2fdbd6935d077538ecbb58107b150770_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2fdbd6935d077538ecbb58107b150770_JaffaCakes118
Size

3.6MB
MD5

2fdbd6935d077538ecbb58107b150770
SHA1

36e733b1e7ca86b41ac7822921a8c3fbe4f4b26a
SHA256

1531e30ed82fe15040ef6e859163e78d3d1d2c26cb60ff8a658e5a665b390d76
SHA512

bfe815d353ca0d2c082c98e710c996239708c44cb358deefaff0e47ee477d36c943551c5c56f66768cd58b5416513eed58030830698ae4979ebeeef2da963c0c
SSDEEP

49152:KMl9xOlOvmhzmaopllhGtgZfeAxVx8x81d1+TrzCVxp1VsHic:KMElOvmhzMpllKgZfesq8C2VT8i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fdbd6935d077538ecbb58107b150770_JaffaCakes118

Files

2fdbd6935d077538ecbb58107b150770_JaffaCakes118
.dll windows:4 windows x86 arch:x86

41270a5969c63544814ea3cec2f9ed7f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\LocalSvnForDailyBuild\pushup_usa\trunk\bin\release\plug\Impetus.pdb

Imports

psapi

GetModuleInformation

user32

GetMenuState
CheckMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
PostQuitMessage
ValidateRect
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatA
GetWindowPlacement
DefWindowProcA
EqualRect
AdjustWindowRectEx
RegisterClassA
GetClassInfoA
GetClassInfoExA
GetMenu
SetForegroundWindow
TrackPopupMenu
MapWindowPoints
GetMessageTime
GetTopWindow
GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetClassLongA
WinHelpA
RegisterWindowMessageA
EndDialog
CreateDialogIndirectParamA
GetDesktopWindow
TabbedTextOutA
DrawTextExA
GrayStringA
CharNextA
GetSysColorBrush
CopyAcceleratorTableA
SetDlgItemTextA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageA
GetWindowTextA
GetSystemMenu
EnableMenuItem
GetMessagePos
SystemParametersInfoA
SetCapture
GetCapture
ReleaseCapture
PtInRect
GetComboBoxInfo
LoadCursorA
SetWindowLongA
DrawFrameControl
GetWindowTextLengthA
ReleaseDC
GetDC
InflateRect
CopyRect
DestroyMenu
PostMessageA
GetSubMenu
FillRect
SetDlgItemInt
OffsetRect
WindowFromPoint
ClientToScreen
SetCursor
LoadImageA
GetNextDlgTabItem
GetWindowLongA
GetDlgCtrlID
EnumChildWindows
CloseWindow
SetParent
GetParent
GetActiveWindow
ScreenToClient
KillTimer
EnumWindows
SetTimer
GetWindowThreadProcessId
SetFocus
IsChild
GetFocus
GetKeyState
SetActiveWindow
IsWindowVisible
GetSystemMetrics
SetRect
SetWindowPos
UpdateWindow
IsWindowEnabled
GetSysColor
DrawTextA
FrameRect
GetWindowRect
GetClientRect
IsWindow
AppendMenuA
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GetCursorPos
CreatePopupMenu
SendMessageA
EnableWindow
SendMessageW
MoveWindow
IsDialogMessageA
CharUpperA
InvalidateRect
MessageBoxA
GetMenuItemID
GetMenuItemCount
UnhookWindowsHookEx
CallWindowProcA
GetLastActivePopup
GetWindow
GetClassNameA
EnumThreadWindows
BeginPaint
EndPaint
DefWindowProcW
CreateWindowExA
LoadCursorW
RegisterClassExA
ShowWindow
FindWindowA
SetWindowTextA
GetWindowDC
IsIconic
IntersectRect
SetWindowTextW
GetWindowTextW
GetClassNameW
PostMessageW
LoadIconA
DestroyWindow
SetClassLongA
UnregisterClassA
IsDlgButtonChecked
DrawTextW
IsRectEmpty

gdi32

GetTextColor
GetBkColor
CreatePen
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
RectVisible
PtVisible
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
GetWindowExtEx
SetTextColor
GetMapMode
GetViewportExtEx
SetTextAlign
CreateDIBSection
DeleteObject
GetStockObject
GetObjectA
RestoreDC
CreateFontA
GetTextExtentPoint32A
Rectangle
SaveDC
CreateRectRgnIndirect
ExtTextOutA
GetDeviceCaps
CreateFontIndirectA
TextOutA
CreateSolidBrush
TextOutW
GetTextExtentPoint32W
CreatePatternBrush
GetRgnBox
GetClipBox
SetBkMode
GetGlyphOutlineW
DeleteDC
GetTextMetricsA
SetMapMode

