2f08e92ba3b21f47bc2d36d5572a1f9d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f08e92ba3b21f47bc2d36d5572a1f9d_JaffaCakes118
Size

82KB
MD5

2f08e92ba3b21f47bc2d36d5572a1f9d
SHA1

573fae051f617b7105ebbe6a26a7f2d73eb43435
SHA256

606b6ba9ab809c6b9e167d7f58fd718de039d9954452d65b388ef4162d3c23b6
SHA512

6a935f213b39a805ea9d2f152a3bb50cb68e607aacdce14923efae1990dc1891d277af1222aef9597ae3091c71d1a35b5726a712c7ae8bd57bbb9579d88bf789
SSDEEP

1536:ZblYM2zB67/FlUBomqgsp2MheWJaVwmluW1nSNnys1GnMtNXFokMDvqZeisKldR:ZRP2d67tPmFsp2MdYDluW1Sgs10MtNXN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f08e92ba3b21f47bc2d36d5572a1f9d_JaffaCakes118

Files

2f08e92ba3b21f47bc2d36d5572a1f9d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a64958cec582413ef6cc979ba8415beb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_AREA\jdk6\control\build\windows-i586\tmp\deploy\plugin\jusched\obj\jusched.pdb

Imports

advapi32

RegNotifyChangeKeyValue
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

gdi32

GetStockObject

wininet

InternetCloseHandle
HttpQueryInfoA
InternetErrorDlg
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetTimeToSystemTime
InternetTimeFromSystemTime
InternetReadFile

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
ExitProcess
GetStartupInfoA
DeleteFileA
GetCurrentProcessId
GetTickCount
SystemTimeToFileTime
CompareFileTime
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
lstrcatA
lstrcpyA
CreateEventA
WaitForSingleObject
WaitForMultipleObjects
lstrlenA
GetModuleFileNameA
CreateMutexA
GetCommandLineA
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GetProcAddress
LoadLibraryA
SetEvent
lstrcmpA
CreateThread
ReadFile
CreateProcessA
SetHandleInformation
CreatePipe
Sleep
ResetEvent
GetSystemTime
CreateFileA
GetCurrentProcess
GetSystemInfo
WriteFile
SetFilePointer
GetTempPathA
GetEnvironmentVariableA
LocalFree
SystemTimeToTzSpecificLocalTime

user32

wsprintfA
CharNextA
GetDesktopWindow
MessageBoxA
LoadStringA
LoadImageA
PostMessageA
SetForegroundWindow
RegisterClassA
CreateWindowExA
ShowWindow
SetWindowLongA
DestroyWindow
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
PeekMessageA
GetWindowLongA
DefWindowProcA
PostQuitMessage
CreatePopupMenu
AppendMenuA
GetCursorPos
TrackPopupMenu

ole32

StringFromCLSID
CLSIDFromString
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

shell32

Shell_NotifyIconA
ShellExecuteA

oleaut32

VarUI4FromStr

msvcr71

__security_error_handler
_controlfp
_stricmp
_strcmpi
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_strdup
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
memset
iswspace
isspace
rand
strtol
srand
strncat
sprintf
strncmp
sscanf
_purecall
??2@YAPAXI@Z
strncpy
strrchr
strstr
_CxxThrowException
realloc
??_U@YAPAXI@Z
_resetstkoflw
malloc
asctime
__CxxFrameHandler
time
localtime
mktime
??_V@YAXPAX@Z
_except_handler3
free
??3@YAXPAX@Z

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a64958cec582413ef6cc979ba8415beb

Headers

File Characteristics

PDB Paths

Imports

advapi32

gdi32

wininet

kernel32

user32

ole32

shell32

oleaut32

msvcr71

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 18KB - Virtual size: 18KB