63074245529c903a4b0dbe65765752fb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

63074245529c903a4b0dbe65765752fb_JaffaCakes118
Size

784KB
MD5

63074245529c903a4b0dbe65765752fb
SHA1

1773f36e8a68ea82b9569e2a69e4a45c9b7cf776
SHA256

e27545309dcd3cc6ef778a7ca716fe1259d48393df50ad36ff6661b877c6c329
SHA512

4153b39a23afbc2b6a37222abcda7e9d7232e625a7979459edae1fe8838a0c77fa02bbd908c4baff7bfe1e4e69c494c1c5c4a1c82964825d3c3ad3a60e32c1b3
SSDEEP

6144:7VVwLXeLoDZK+2On4yWVu4q65694xIoqe7Y1XTW3WLXhLN4dbZudCwTGf1zKFOm2:7VVwbVDZuj76ku13cu+pKP2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63074245529c903a4b0dbe65765752fb_JaffaCakes118

Files

63074245529c903a4b0dbe65765752fb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

73adb203b2dadd7e1b62b992d2680bd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\DailyBuild\sources\Nero7\NeroBackItUp\NBService\UnicodeRelease\NBService.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetCommandLineW
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
GetModuleHandleA
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetCurrentThreadId
lstrcatW
lstrcpynW
GetCurrentThread
GetCurrentProcess
CloseHandle
LocalAlloc
LocalFree
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrcpyW
lstrlenW
GetModuleFileNameW
FreeLibrary
LoadLibraryW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentProcessId
InterlockedExchange
ExitProcess
GetVersionExA
WaitForMultipleObjects
CreateSemaphoreW
SetEvent
ResetEvent
CreateEventW
ReleaseSemaphore
WaitForSingleObject
BackupSeek
BackupWrite
BackupRead
SetFilePointer
GetFileSize
SetFileTime
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
WriteFile
ReadFile
CreateFileW
GetVolumeInformationW
GetWindowsDirectoryW
GetSystemDirectoryW
GetShortPathNameW
IsBadReadPtr
IsBadStringPtrW
IsBadStringPtrA
CompareStringW
WideCharToMultiByte
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
FindNextFileW
SetLastError
FindClose
FindFirstFileW
GetDiskFreeSpaceW
GetDriveTypeW
GetFileAttributesW
MoveFileW
ExpandEnvironmentStringsW
CopyFileW
FormatMessageW
GetLogicalDriveStringsW
GetTempPathW
DeleteFileW
GetTempFileNameW
IsBadWritePtr

user32

DispatchMessageW
LoadStringW
UnregisterClassW
MessageBoxW
CharNextW
UnregisterClassA
FindWindowW
PostThreadMessageW
GetMessageW

advapi32

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
OpenThreadToken
OpenProcessToken
RegEnumKeyExW
QueryServiceConfigW
QueryServiceStatus
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ControlService
DeleteService
CreateServiceW
ChangeServiceConfig2W
OpenSCManagerW
OpenServiceW
CloseServiceHandle
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
LogonUserW
RegCreateKeyW
GetUserNameW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoRegisterClassObject
CoInitializeSecurity
CoInitializeEx
CoInitialize
StringFromGUID2
CoRevokeClassObject
CoUninitialize
StringFromCLSID
CoCreateGuid

oleaut32

VariantInit
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SysFreeString
SysAllocString
SysStringLen
VariantClear

shlwapi

PathFindExtensionW

msvcp71

?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@ios_base@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?_Id_cnt@id@locale@std@@0HA
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?_Nomemory@std@@YAXXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z

msvcr71

_wcsnicmp
_wcsupr
_wcslwr
_wcsrev
iswspace
wcschr
wcsrchr
wcscat
wcscpy
wcscmp
_wcsicmp
wcsstr
wcspbrk
vswprintf
wcsncmp
iswdigit
_wtoi
strncpy
isspace
floor
localtime
swscanf
mktime
wcsftime
_wfullpath
_wsplitpath
_callnewh
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memset
_except_handler3
__CxxFrameHandler
free
??0exception@@QAE@ABV0@@Z
??0bad_cast@@QAE@ABV0@@Z
_resetstkoflw
fclose
realloc
wcsncpy
_wfopen
_purecall
fwrite
wcslen
fflush
memcpy
malloc
memcmp
memmove
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??_V@YAXPAX@Z
??3@YAXPAX@Z
_CxxThrowException
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ

winmm

PlaySoundW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shell32

SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

73adb203b2dadd7e1b62b992d2680bd6

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

winmm

version

shell32

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 612KB - Virtual size: 612KB

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 612KB - Virtual size: 612KB