33ce99e2a08e2852f46acfd5501cde40_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33ce99e2a08e2852f46acfd5501cde40_JaffaCakes118
Size

400KB
MD5

33ce99e2a08e2852f46acfd5501cde40
SHA1

b4053d4cb6185342ff99c09872418f6eaf9647aa
SHA256

90a8e0afe52e85796520c7f180bf008656b8d28c85e57ab63e4132426a3c9d0d
SHA512

5fc384149e65719214b36c4cded10ead596a7d12fb5df6dfc3dde0242ccdb4bbf38f51889619fbadd6dbde6e00696e9675dead1a38881c1a1898c2645905ad92
SSDEEP

6144:hxPHKdIC31pF76yx7zCZ4jtEmYT2XKhZfOhIMrMrZ9g1eI3VWYo:rPKdIg1pF6yptPJr69gcc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33ce99e2a08e2852f46acfd5501cde40_JaffaCakes118

Files

33ce99e2a08e2852f46acfd5501cde40_JaffaCakes118
.exe windows:4 windows x86 arch:x86

61b7c842a53dbca977e1304621929ddf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\MobileLeader Proj\PCSuite\$$$\NetworkingWizard\Release\NetworkingWizard.pdb

Imports

kernel32

QueryPerformanceCounter
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
GlobalLock
GlobalUnlock
GlobalReAlloc
HeapAlloc
GetProcessHeap
HeapFree
GlobalAlloc
GlobalFree
SetLastError
GetTickCount
FreeLibrary
CreateToolhelp32Snapshot
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
GetVersion
SizeofResource
LockResource
LoadResource
MulDiv
Process32FirstW
Process32NextW
Sleep
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WaitForSingleObject
SetupComm
SetCommTimeouts
GetCommState
SetCommState
CreateThread
WaitCommEvent
SetEvent
ReadFile
WriteFile
GetLastError
GetOverlappedResult
ClearCommError
SetCommMask
PurgeComm
CloseHandle
ExitProcess

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

user32

IsWindow
DestroyWindow
DrawFrameControl
EndPaint
BeginPaint
EnumChildWindows
SetFocus
GetScrollInfo
GetFocus
ReleaseCapture
SetCapture
SetWindowWord
GetWindowWord
DrawIcon
DestroyIcon
ValidateRect
CharUpperBuffA
GetMenuState
GetActiveWindow
DrawEdge
IsWindowVisible
EnableScrollBar
GetScrollPos
GetScrollRange
SetScrollPos
ShowScrollBar
SetScrollInfo
SetScrollRange
GetSysColorBrush
IsWindowEnabled
CopyIcon
IntersectRect
CopyRect
MapWindowPoints
GetMessagePos
MessageBoxA
CreateIconIndirect
GetMenuItemID
GetSubMenu
GetCursorPos
GetSysColor
OffsetRect
GetWindowInfo
IsIconic
ShowWindow
IsRectEmpty
GetMenu
GetWindowDC
ReleaseDC
GetDC
SetMenu
ScreenToClient
MoveWindow
RedrawWindow
SetWindowPos
GetCapture
GetIconInfo
SystemParametersInfoA
GetSystemMetrics
InflateRect
DrawIconEx
ClientToScreen
GetSystemMenu
EnableMenuItem
SetForegroundWindow
GetClientRect
InvalidateRect
SetRect
DestroyMenu
CreatePopupMenu
FillRect
DestroyCursor
GetMenuItemCount
GetWindow
GetParent
PtInRect
GetWindowPlacement
GetWindowRect
UpdateWindow
SetTimer
KillTimer
SetWindowRgn
IsZoomed

gdi32

SelectClipRgn
SetBkMode
SetTextColor
OffsetRgn
CreateRectRgn
GetClipBox
SetDIBitsToDevice
SetStretchBltMode
IntersectClipRect
CreateRectRgnIndirect
GetStockObject
GetRegionData
ExtSelectClipRgn
StretchDIBits
ExcludeClipRect
GetPixel
GetClipRgn
LineTo
MoveToEx
CreatePen
PtInRegion
UnrealizeObject
PatBlt
SetBrushOrgEx
GetDIBits
SetBkColor
CreateBitmap
RealizePalette
SelectPalette
GetDeviceCaps
StretchBlt
Polygon
RestoreDC
SaveDC
Escape
DeleteObject
CreateSolidBrush
CreateCompatibleDC
BitBlt
DeleteDC
CombineRgn
ExtCreateRegion
SelectObject
CreateDIBSection
CreateCompatibleBitmap
PtVisible
RectVisible
CreateDIBitmap
CreatePatternBrush

