3215e66fd374b199f2a5fb8558f54fe3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3215e66fd374b199f2a5fb8558f54fe3_JaffaCakes118
Size

1.0MB
MD5

3215e66fd374b199f2a5fb8558f54fe3
SHA1

942e3325423ec2c6de3c2785335a2ef94487caf0
SHA256

cb30d7e07a364b3d13ecd78d237118b8c2802916c87a406ca2748cd6dd4fc90f
SHA512

785102f082ef6e5db054faf4eb59eb2f8cab8129227242ad000a6d3b49d04cd1bab52eee6be04798341a59eb12ddd9b12087db2d26ba245f5f146ddc0a9f278d
SSDEEP

12288:gHoOTu5e4jpyg8mWu3C53WytguX5BVG7q1FMGnEf7RL3I:/OTgjpB8vu0WymmzVQq1FMKEzRc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3215e66fd374b199f2a5fb8558f54fe3_JaffaCakes118

Files

3215e66fd374b199f2a5fb8558f54fe3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eabefab55b24ddabc33ed7d00d60fbac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\proj\xccs\script\bin\twrelease\TD_tw.pdb

Imports

imagehlp

CheckSumMappedFile

psapi

GetModuleInformation

kernel32

SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
WriteConsoleW
GetFileType
GetStdHandle
RaiseException
GetSystemTimeAsFileTime
UnlockFile
ExitThread
CreateThread
HeapSize
GetACP
IsValidCodePage
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetConsoleCP
GetConsoleMode
LoadLibraryW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetLocaleInfoW
SetEnvironmentVariableA
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalAlloc
FormatMessageA
LocalFree
GetCurrentProcessId
GlobalLock
GlobalUnlock
GlobalFree
GetThreadLocale
InterlockedIncrement
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
SetLastError
lstrcmpW
CreateFileA
WriteFile
lstrcpyA
GetWindowsDirectoryA
WinExec
LoadLibraryExA
FreeLibrary
lstrcatA
MulDiv
InterlockedCompareExchange
CreateMutexA
ReleaseMutex
CreateSemaphoreA
ReleaseSemaphore
CreateDirectoryA
QueryPerformanceCounter
VirtualProtect
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
Module32First
Module32Next
GetModuleHandleA
IsBadReadPtr
Thread32First
GetCurrentThreadId
OpenThread
SuspendThread
Thread32Next
GetVersionExA
WaitForSingleObject
TerminateProcess
GetLocalTime
GetTickCount
Sleep
GetProcAddress
LoadLibraryA
InterlockedExchange
lstrcmpiA
GetVersion
CompareStringA
CompareStringW
lstrlenA
CreateProcessA
GetModuleFileNameA
GetCurrentProcess
LCMapStringA
GetSystemDefaultLangID
GetPrivateProfileStringA
WritePrivateProfileStringA
ResumeThread
CloseHandle
FindResourceA
LoadResource
LockResource
SizeofResource
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
ReadProcessMemory
GetLastError
OpenProcess
WideCharToMultiByte
MultiByteToWideChar
Process32Next
CreateToolhelp32Snapshot
GetUserDefaultLangID
ExitProcess
CreateFileW

user32

PostThreadMessageA
InvalidateRgn
CopyAcceleratorTableA
GetSysColorBrush
DestroyMenu
ReleaseCapture
SetCapture
InvalidateRect
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowContextHelpId
MapDialogRect
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
CharNextA
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
RegisterClipboardFormatA
SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageA
TrackPopupMenu
GetScrollPos
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
GetDlgCtrlID
CallWindowProcA
SetWindowPos
IntersectRect
GetWindowPlacement
GetWindow
FillRect
CreateIconIndirect
GetIconInfo
DestroyIcon
DestroyCursor
LoadImageA
LoadStringA
SystemParametersInfoA
CopyIcon
CreatePopupMenu
AppendMenuA
GetClassInfoA
SetRectEmpty
CopyRect
WindowFromPoint
SetCursor
GetClassNameA
GetMenuItemCount
IsWindow
IsWindowEnabled
SetRect
OffsetRect
EqualRect
IsRectEmpty
ReleaseDC
GetWindowTextA
MessageBeep
GetNextDlgGroupItem
GetFocus
UnregisterClassA
GetParent
GetSysColor
ChildWindowFromPoint
GetMenuItemID
LoadCursorA
SetWindowRgn
PtInRect
GetDC
GetMenuState
DefWindowProcA
ClientToScreen
SetWindowLongA
IsWindowVisible
CheckMenuItem
GetWindowLongA
GetWindowRect
KillTimer
GetCursorPos
PostMessageA
CharUpperA
DrawIcon
GetClientRect
GetSystemMetrics
ShowWindow
IsIconic
SetTimer
ScreenToClient
GetMessagePos
LoadIconA
EnumWindows
GetWindowThreadProcessId
SendMessageA
EnableWindow
GetKeyState
MapWindowPoints

