49dc70cf80ebb3624fe7158490d7dd6b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

49dc70cf80ebb3624fe7158490d7dd6b_JaffaCakes118
Size

1.3MB
MD5

49dc70cf80ebb3624fe7158490d7dd6b
SHA1

f9ed89fedd9fcdfd344a0d0386b3577f9066eb0b
SHA256

f084cd890a1d491887da0638591e79ab30bc7092a5eb061f0aabb19fea7b86e6
SHA512

6a3faba4cd8070b0adf14aae0af64ad0bad85ba1c46df1323b07f22b75f447177d9c80952b36285b064228d78d264a4a640e4a0a75b02999420959875f694e5a
SSDEEP

24576:IKF5Bbi0UrqpGdropf/k68Jizb9Iv9E5jfaS9YQ8S5/J+mUlTL++6PYIsVLEULh2:Io5fUrTdrak6nb9Iv9OagYQ8YUlTdYY2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49dc70cf80ebb3624fe7158490d7dd6b_JaffaCakes118

Files

49dc70cf80ebb3624fe7158490d7dd6b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

f558a5af0c78902da7a53d5a6cb0118d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\job\pandora4x\src\trunk4x\PCPandora\PandoraMon\Release\PandoraMon.pdb

Imports

kernel32

lstrcpynA
lstrcmpiA
GetModuleFileNameA
lstrcmpA
WideCharToMultiByte
SystemTimeToFileTime
GetLocalTime
GetTickCount
VirtualProtect
GetCurrentThreadId
InterlockedDecrement
GetTempPathA
GetLastError
CreateMutexA
Sleep
IsDebuggerPresent
FlushFileBuffers
WriteFile
SetFilePointer
OutputDebugStringA
CreateFileA
GetCurrentProcessId
GetModuleHandleA
FormatMessageA
GetThreadPriority
lstrlenA
GetExitCodeThread
SetThreadPriority
SetEvent
CreateEventA
GlobalAddAtomA
GetProcAddress
CreateThread
OpenMutexA
FileTimeToLocalFileTime
GetTimeZoneInformation
VirtualQuery
ResetEvent
LoadLibraryA
DisableThreadLibraryCalls
GetFileAttributesA
SearchPathA
GetFullPathNameA
CreateProcessA
CreateProcessW
SetLastError
lstrlenW
GetLongPathNameA
ExitProcess
IsBadStringPtrA
IsBadCodePtr
IsBadStringPtrW
lstrcpyA
OpenEventA
SetThreadPriorityBoost
GetCurrentThread
TerminateThread
CompareStringA
CompareStringW
FreeLibrary
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
QueryPerformanceCounter
DeleteFileA
ExpandEnvironmentStringsA
HeapReAlloc
GetFileSize
SetFileTime
GetFileTime
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetSystemDirectoryA
Module32Next
Module32First
CreateToolhelp32Snapshot
FindClose
FindFirstFileA
Process32Next
Process32First
OpenProcess
GlobalAlloc
GetComputerNameA
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
QueryPerformanceFrequency
lstrcatA
lstrcpynW
FindNextFileA
GlobalFree
GetSystemTime
SetEndOfFile
InterlockedIncrement
SetEnvironmentVariableA
SetStdHandle
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
VirtualFree
HeapCreate
TerminateProcess
GetCommandLineA
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
RtlUnwind
HeapSize
HeapDestroy
LocalFree
LocalAlloc
IsBadWritePtr
IsBadReadPtr
ReleaseMutex
WaitForSingleObject
CloseHandle
GetVersion
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
ReadFile
InterlockedExchange

user32

GetDesktopWindow
SetWindowsHookExA
SetWindowTextA
UnregisterClassA
SetWindowLongA
SendMessageA
GetClassNameA
DialogBoxParamA
DispatchMessageA
FillRect
PeekMessageA
SetWindowsHookExW
CallNextHookEx
GetActiveWindow
MessageBoxA
GetForegroundWindow
IsChild
GetWindowThreadProcessId
PostMessageA
GetKeyState
SendMessageTimeoutA
RegisterClassA
GetMessageA
GetWindowModuleFileNameA
UnregisterHotKey
RegisterHotKey
PostQuitMessage
EnumWindows
GetWindowDC
ReleaseDC
CreateIconIndirect
GetSystemMetrics
WaitForInputIdle
GetDC
TranslateMessage
SetForegroundWindow
ShowWindow
IsIconic
FindWindowA
GetParent
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoA
GetWindowRect
GetWindow
RegisterWindowMessageA
GetWindowLongA
EndDialog
GetDlgItem
IsWindow
SetFocus
SetActiveWindow
SetTimer
KillTimer
CreateWindowExA
DestroyWindow
DefWindowProcA
CallWindowProcA
ScreenToClient
ClientToScreen
GetCursorPos
GetWindowTextA
GetWindowTextLengthA
wsprintfA

gdi32

CreateBitmap
GetObjectA
RealizePalette
GetDIBits
CreateCompatibleBitmap
GdiFlush
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject
GetDeviceCaps
CreateDCA
Ellipse
CreateSolidBrush
GetStockObject

