35b9bf53d43b88e474eeda88df9e3c20_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

35b9bf53d43b88e474eeda88df9e3c20_JaffaCakes118
Size

742KB
MD5

35b9bf53d43b88e474eeda88df9e3c20
SHA1

18f4aa00d6183eea5cd198c5ca75b0068f5da9ed
SHA256

ea6b6db241caa2afad58b832af347d85095387da667994b5e9276dbb4015a193
SHA512

3720f89a5f63f124d741a2ec8f8c7ec0bfd8d0e35d6bba7117e055f9f9233cbb07c0075e1e7de9eb51b133b801b4237d78ca899055b5d41d3b7cc2dfa98536e7
SSDEEP

12288:j3BTr3lDzKiooeCJysLP9wSoEA02BdTputjsW12oXKGNU0Wo33CFW:j3BTr3lD/ty+xoJBdTp8sW12IKHo3CA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35b9bf53d43b88e474eeda88df9e3c20_JaffaCakes118

Files

35b9bf53d43b88e474eeda88df9e3c20_JaffaCakes118
.exe windows:5 windows x86 arch:x86

56a5817e41adc44f4cc9982a7865eca8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

icardagt.pdb

Imports

msvcr80

_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_decode_pointer
_onexit
_crt_debugger_hook
__dllonexit
_unlock
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
memset
memcpy_s
_CxxThrowException
memmove_s
__CxxFrameHandler3
malloc
free
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
_purecall
__wgetmainargs
_amsg_exit
vswprintf_s
_vscwprintf
_vsnwprintf
memcpy
wcsncmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
ceil
_wtoi
iswspace
iswdigit
wcschr
_recalloc
bsearch
_wcsicmp
swprintf_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
_wcsnicmp
??2@YAPAXI@Z
_resetstkoflw
??_V@YAXPAX@Z
??_U@YAPAXI@Z
calloc
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_lock
??3@YAXPAX@Z

msvcp80

?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?swap@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXAAV12@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$allocator@D@std@@QAE@XZ
?allocate@?$allocator@G@std@@QAEPAGI@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?assign@?$char_traits@G@std@@SAPAGPAGIG@Z
?max_size@?$allocator@D@std@@QBEIXZ
??0?$allocator@D@std@@QAE@ABV01@@Z
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Xlen@_String_base@std@@SAXXZ
?_Xran@_String_base@std@@SAXXZ
?assign@?$char_traits@G@std@@SAXAAGABG@Z
?eq@?$char_traits@G@std@@SA_NABG0@Z
?compare@?$char_traits@G@std@@SAHPBG0I@Z
?find@?$char_traits@G@std@@SAPBGPBGIABG@Z
?_Move_s@?$char_traits@G@std@@SAPAGPAGIPBGI@Z
?_Copy_s@?$char_traits@G@std@@SAPAGPAGIPBGI@Z
?allocate@?$allocator@G@std@@QAEPAGIPBX@Z
?max_size@?$allocator@G@std@@QBEIXZ
?deallocate@?$allocator@G@std@@QAEXPAGI@Z
??0?$allocator@G@std@@QAE@ABV01@@Z
??0?$allocator@G@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?length@?$char_traits@G@std@@SAIPBG@Z

advapi32

InitializeAcl
GetAclInformation
GetSecurityDescriptorControl
CryptSignHashW
CryptGetUserKey
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptGetProvParam
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptSetProvParam
CryptDecrypt
CryptDestroyKey
CryptSetHashParam
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ConvertStringSidToSidW
LookupAccountSidW
CryptGetHashParam
CryptHashData
CryptDestroyHash
GetSecurityInfo
AdjustTokenPrivileges
GetAce
LookupPrivilegeValueW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
ImpersonateSelf
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
EqualSid
CopySid
IsValidSid
GetLengthSid
OpenThreadToken
SetThreadToken
RevertToSelf
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeAbsoluteSD
AddAce

kernel32

OpenProcess
RegisterWaitForSingleObject
GetUserDefaultUILanguage
UnregisterWait
GetCurrentProcess
FlushInstructionCache
RaiseException
WideCharToMultiByte
GetSystemTime
GetSystemDirectoryW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetExitCodeThread
GetStringTypeExW
MultiByteToWideChar
GetLocaleInfoW
GetCommandLineW
SetCurrentDirectoryW
OutputDebugStringW
DebugBreak
FatalExit
SearchPathW
GetSystemDefaultUILanguage
GetVersionExW
LoadLibraryExW
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
HeapSetInformation
DuplicateHandle
LocalAlloc
GetModuleFileNameW
GetModuleHandleW
GetFileType
CreateFileW
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
VerifyVersionInfoW
VerSetConditionMask
LocalFree
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FormatMessageW
GetTimeFormatW
GetDateFormatW
SystemTimeToTzSpecificLocalTime
GetLastError
FileTimeToSystemTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedExchange
InterlockedCompareExchange
CreateEventW
FreeLibrary
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
CloseHandle
GetCurrentThread
SetEvent
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
TerminateJobObject
WaitForMultipleObjects
CreateThread
SetLastError
TerminateProcess
AssignProcessToJobObject
SetInformationJobObject
CreateJobObjectW
QueueUserWorkItem
WaitForSingleObject
ResetEvent
OpenEventW
CompareStringW
CompareFileTime
SystemTimeToFileTime

gdi32

GetStockObject
DeleteObject
GetObjectA
CreateFontIndirectW
GetDeviceCaps
GetObjectW
DeleteDC
BitBlt
SelectObject
SetLayout
CreateCompatibleDC
CreateRoundRectRgn
SetBkMode
GetDIBits
CreateCompatibleBitmap
StretchBlt
CreateDIBSection
SetDIBits
CreateDCW
GetTextExtentPoint32W
GetTextColor
GetBkColor
CreateICW
CreateSolidBrush
SetTextColor
SetBkColor