gdi32

ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
RestoreDC
ExtSelectClipRgn
RectVisible
DPtoLP
GetRgnBox
GetMapMode
SaveDC
PtVisible
GetWindowExtEx
GetViewportExtEx
SetMapMode
CreateRectRgn
SelectObject
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextColor
GetBkColor
GetStockObject
GetClipBox
CreateDIBSection
GetObjectA
StretchBlt
CreateBitmap
SetTextColor
LineTo
SetBkColor
SetTextJustification
CreatePen
SetBkMode
GetDeviceCaps
CreateFontIndirectA
GetTextMetricsA
TextOutA
GetTextExtentPoint32A
MoveToEx
CreatePolygonRgn
OffsetRgn
CreateCompatibleDC
DeleteDC
CombineRgn
BitBlt
CreateSolidBrush
CreateRoundRectRgn
FillRgn
DeleteObject
SelectClipRgn
FrameRgn

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegQueryValueA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyA

shell32

ShellExecuteA
SHFileOperationA

comctl32

ord17
ImageList_GetIcon
ImageList_GetImageCount
InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathFileExistsA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemAlloc
CLSIDFromProgID
CoTaskMemFree
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SysAllocStringByteLen
SysStringLen
OleCreateFontIndirect
SysAllocStringLen
VariantInit
VariantChangeType
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear

ws2_32

recv
send
connect
htons
inet_addr
socket
WSAStartup
WSACleanup
select
closesocket

Exports

Exports

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VChangePassEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VChangePassTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VEffectivOnline_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VExtendEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VExtendTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLogOffEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLogOffTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLoginCustomerTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VOnlineEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VOnlineTrasaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VPotatoInfo@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VReadConfigEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VReadConfigFile_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VRegEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VRegNewCustomerTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VShareUserInfo@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VSimpleLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VSimpleLoginTrans_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestLargeDataSend_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestOnlineSession_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadClientState_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadGameOnlineUserEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadGameOnlineUser_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadScriptEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadScript_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoad_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VChangePassEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VChangePassTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VEffectivOnline_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VExtendEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VExtendTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLogOffTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLoginCustomerTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VOnlineEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VOnlineTrasaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VPotatoInfo@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VReadConfigEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VReadConfigFile_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VRegEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VRegNewCustomerTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VShareUserInfo@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VSimpleLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VSimpleLoginTrans_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadClientStateEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadClientState_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadGameOnlineUser_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadScript_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoad_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z

Sections

.text
Size: 808KB - Virtual size: 807KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eabefab55b24ddabc33ed7d00d60fbac

Headers

File Characteristics

PDB Paths

Imports

imagehlp

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: 808KB - Virtual size: 807KB

.rdata Size: 160KB - Virtual size: 157KB

.data Size: 28KB - Virtual size: 45KB

.rsrc Size: 32KB - Virtual size: 29KB

.vmp0 Size: 36KB - Virtual size: 33KB

.reloc Size: 4KB - Virtual size: 24B

.text
Size: 808KB - Virtual size: 807KB

.rdata
Size: 160KB - Virtual size: 157KB

.data
Size: 28KB - Virtual size: 45KB

.rsrc
Size: 32KB - Virtual size: 29KB

.vmp0
Size: 36KB - Virtual size: 33KB

.reloc
Size: 4KB - Virtual size: 24B