33771c020bc9152f12330044d0a5e339_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33771c020bc9152f12330044d0a5e339_JaffaCakes118
Size

853KB
MD5

33771c020bc9152f12330044d0a5e339
SHA1

84985e3f624191756973ba7710487da4d8082fd5
SHA256

caa0fd6e4a0d0e6341351e22ebdd3b327ffd4a42b586d4e17d7118b1b25552d5
SHA512

cf686ed944d02fd066117728bbc7ea368cd4f2d82f7bdb7e0763be067d0165fe7996c6e36bbab8e02c0baad7cd3ea1014a42e45769777eda0b912d69c2c89303
SSDEEP

6144:lrwvGjUZDTYZbnnhthWgfwY3WVu4q65694xIoqe7Y1XTW3WLXhLN4dbZudCwT7Wy:pwvPBMZbnjhdk76ku13cuLP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33771c020bc9152f12330044d0a5e339_JaffaCakes118

Files

33771c020bc9152f12330044d0a5e339_JaffaCakes118
.exe windows:4 windows x86 arch:x86

615cf85432b74af8189a6a2e8f03ab70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\DailyBuild\sources\Nero7_OCTANE4_RELEASE\NeroBackItUp\NBService\UnicodeRelease\NBService.pdb

Imports

kernel32

GetProcessHeap
HeapAlloc
HeapFree
GetCommandLineW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetCurrentThreadId
lstrcatW
lstrcpynW
GetCurrentThread
GetCurrentProcess
CloseHandle
LocalAlloc
LocalFree
lstrcmpiW
GetLastError
lstrcpyW
lstrlenW
GetModuleFileNameW
FreeLibrary
LoadLibraryW
GetProcAddress
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
GetModuleHandleA
ExitProcess
GetVersionExA
WaitForMultipleObjects
CreateSemaphoreW
SetEvent
ResetEvent
CreateEventW
ReleaseSemaphore
WaitForSingleObject
BackupSeek
BackupWrite
BackupRead
SetEndOfFile
DeviceIoControl
SetFilePointer
GetFileSize
SetFileTime
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
WriteFile
IsBadReadPtr
IsBadStringPtrW
IsBadStringPtrA
CompareStringW
WideCharToMultiByte
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
FindNextFileW
SetLastError
FindClose
FindFirstFileW
GetDiskFreeSpaceW
GetDriveTypeW
GetFileAttributesW
MoveFileW
ExpandEnvironmentStringsW
CopyFileW
FormatMessageW
GetLogicalDriveStringsW
GetTempPathW
DeleteFileW
GetTempFileNameW
GetShortPathNameW
GetSystemDirectoryW
GetWindowsDirectoryW
GetVolumeInformationW
CreateFileW
ReadFile
IsBadWritePtr

user32

DispatchMessageW
UnregisterClassW
CharNextW
FindWindowW
LoadStringW
UnregisterClassA
PostThreadMessageW
GetMessageW

advapi32

RegCreateKeyW
GetFileSecurityW
GetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
AddAce
SetEntriesInAclW
SetSecurityDescriptorDacl
SetFileSecurityW
LookupAccountNameW
LogonUserW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
ControlService
DeleteService
CreateServiceW
ChangeServiceConfig2W
OpenThreadToken
OpenProcessToken
RegEnumKeyExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
CloseServiceHandle
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyW
RegSetValueExW
CloseEncryptedFileRaw
WriteEncryptedFileRaw
ReadEncryptedFileRaw
OpenEncryptedFileRawW
EncryptFileW
GetUserNameW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetFileInfoW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetMalloc

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoRegisterClassObject
CoInitializeSecurity
CoInitializeEx
CoInitialize
StringFromGUID2
CoRevokeClassObject
CoUninitialize
StringFromCLSID
CoCreateGuid

oleaut32

VariantInit
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SysFreeString
SysAllocString
SysStringLen
VariantClear

shlwapi

PathFindExtensionW

msvcp71

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@ios_base@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?_Id_cnt@id@locale@std@@0HA
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?_Xran@_String_base@std@@QBEXXZ
?_Nomemory@std@@YAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

msvcr71

wcsrchr
wcscat
wcscpy
wcscmp
_wcsicmp
wcsstr
wcspbrk
vswprintf
wcsncmp
iswdigit
_wtoi
strncpy
isspace
floor
swscanf
localtime
mktime
wcsftime
_wfullpath
_wsplitpath
_mbsupr
_mbsinc
_mbsrchr
?swprintf@@YAHPAGIPBGZZ
iswascii
_callnewh
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_CxxThrowException
memset
_except_handler3
__CxxFrameHandler
free
??0exception@@QAE@ABV0@@Z
wcschr
iswspace
_wcsrev
_wcslwr
_wcsupr
_wcsnicmp
_resetstkoflw
_wfopen
wcsncpy
fclose
fwrite
wcslen
fflush
memcpy
memcmp
memmove
??0exception@@QAE@XZ
??1exception@@UAE@XZ
malloc
realloc
_purecall
??_V@YAXPAX@Z
??3@YAXPAX@Z
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z

winmm

PlaySoundW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 608KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

615cf85432b74af8189a6a2e8f03ab70

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

winmm

version

Sections

.text Size: 172KB - Virtual size: 168KB

.rdata Size: 60KB - Virtual size: 56KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 608KB - Virtual size: 608KB

.text
Size: 172KB - Virtual size: 168KB

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 608KB - Virtual size: 608KB