shell32

SHGetSpecialFolderPathW
SHGetMalloc

ws2_32

inet_ntoa
inet_addr
htonl

conmgrc

CM_InitConMgr
CM_CloseAllPort
CM_DeInitConMgr

sectheme

?Theme@@YAAAVCPCSuiteTheme@@XZ

mfc71lu

ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4256
ord605
ord354
ord896
ord2311
ord899
ord2261
ord2388
ord4347
ord1086
ord764
ord2159
ord762
ord283
ord4574
ord2426
ord2651
ord2155
ord5727
ord2648
ord4314
ord3927
ord5803
ord6063
ord4535
ord3677
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord2832
ord4475
ord4255
ord3327
ord566
ord757
ord4078
ord776
ord2239
ord1472
ord1079
ord4074
ord3990
ord4100
ord2260
ord6161
ord5414
ord5971
ord287
ord1049
ord3824
ord1096
ord1121
ord1110
ord5524
ord5398
ord2468
ord4119
ord1058
ord6086
ord1386
ord6061
ord709
ord2255
ord501
ord3176
ord3204
ord1925
ord3198
ord3155
ord1894
ord356
ord1270
ord5633
ord602
ord5638
ord347
ord1720
ord1271
ord5829
ord2656
ord658
ord1785
ord2083
ord1632
ord1562
ord5911
ord1393
ord4232
ord5210
ord2952
ord3224
ord572
ord3873
ord2876
ord3869
ord1189
ord1299
ord2167
ord313
ord2893
ord5485
ord3678
ord3590
ord2521
ord5607
ord6056
ord5604
ord6050
ord4155
ord6053
ord5884
ord6033
ord5723
ord5643
ord5519
ord5584
ord5410
ord5397
ord5917
ord5715
ord3174
ord6058
ord760
ord1156
ord1920
ord4026
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5199
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord1542
ord1661
ord1662
ord2011
ord4884
ord4729
ord4206
ord5178
ord3435
ord3635
ord774
ord1118
ord2926
ord282
ord2895
ord870
ord6111
ord1479
ord280
ord577
ord293
ord777
ord1198

mslur71

ceil
_CIacos
remove
calloc
wcstoul
_stricmp
floor
fopen
_c_exit
fwrite
fclose
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
strncpy
memmove
__CxxFrameHandler
sprintf
??1exception@@UAE@XZ
??0exception@@QAE@XZ
toupper
_CxxThrowException
??0exception@@QAE@ABV0@@Z
wcstok
_purecall
wcscpy
free
malloc
_wtoi
memset
_wcsnicmp
wcslen
realloc
_except_handler3
_exit

msimg32

TransparentBlt

comctl32

ImageList_DrawEx
ImageList_Destroy
ImageList_GetImageCount
_TrackMouseEvent
ImageList_GetIcon
ImageList_Draw
ImageList_GetIconSize
ord17

ole32

CoCreateInstance

xoledbl

??0XDataBase@@QAE@XZ
?OpenAccess@XDataBase@@QAEXPB_W00@Z
??0XRecordSet@@QAE@PAVXDataBase@@@Z
?ExecuteSQL@XRecordSet@@QAEXPB_WH@Z
?GetValueInt@XRecordSet@@QAEHH@Z
?GetValueString@XRecordSet@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
??1XRecordSet@@QAE@XZ
??1XDataBase@@QAE@XZ
?DisplayError@CXOleDbException@@QAEXW4DISP_TYPE@@@Z
?IsRegKey@XDataBase@@SAHXZ
?WriteRegKey@XDataBase@@SAHXZ
?MoveNext@XRecordSet@@QAEHXZ

xtp9601libl

??1CXTShellPidl@@UAE@XZ
??0CXTShellPidl@@QAE@XZ

mslup71

??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?_Xran@_String_base@std@@QBEXXZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

Sections

.text
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61b7c842a53dbca977e1304621929ddf

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

shell32

ws2_32

conmgrc

sectheme

mfc71lu

mslur71

msimg32

comctl32

ole32

xoledbl

xtp9601libl

mslup71

Sections

.text Size: 312KB - Virtual size: 311KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 4KB - Virtual size: 73KB

.rsrc Size: 16KB - Virtual size: 12KB

.text
Size: 312KB - Virtual size: 311KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 4KB - Virtual size: 73KB

.rsrc
Size: 16KB - Virtual size: 12KB