39aa7dd8c6d2a1f2bea0e0b480ca3b96_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39aa7dd8c6d2a1f2bea0e0b480ca3b96_JaffaCakes118
Size

828KB
MD5

39aa7dd8c6d2a1f2bea0e0b480ca3b96
SHA1

0662c39634aa11b4757ec4d91c5564c45290819a
SHA256

dc1d6242f9e595335c87139111f43f185af7392f4f30b0c0dca48e15d7b59240
SHA512

568eb644a6c079517336343cbe1322c5d8467619e1c142b3f23451525231565f03e5fcf75446220dc0d0017f9f35f6e2a78117ca18cd66ed17624b46bdc4aa9c
SSDEEP

12288:ug36IzUmDBY7sDRddtQSZ/XMDQ4CZ4mEYCzUrcPQtyBgTSh0ESZ:uU6IhNXD1tXZ/XMDQbZ4rz64wyuTgSZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39aa7dd8c6d2a1f2bea0e0b480ca3b96_JaffaCakes118

Files

39aa7dd8c6d2a1f2bea0e0b480ca3b96_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8e2b8908c71a237eec42d87bf098983a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DailyBuild\sources\Nero7\NeroBackItUp\Nb\UnicodeRelease\NB.pdb

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyW
RegSetValueExW
RegCreateKeyW
QueryServiceConfigW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
GetUserNameW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW
RegCloseKey

kernel32

lstrcmpiW
GetCurrentProcess
CreateThread
WaitForMultipleObjects
CreateEventW
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
TerminateThread
ResumeThread
SuspendThread
SetThreadPriority
GetThreadPriority
GetVolumeInformationW
GetModuleFileNameW
GetShortPathNameW
GetTempFileNameW
GetTempPathW
LocalAlloc
FormatMessageW
LocalFree
CopyFileW
ExpandEnvironmentStringsW
FreeLibrary
GetFileAttributesW
GetModuleHandleW
GetDiskFreeSpaceW
VirtualAlloc
VirtualFree
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLocalTime
CompareStringW
FindFirstFileW
FindNextFileW
FindClose
IsBadStringPtrA
IsBadStringPtrW
IsBadReadPtr
IsBadWritePtr
SetEnvironmentVariableA
LoadLibraryA
CreateFileW
ReadFile
WriteFile
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
SetFileTime
SetFilePointer
BackupRead
LoadLibraryW
GetProcAddress
SetLastError
MultiByteToWideChar
GetFileSize
GetLogicalDriveStringsW
lstrlenW
DeleteFileW
MoveFileW
GetDriveTypeW
GetLastError
CreateSemaphoreW
WaitForSingleObject
Sleep
ReleaseSemaphore
CloseHandle
WideCharToMultiByte
GetVersionExW
BackupWrite
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcpyW

msvcp71

?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Id_cnt@id@locale@std@@0HA
??1_Lockit@std@@QAE@XZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
?id@?$ctype@G@std@@2V0locale@2@A
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@ios_base@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@D@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?_Xran@_String_base@std@@QBEXXZ
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z

msvcr71

_strnicmp
?terminate@@YAXXZ
_onexit
__dllonexit
__CppXcptFilter
_adjust_fdiv
_initterm
_except_handler3
__security_error_handler
??1type_info@@UAE@XZ
_callnewh
_atoi64
_wremove
_mbsstr
ftell
fread
fseek
iswascii
swprintf
_mbsrchr
_mbsinc
_mbsupr
wcsftime
mktime
floor
_wsplitpath
_wfullpath
wcscat
iswdigit
wcsncmp
vswprintf
wcspbrk
wcsstr
iswspace
_wcsrev
_wcslwr
_wcsupr
getenv
strrchr
strchr
malloc
free
wcscpy
swscanf
wcsrchr
fwrite
strncpy
??1exception@@UAE@XZ
wcscmp
toupper
fgets
fputws
fgetws
_wcsnicmp
wcschr
memmove
_wfopen
fclose
_wcsicmp
wcsncpy
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
??_V@YAXPAX@Z
_CxxThrowException
wcslen
_wtoi
_purecall
??3@YAXPAX@Z
__CxxFrameHandler
??0exception@@QAE@XZ
wcstok
_strdup

winmm

PlaySoundW

shell32

ShellExecuteW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc

version

GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoA

shlwapi

SHDeleteKeyW

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemFree

Exports

Exports

CreateNBInterface
DeleteNBInterface

Sections

.text
Size: 500KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e2b8908c71a237eec42d87bf098983a

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcp71

msvcr71

winmm

shell32

version

shlwapi

ole32

Exports

Exports

Sections

.text Size: 500KB - Virtual size: 496KB

.rdata Size: 108KB - Virtual size: 104KB

.data Size: 176KB - Virtual size: 173KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 32KB

.text
Size: 500KB - Virtual size: 496KB

.rdata
Size: 108KB - Virtual size: 104KB

.data
Size: 176KB - Virtual size: 173KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 32KB