user32

DestroyMenu
AppendMenuW
EnableMenuItem
TrackPopupMenuEx
ScreenToClient
IsWindowVisible
GetWindow
SetCursor
PostQuitMessage
IsChild
DialogBoxParamW
GetKeyboardLayout
GetKeyboardLayoutList
IsRectEmpty
SetActiveWindow
IsDialogMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CharNextW
CharUpperW
GetKeyState
GetClassNameW
MsgWaitForMultipleObjects
SetWindowRgn
SetScrollInfo
GetScrollInfo
ScrollWindowEx
EnableWindow
GetSysColorBrush
MessageBoxW
ShowWindow
MapWindowPoints
GetDlgCtrlID
SystemParametersInfoW
GetSystemMetrics
CloseDesktop
SetThreadDesktop
CreatePopupMenu
SetWindowPos
DestroyWindow
LoadStringW
UnregisterClassA
PostMessageW
IsWindow
CreateDesktopW
GetThreadDesktop
GetUserObjectInformationW
OpenInputDesktop
GetDesktopWindow
PeekMessageW
ReleaseDC
GetDC
DestroyIcon
LoadImageW
GetSysColor
CallWindowProcW
SetWindowLongW
SendMessageW
GetClientRect
BeginPaint
EndPaint
InvalidateRect
IsWindowEnabled
GetClassInfoExW
LoadCursorW
DefWindowProcW
EnumDisplayMonitors
GetMonitorInfoW
UpdateWindow
SetTimer
RegisterClassExW
GetWindowLongW
GetFocus
GetWindowTextW
GetWindowTextLengthW
CopyRect
InflateRect
DrawFocusRect
GetDialogBaseUnits
SetClassLongW
CreateWindowExW
SetWindowTextW
KillTimer
EndDialog
SwitchDesktop
GetWindowRect
GetDlgItem
CreateAcceleratorTableW
FillRect
DestroyAcceleratorTable
TranslateAcceleratorW
TrackMouseEvent
PtInRect
ClientToScreen
BeginDeferWindowPos
EndDeferWindowPos
SetFocus
GetCaretPos
GetQueueStatus
EqualRect
OffsetRect
SendInput
DeferWindowPos
MoveWindow
GetParent

comctl32

ImageList_Destroy
ImageList_Add
ImageList_Create

comdlg32

GetSaveFileNameW
GetOpenFileNameW

cryptui

CryptUIDlgViewCertificateW

gdiplus

GdipCreateFromHDC
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipGetFontHeight
GdipFree
GdipDrawRectangleI
GdipDrawString
GdipReleaseDC
GdipGetDC
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCloneBrush
GdipCreateRegionPath
GdipCreateRegion
GdipGetClip
GdipSetClipRegion
GdipDeleteFont
GdipFillRectangleI
GdipGraphicsClear
GdipDrawPath
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipMeasureString
GdipSetPathGradientCenterColor
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipCreateLineBrushFromRectI
GdipSetImageAttributesColorMatrix
GdipCreateBitmapFromScan0
GdipDeleteRegion
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen2
GdipCreateRegionHrgn
GdipCreatePen1
GdipDeleteBrush
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipFillRegion
GdipDrawLineI
GdipFillRectangle
GdipDrawRectangle
GdipCreateLineBrush
GdipCreatePath2I
GdipGetStringFormatFlags
GdipDrawLine
GdipCreatePathGradientFromPath
GdipAddPathEllipseI
GdipSetPathGradientSurroundColorsWithCount
GdipDrawImageRectRectI
GdipGetPathGradientPointCount
GdipCloneImage
GdipDrawImageRectI
GdipGetWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipSetWorldTransform
GdipCreateMatrix
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHICON
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageRawFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdipDisposeImage
GdipDeleteMatrix
GdipAlloc
GdipSetStringFormatLineAlign

msimg32

AlphaBlend

ole32

CoTaskMemFree
StgCreateStorageEx
CreateStreamOnHGlobal
CoCreateGuid
StringFromGUID2
CoInitializeEx
CoUninitialize
CoCreateInstance

rpcrt4

NdrClientCall2
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcImpersonateClient
RpcRevertToSelfEx
UuidToStringW
UuidCreate
RpcServerListen
RpcMgmtIsServerListening
RpcServerRegisterIf2
RpcServerUseProtseqEpW
RpcServerUnregisterIf
RpcBindingFree
NdrServerCall2

shlwapi

PathFindExtensionW
PathAddBackslashW

uxtheme

DrawThemeParentBackground

crypt32

CertSerializeCertificateStoreElement
CertOpenStore
CertStrToNameW
CryptAcquireCertificatePrivateKey
CertDuplicateStore
CertDuplicateCertificateContext
CertCloseStore
CertOIDToAlgId
CertFindCertificateInStore
CertFreeCertificateContext
CertCreateCertificateContext

userenv

UnloadUserProfile

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetOpenW
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCloseHandle
InternetCrackUrlW

Sections

.text
Size: 550KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

PACK
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

56a5817e41adc44f4cc9982a7865eca8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr80

msvcp80

advapi32

kernel32

gdi32

user32

comctl32

comdlg32

cryptui

gdiplus

msimg32

ole32

rpcrt4

shlwapi

uxtheme

crypt32

userenv

shell32

version

wininet

Sections

.text Size: 550KB - Virtual size: 549KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 40KB - Virtual size: 39KB

PACK Size: 144KB - Virtual size: 380KB

.text
Size: 550KB - Virtual size: 549KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 40KB - Virtual size: 39KB

PACK
Size: 144KB - Virtual size: 380KB