuA
GetSubMenu
DeleteMenu
TrackPopupMenu
DestroyMenu
LoadIconA
LoadImageA
SendDlgItemMessageA
CreateWindowExA
GetDesktopWindow
IsWindow
GetParent
MessageBoxA
GetMenuItemID
GetMenuItemCount
GetWindowTextA
GetWindowLongA
SetWindowLongA
PostMessageA
GetWindowRect
SetWindowPos
UpdateWindow
LoadCursorA
SetCursor
GetDlgItem
ShowWindow
SetDlgItemTextA
SendMessageA
wsprintfA
EndDialog
DestroyIcon
PostThreadMessageA
LoadStringA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

shfolder

SHGetFolderPathA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA

ole32

CoInitialize
CoTaskMemAlloc
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoDisconnectObject
CoTaskMemFree
CoCreateInstance

oleaut32

RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
SysFreeString
VariantClear

comctl32

ImageList_Destroy
ImageList_SetOverlayImage
ImageList_ReplaceIcon
ImageList_Create

mpr

WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum

extdb

?DeleteFileEntry@CExtendedDB@@QAEHPAD@Z
?CopyFolder@CExtendedDB@@QAEHPAD0@Z
?CopyFileEntry@CExtendedDB@@QAEHPAD000@Z
?RenameFile@CExtendedDB@@QAEHPAD0@Z
?MoveFileA@CExtendedDB@@QAEHPAD000@Z
?GetCategoryMatches@CExtendedDB@@QAEHPAPADHPAPAJAAHPAPAH@Z
?MoveFolder@CExtendedDB@@QAEHPAD0@Z
?RemoveFileFromOneCategory@CExtendedDB@@QAEHPADJ@Z
?RemoveFileFromAllCategories@CExtendedDB@@QAEHPAD@Z
?CategoryNodeListGetFilesMatchAll@CExtendedDB@@QAEHPAJJAAHH@Z
?GetNthCategoryNodeFile@CExtendedDB@@QAEPADH@Z
?CategoryNodeGetFiles@CExtendedDB@@QAEHJAAHH@Z
?CategoryNodeListGetFiles@CExtendedDB@@QAEHPAJJAAHH@Z
?CategoryNodeGetName@CExtendedDB@@QAEHJPAD@Z
?CatNodeHasChildren@CExtendedDB@@QAEHJ@Z
?CategoryNodeAddFile@CExtendedDB@@QAEHJPAD@Z
?CatGetFirstChild@CExtendedDB@@QAEHJAAJ@Z
?DeleteCategoryNode@CExtendedDB@@QAEHJ@Z
?CatGetNextSibling@CExtendedDB@@QAEHJAAJ@Z
?AddCategoryNode@CExtendedDB@@QAEHJPADAAJ@Z
?SetDateSource@CExtendedDB@@QAEXW4DateSource@@@Z
?RenameCategoryNode@CExtendedDB@@QAEHJPADAAJ@Z
?GetFilesForDateRange@CExtendedDB@@QAEHVACDTime@@0AAH@Z
?SetMultiDateTimeForFile@CExtendedDB@@QAEHPADVACDTime@@11@Z
?GetNthTimeLineFile@CExtendedDB@@QAEPADH@Z
?CloseExtendedDB@CExtendedDB@@QAEHXZ
?SetDBDirectory@CExtendedDB@@QAEXPAD@Z
?FindDateTimeForFile@CExtendedDB@@QAEHPADAAVACDTime@@@Z
?CreateExtendedDB@CExtendedDB@@QAEHXZ
?OpenExtendedDB@CExtendedDB@@QAEHXZ
?Init@CExtendedDB@@QAEHXZ
??1CExtendedDB@@UAE@XZ
??0CExtendedDB@@QAE@XZ
?IsExtendedDBOpen@CExtendedDB@@QAEHXZ
?FileHasDateSourceItem@CExtendedDB@@QAEHPADW4DateSource@@@Z
?RemoveFilesFromCategories@CExtendedDB@@QAEHPAPADHPAJHH@Z
?DeleteFolder@CExtendedDB@@QAEHPAD@Z
?GetNextDateWithFiles@CExtendedDB@@QAEHVACDTime@@AAV2@@Z
?GetDateRangeInDB@CExtendedDB@@QAEHAAVACDTime@@0@Z
?RenameFolder@CExtendedDB@@QAEHPAD0@Z
?Optimize@CExtendedDB@@QAEHXZ
?GetSize@CExtendedDB@@QAEHAAJ@Z
?SetDBFilter@CExtendedDB@@QAEXPAPADHHH@Z
?CategoriesHaveFiles@CExtendedDB@@QAEHPAJH@Z
?SetAbort@CExtendedDB@@QAEHH@Z
?LockDB@CExtendedDB@@QAEHXZ
?GetPrevDateWithFiles@CExtendedDB@@QAEHVACDTime@@AAV2@@Z
?UnlockDB@CExtendedDB@@QAEHXZ

msvcp60

?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

msvcrt

_XcptFilter
vsprintf
_mbschr
_controlfp
__set_app_type
__p__fmode
__p__commode
??2@YAPAXI@Z
_purecall
__CxxFrameHandler
free
realloc
malloc
_beginthreadex
_mbsrchr
_ftol
_mbsnbcmp
sprintf
fclose
fputs
fopen
_mbscmp
atoi
strtok
_CxxThrowException
strtol
strchr
strncmp
toupper
_mbsbtype
__setusermatherr
_adjust_fdiv
wcslen
??1type_info@@UAE@XZ
_strdup
_stricmp
_exit
__dllonexit
_onexit
_except_handler3
__getmainargs
_acmdln
exit
_initterm

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/�
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4f94d49c44202d4af1840b5ecf7b369a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shfolder

shell32

ole32

oleaut32

comctl32

mpr

extdb

msvcp60

msvcrt

Sections

.text Size: 128KB - Virtual size: 124KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 68KB - Virtual size: 66KB

/ � Size: 240KB - Virtual size: 240KB

.text
Size: 128KB - Virtual size: 124KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 68KB - Virtual size: 66KB

/�
Size: 240KB - Virtual size: 240KB