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

StringFromGUID2
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoCreateInstance
StringFromCLSID
CoTaskMemFree

oleaut32

SysStringByteLen
SysFreeString
GetErrorInfo
SysAllocString
VariantClear
SafeArrayLock
SafeArrayUnlock
SysStringLen
VariantInit
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SafeArrayDestroy
CreateErrorInfo
SetErrorInfo

shlwapi

PathRemoveFileSpecA
PathCombineA
PathFileExistsA
UrlCombineA
PathFindExtensionA
PathRemoveExtensionA
PathStripPathA
PathAddBackslashA
PathFindFileNameA

ws2_32

WSALookupServiceEnd
WSALookupServiceBeginA
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSALookupServiceNextA
WSAResetEvent
WSAEventSelect
socket
setsockopt
WSAStartup
WSACreateEvent
WSACleanup
WSASetEvent
WSACloseEvent
closesocket
WSARecvFrom
recvfrom
WSARecv
recv
WSASendTo
sendto
WSASend
WSAAccept
accept
connect
WSASetLastError
WSAGetLastError
gethostname
gethostbyname
inet_addr
send
htonl
htons
ntohl
ntohs
WSAConnect

wininet

InternetCrackUrlA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllCreateStub
DllGetClassObject
DllRegisterServer
DllUnregisterServer
_StorageAddChangeNotification@28
_StorageCheckAndRepair@28
_StorageCheckAndRepairCB2@108
_StorageCheckAndRepairCB@72
_StorageCheckFilePassword@28
_StorageCheckPassword@20
_StorageClose@4
_StorageCloseFile@4
_StorageCompact@8
_StorageCreate@32
_StorageCreateCB@80
_StorageCreateDirectory@8
_StorageCreateFile@48
_StorageCreateFileCompressed@60
_StorageDeleteAndRenameFile@12
_StorageDeleteDirectory@8
_StorageDeleteFile@8
_StorageDeleteFileTag@12
_StorageFileExists@12
_StorageFindClose@8
_StorageFindFirst@16
_StorageFindFirstEx@20
_StorageFindNext@8
_StorageFlushFile@4
_StorageForceCreateDirectories@8
_StorageFormatFixedSize@32
_StorageFormatFixedSizeCB@76
_StorageGetAutoCompact@8
_StorageGetBuffering@8
_StorageGetCaseSensitive@8
_StorageGetEncryption@8
_StorageGetFileAttributes@12
_StorageGetFileCompression@20
_StorageGetFileCreationTime@12
_StorageGetFileEncryption@12
_StorageGetFileLastAccessTime@12
_StorageGetFileModificationTime@12
_StorageGetFileSize@8
_StorageGetFileSizeLong@8
_StorageGetFileTag@20
_StorageGetFileTagInfo@20
_StorageGetFileTimes@20
_StorageGetInfo@12
_StorageGetLinkDestination@12
_StorageGetLinkDestinationEx@16
_StorageGetMaxPagesCount@8
_StorageGetSeparator@8
_StorageGetSizes@16
_StorageGetUseAccessTime@8
_StorageGetUseTransactions@8
_StorageGetVersion@4
_StorageIsDirectoryEmpty@12
_StorageIsReadOnly@8
_StorageIsValidStorage@4
_StorageIsValidStorageCB@48
_StorageLink@12
_StorageMoveFile@12
_StorageOpen@20
_StorageOpenCB@68
_StorageOpenFile@36
_StorageOpenReadOnly@20
_StorageOpenRootData@8
_StorageReadFile@16
_StorageReadFileWithSeek@24
_StorageRemoveChangeNotification@8
_StorageResolveLink@16
_StorageSeekFile@16
_StorageSeekFileLong@20
_StorageSetAutoCompact@8
_StorageSetBuffering@8
_StorageSetCaseSensitive@8
_StorageSetCustomCompressionHandlers@16
_StorageSetCustomEncryptionHandlers@24
_StorageSetEncryption@24
_StorageSetEncryptionEx@32
_StorageSetEndOfFile@4
_StorageSetFileAttributes@12
_StorageSetFileCompression@28
_StorageSetFileCreationTime@16
_StorageSetFileEncryption@28
_StorageSetFileLastAccessTime@16
_StorageSetFileModificationTime@16
_StorageSetFilePassword@16
_StorageSetFileSize@8
_StorageSetFileSizeLong@12
_StorageSetFileTag@20
_StorageSetFileTimes@32
_StorageSetLogo@8
_StorageSetMaxPagesCount@8
_StorageSetPassword@12
_StorageSetRegistrationKey@4
_StorageSetSeparator@8
_StorageSetUseAccessTime@8
_StorageSetUseTransactions@8
_StorageTellFile@8
_StorageTellFileLong@8
_StorageWriteFile@16
_StorageWriteFileWithSeek@24

Sections

.text
Size: 968KB - Virtual size: 967KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f558a5af0c78902da7a53d5a6cb0118d

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

ws2_32

wininet

version

Exports

Exports

Sections

.text Size: 968KB - Virtual size: 967KB

.rdata Size: 172KB - Virtual size: 168KB

.data Size: 24KB - Virtual size: 45KB

.rsrc Size: 4KB - Virtual size: 400B

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 968KB - Virtual size: 967KB

.rdata
Size: 172KB - Virtual size: 168KB

.data
Size: 24KB - Virtual size: 45KB

.rsrc
Size: 4KB - Virtual size: 400B

.reloc
Size: 56KB - Virtual size: 55KB