3d8dcc88d16e068a21cd7940d837cf66_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d8dcc88d16e068a21cd7940d837cf66_JaffaCakes118
Size

472KB
MD5

3d8dcc88d16e068a21cd7940d837cf66
SHA1

029e615892cad5a10409285703348552fbdfa346
SHA256

48578b826eab27f52ab6af024837e866401837595ad0d28411b8ff29ac3b1c5a
SHA512

063aa8c3542874aae70e4deb4b79d050db7064bd8c802cdc72867a843f47623480a5a60a3429edc0267677409e02cab34195c71127408ae303804b6df57f20e8
SSDEEP

6144:DSzJMQRMwNnsw9u4O2RkD593bS6XjCY2n+RAhcNPnlm9xu6rFk95oLuQ6kxP7ORb:1Qtsw9uERcpb7CZny9plKZrFkQxGTtuI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d8dcc88d16e068a21cd7940d837cf66_JaffaCakes118

Files

3d8dcc88d16e068a21cd7940d837cf66_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d2d49567f1048aaf48c56cb8a8f073d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SRC\AntiVir\avscan\Scanner\Release\avscan.pdb

Imports

mfc90u

ord4527
ord3741
ord6065
ord4410
ord4541
ord2597
ord2901
ord6109
ord4131
ord6095
ord6094
ord4324
ord5867
ord333
ord2274
ord3489
ord3622
ord1665
ord4652
ord611
ord3768
ord1149
ord1354
ord2106
ord909
ord3543
ord3488
ord4741
ord6187
ord2074
ord2904
ord6636
ord2069
ord1262
ord4044
ord3355
ord6411
ord1754
ord1751
ord4345
ord1493
ord4664
ord5602
ord5512
ord6800
ord4603
ord5664
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord3185
ord2623
ord2621
ord6013
ord4494
ord899
ord280
ord286
ord935
ord1599
ord813
ord938
ord811
ord3220
ord285
ord1607
ord5663
ord4211
ord1098
ord265
ord266
ord2447
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord3140
ord4910
ord595
ord797
ord3953
ord2625
ord2592
ord801
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord4347
ord4996
ord5680
ord2771
ord2983
ord3112
ord4728
ord2966
ord3115
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4905
ord4681
ord589
ord794
ord4043
ord3949
ord2372
ord296
ord2537
ord1183
ord600
ord1383
ord1137
ord799
ord3286
ord1272

msvcr90

_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
towupper
_wtol
_wgetenv
swscanf
wcsncat
clock
mbstowcs_s
fflush
ferror
_wsplitpath
_vsnwprintf
wcscat
wcsrchr
wcslen
wcscmp
wcscpy
wcschr
_close
wcsnlen
memmove_s
memcpy_s
wcstombs
_filelength
_read
_lseek
_wsopen
strtoul
calloc
_errno
vswprintf_s
_vscwprintf
_CxxThrowException
mbstowcs
_wchmod
_time64
_wfopen
__iob_func
fwrite
fclose
memcpy
realloc
printf
_wrename
_wcsnicmp
_waccess
srand
_wcsicmp
rand
atoi
strtok_s
strncpy_s
wcsncpy
strnlen
strncat
_wcsupr
malloc
_wtoi
wcsstr
_swprintf
free
_wcsdup
_itow
memset
_snwprintf
__CxxFrameHandler3
swscanf_s
wcscpy_s
wcsncat_s
wcsncpy_s
wcscat_s
swprintf_s
_wfopen_s
iswspace
iswalnum
wcsncmp
_wsplitpath_s
_resetstkoflw
_lock_file
_unlock_file
clearerr
fread
_ftelli64
_fseeki64
_wstat64i32
_wunlink
fgets
fputs
fgetc
fputc
ungetc
_vsnwprintf_s
strlen
memmove
strncpy

kernel32

GetTimeFormatW
HeapSize
HeapReAlloc
HeapDestroy
CreateDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetCurrentThread
LocalAlloc
CreateMutexW
LoadLibraryA
SetFileAttributesW
LoadLibraryExW
SetLastError
OpenEventW
FlushFileBuffers
ResumeThread
SuspendThread
GetDiskFreeSpaceExW
ExitThread
CreateFileW
ReadFile
SetFilePointer
WriteFile
FindFirstFileW
FindNextFileW
OpenProcess
lstrcpynW
RaiseException
GetCurrentDirectoryW
WideCharToMultiByte
BackupRead
InterlockedExchangeAdd
ExpandEnvironmentStringsA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GlobalFree
FreeLibrary
GlobalAlloc
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
SystemTimeToFileTime
WritePrivateProfileStringW
SetErrorMode
QueryDosDeviceW
lstrlenW
Beep
MoveFileExW
GetLongPathNameW
GetProcessHeap
HeapAlloc
DeviceIoControl
HeapFree
RemoveDirectoryW
GetPrivateProfileIntW
GetTempPathW
GetVersionExW
GetWindowsDirectoryW
GetFileSize
GetSystemTime
ReleaseSemaphore
CreateSemaphoreW
GetSystemDirectoryW
GetVolumeInformationW
QueryPerformanceCounter
GetLocalTime
CreateProcessW
GetDateFormatW
FileTimeToSystemTime
GetPrivateProfileStringW
FormatMessageW
LocalFree
GetDriveTypeW
LoadLibraryW
MultiByteToWideChar
GetPriorityClass
SetPriorityClass
CreateToolhelp32Snapshot
Thread32First
OpenThread
Thread32Next
GetCurrentProcessId
CloseHandle
TerminateThread
WaitForSingleObject
Sleep
SetEvent
WaitForMultipleObjects
SetThreadPriority
CreateThread
ResetEvent
CreateEventW
GetProcessAffinityMask
GetCurrentProcess
DeleteFileW
CopyFileW
GetModuleHandleW
GetExitCodeProcess
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetComputerNameW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
GetFileAttributesW
FindClose
GetLastError
GetProcAddress

user32

EnableWindow
MessageBoxW
GetLastActivePopup
GetActiveWindow
DestroyIcon
InvalidateRect
FillRect
LoadIconW
LoadImageW
CopyRect
InflateRect
DrawStateW
GetWindowRect
ScreenToClient
GetDC
ReleaseDC
GetParent
SendMessageW
GetFocus
DispatchMessageW
TranslateMessage
PeekMessageW
wsprintfW
DrawIconEx
MessageBeep
LoadStringW
IsWindow
ExitWindowsEx
GetSystemMetrics
GetForegroundWindow

advapi32

RegQueryValueExA
DuplicateTokenEx
ImpersonateLoggedOnUser
RegDisablePredefinedCache
SetThreadToken
GetSecurityInfo
GetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetSecurityInfo
CreateProcessAsUserW
LookupAccountSidW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
ImpersonateSelf
OpenThreadToken
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
RegQueryValueExW
RegCloseKey
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
RegEnumValueW
RegOpenKeyExW
RegOpenKeyExA

shell32

ShellExecuteW

comctl32

ord17
_TrackMouseEvent

ole32

CoCreateInstance
CoInitialize

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msvcp90

?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ

winmm

sndPlaySoundW

gdi32

CreatePen
CreateSolidBrush
RoundRect
GetTextExtentPoint32W
GetPixel
SetPixel

Sections

.text
Size: 347KB - Virtual size: 347KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2d49567f1048aaf48c56cb8a8f073d0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90u

msvcr90

kernel32

user32

advapi32

shell32

comctl32

ole32

version

msvcp90

winmm

gdi32

Sections

.text Size: 347KB - Virtual size: 347KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 347KB - Virtual size: 347KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 26KB - Virtual size: 26KB