3e59f005e4ee9c07ad7615bbe410244d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3e59f005e4ee9c07ad7615bbe410244d_JaffaCakes118
Size

192KB
MD5

3e59f005e4ee9c07ad7615bbe410244d
SHA1

3d30e88ecaf5158cca0181035961835f7a0d39ee
SHA256

aa35eaff62f691415bf3422d3fb5938b5ecee3c1291538d6cb6b9fcd1d9ceaa8
SHA512

9c139b40bbf713a16574d45701c70cc826f6743973962c18aab38fe39fb4db7e8b7edee8fe9d9255e968a49419a6a64062cdc3847008d296b52a40e3babfad4f
SSDEEP

3072:8dnNfDY89+oMXmzGylGIwhGWYffLqTv8ZuU3R8Z1A9oIZgVVaiWHH:8dnNfDT96mEnGWtj8ZuOyZe9hgVoiW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e59f005e4ee9c07ad7615bbe410244d_JaffaCakes118

Files

3e59f005e4ee9c07ad7615bbe410244d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

26e1056075aaa2fc66a7e1ecce06222d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\DailyBuild\sources\Nero7\NeroBackItUp\NBService\UnicodeRelease\NBService.pdb

Imports

kernel32

GetCommandLineW
GetModuleHandleW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetCurrentThreadId
lstrcatW
lstrcpynW
GetCurrentThread
GetCurrentProcess
CloseHandle
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrcpyW
lstrlenW
GetModuleFileNameW
FreeLibrary
LoadLibraryW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetModuleHandleA
ExitProcess
GetVersionExA
VirtualFree
BackupWrite
BackupRead
SetFilePointer
GetFileSize
SetFileTime
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
WriteFile
ReadFile
CreateFileW
WideCharToMultiByte
CompareStringW
GetVolumeInformationW
GetWindowsDirectoryW
GetSystemDirectoryW
GetShortPathNameW
GetTempFileNameW
DeleteFileW
GetTempPathW
LocalAlloc
IsBadReadPtr
IsBadStringPtrW
IsBadStringPtrA
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
FindClose
FindNextFileW
SetLastError
FindFirstFileW
GetDiskFreeSpaceW
GetDriveTypeW
GetFileAttributesW
MoveFileW
ExpandEnvironmentStringsW
CopyFileW
LocalFree
FormatMessageW
IsBadWritePtr

user32

DispatchMessageW
GetMessageW
LoadStringW
UnregisterClassW
MessageBoxW
CharNextW
PostThreadMessageW
UnregisterClassA

advapi32

RegisterServiceCtrlHandlerW
OpenThreadToken
OpenProcessToken
RegEnumKeyExW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ControlService
DeleteService
CreateServiceW
ChangeServiceConfig2W
OpenSCManagerW
OpenServiceW
CloseServiceHandle
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyW
QueryServiceConfigW
GetUserNameW
StartServiceCtrlDispatcherW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoRegisterClassObject
CoInitializeSecurity
CoInitializeEx
CoInitialize
StringFromGUID2
CoRevokeClassObject
CoUninitialize
StringFromCLSID
CoCreateGuid

oleaut32

VariantInit
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SysFreeString
SysAllocString
SysStringLen
VariantClear

shlwapi

PathFindExtensionW

msvcp71

??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@ios_base@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?_Id_cnt@id@locale@std@@0HA
?_Nomemory@std@@YAXXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z

msvcr71

_wfopen
wcsncpy
realloc
fclose
_resetstkoflw
wcscmp
_wcsicmp
_wcsupr
_wcslwr
_wcsrev
iswspace
wcschr
wcsrchr
wcsstr
wcspbrk
vswprintf
wcsncmp
iswdigit
_wtoi
wcscat
wcscpy
strncpy
floor
mktime
wcsftime
_wfullpath
_wsplitpath
_callnewh
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memset
_except_handler3
__CxxFrameHandler
free
??0exception@@QAE@ABV0@@Z
??0bad_cast@@QAE@ABV0@@Z
_purecall
fwrite
wcslen
fflush
memcpy
malloc
memcmp
memmove
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??_V@YAXPAX@Z
??3@YAXPAX@Z
_CxxThrowException
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ

winmm

PlaySoundW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shell32

SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

26e1056075aaa2fc66a7e1ecce06222d

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

winmm

version

shell32

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 40KB - Virtual size: 40KB