shell32

ShellExecuteA
SHFileOperationA

winmm

timeGetTime
PlaySoundA
timeEndPeriod
timeBeginPeriod

advapi32

RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA

d3d8

Direct3DCreate8

dbghelp

SymGetModuleInfo
SymInitialize
SymGetSymFromAddr
SymFunctionTableAccess
SymLoadModule
SymGetLineFromAddr
MiniDumpWriteDump
StackWalk

kernel32

EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
IsValidLocale
GetLocaleInfoW
GetTimeFormatA
LoadLibraryW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetConsoleOutputCP
LCMapStringW
SetEnvironmentVariableA
CreateFileMappingW
InterlockedCompareExchange
LCMapStringA
IsValidCodePage
GetACP
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
HeapCreate
HeapDestroy
VirtualFree
GetCurrentProcessId
GetTickCount
TerminateProcess
GetCurrentProcess
GetFileAttributesA
LoadLibraryA
GetModuleFileNameW
GetLastError
CompareStringW
InterlockedExchange
WideCharToMultiByte
CompareStringA
lstrlenA
MultiByteToWideChar
GetVersion
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceA
GetLocalTime
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
Sleep
lstrcpyA
InterlockedDecrement
FreeResource
DeleteFileA
GetProcAddress
GetModuleHandleA
WaitForSingleObject
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
SetEvent
CreateEventA
InterlockedIncrement
FindNextFileA
FindFirstFileA
GetModuleFileNameA
VirtualQuery
OpenProcess
GetVersionExW
Thread32Next
SuspendThread
OpenThread
GetCurrentThreadId
Thread32First
CreateToolhelp32Snapshot
ResumeThread
IsBadReadPtr
Module32NextW
Module32FirstW
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
VirtualProtectEx
VirtualProtect
GetModuleHandleW
GetThreadContext
GetCurrentThread
CreateFileA
VirtualQueryEx
FreeLibrary
WinExec
GetPrivateProfileStringA
FindClose
GlobalMemoryStatus
GetVersionExA
GetFileSize
ReadFile
WriteFile
CreateFileW
IsProcessorFeaturePresent
HeapFree
GetProcessHeap
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStdHandle
FormatMessageA
OutputDebugStringA
DebugBreak
SetErrorMode
CreateProcessA
GetCommandLineA
CreatePipe
DuplicateHandle
GetExitCodeProcess
WaitForMultipleObjects
GetTempFileNameA
GetTempPathA
CreateEventW
GetPrivateProfileIntA
SetLastError
MulDiv
LocalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GlobalDeleteAtom
GlobalAddAtomA
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
RaiseException
GetThreadLocale
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
FileTimeToSystemTime
GlobalFlags
WritePrivateProfileStringA
GetCurrentDirectoryA
FileTimeToLocalFileTime
GetFileTime
GetCPInfo
GetOEMCP
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
VirtualAlloc
GetSystemInfo
HeapAlloc
HeapReAlloc
ExitThread
CreateThread
RtlUnwind
WriteConsoleW
GetFileType
GetTimeZoneInformation
GetDriveTypeA
CreateDirectoryA
SetStdHandle
HeapSize

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathFileExistsA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
CoCreateInstance
StgOpenStorageEx
StgCreateDocfile
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

SysFreeString
LoadTypeLi
SysStringLen
VariantInit
VariantClear
SysAllocString
SysAllocStringByteLen
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantChangeType
VariantCopy
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
DispCallFunc
LoadRegTypeLi
OleCreateFontIndirect
SafeArrayGetElemsize
SafeArrayCreate

ws2_32

WSASetLastError
WSACleanup
WSAStartup

Exports

Exports

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VShareHitchAcount@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VShareHitchAcount@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
GetPlugin
RunImpetusTest

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 388KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41270a5969c63544814ea3cec2f9ed7f

Headers

File Characteristics

PDB Paths

Imports

psapi

user32

gdi32

shell32

winmm

advapi32

d3d8

dbghelp

kernel32

comdlg32

winspool.drv

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 388KB - Virtual size: 385KB

.data Size: 88KB - Virtual size: 350KB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 356KB - Virtual size: 355KB

.vmp0 Size: 176KB - Virtual size: 174KB

.vmp1 Size: 276KB - Virtual size: 275KB

.reloc Size: 124KB - Virtual size: 120KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 388KB - Virtual size: 385KB

.data
Size: 88KB - Virtual size: 350KB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 356KB - Virtual size: 355KB

.vmp0
Size: 176KB - Virtual size: 174KB

.vmp1
Size: 276KB - Virtual size: 275KB

.reloc
Size: 124KB - Virtual size: 120KB