670633add940618f084d913bd1dae91f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

670633add940618f084d913bd1dae91f_JaffaCakes118
Size

227KB
MD5

670633add940618f084d913bd1dae91f
SHA1

45049876aea768a1cb024caa2d5f01b5471b36eb
SHA256

1acb30c08d9b2261559a98bb45eec2a6a884a90f32b17ea0ac2dfdcb0685e002
SHA512

43c9e26278eed1e318d4d904ae1457b3066dd2908aa0adfe1c5697e18401225a076f0a042b510e5cbb69d4ce2e66f1c0f917f28e5338e30c52acd8c19718444a
SSDEEP

6144:angK2mGr44zvK+2UerLK9LuahcpC4TsYh/zXF23HOK2RxT:HKUr9vAebmbjhrXF2OT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
670633add940618f084d913bd1dae91f_JaffaCakes118

Files

670633add940618f084d913bd1dae91f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b74177afdce8865547cbeb979cd1fe63

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\temp\bwsvc\src\Release\Bwsvc.pdb

Imports

ws2_32

inet_ntoa
inet_addr

crypt32

PFXImportCertStore
CertGetNameStringA
CertCloseStore
CertFindCertificateInStore
CertOpenSystemStoreA
CertCreateCertificateContext
CertFreeCertificateContext
CertNameToStrA
CertEnumCertificatesInStore

shlwapi

PathCombineA
SHDeleteKeyA
PathIsDirectoryA

rpcrt4

UuidFromStringA

winscard

SCardReleaseContext
SCardGetAttrib
SCardEstablishContext
SCardLocateCardsA
SCardGetCardTypeProviderNameA
SCardConnectA
SCardDisconnect

scarddlg

ord4

kernel32

FindResourceExA
FindResourceA
LockResource
SizeofResource
GetModuleHandleA
ResetEvent
SetConsoleCtrlHandler
OpenProcess
GetModuleFileNameA
FreeConsole
CreateEventA
CreateMutexA
CreateToolhelp32Snapshot
OutputDebugStringA
ReleaseMutex
AllocConsole
GetStdHandle
FindFirstFileA
GetCurrentProcessId
LocalFree
Process32First
FindClose
GetLocalTime
GetTickCount
WriteConsoleA
Process32Next
LocalAlloc
GetSystemTimeAsFileTime
DeleteFileA
LoadLibraryExA
InterlockedDecrement
LoadResource
GetPrivateProfileStringA
DeleteCriticalSection
InterlockedIncrement
Sleep
ExpandEnvironmentStringsA
CopyFileA
GetPrivateProfileSectionA
GetVersionExA
CreateFileA
GetFileSize
ReadFile
SetThreadPriority
ResumeThread
lstrcpynA
WaitForMultipleObjectsEx
WaitForMultipleObjects
GetExitCodeThread
TerminateThread
GetExitCodeProcess
DuplicateHandle
GetCommandLineA
GlobalAlloc
GetPrivateProfileIntA
GlobalUnlock
SetCurrentDirectoryA
GlobalFree
SetUnhandledExceptionFilter
GlobalLock
HeapAlloc
HeapDestroy
GetCurrentThread
IsDBCSLeadByte
SetEvent
WideCharToMultiByte
LoadLibraryA
InterlockedExchange
FreeLibrary
InitializeCriticalSection
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
MultiByteToWideChar
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
CloseHandle
lstrcmpiA
WaitForSingleObject
SetLastError
GetCurrentProcess
GetLastError
lstrlenA
GetCurrentThreadId
FlushInstructionCache
RaiseException
lstrlenW

user32

UnregisterClassA
KillTimer
GetWindowTextA
SetWindowLongA
EnableWindow
DialogBoxParamA
wsprintfA
DispatchMessageA
GetMessageA
UnregisterDeviceNotification
RegisterDeviceNotificationA
PostThreadMessageA
CharNextA
SetForegroundWindow
IsWindow
SetWindowTextA
GetDlgItem
SetFocus
GetWindowTextLengthA
SendMessageA
SetDlgItemTextA
LoadStringA
SetWindowPos
SetTimer
SetActiveWindow
EndDialog

advapi32

DuplicateToken
ImpersonateLoggedOnUser
RevertToSelf
SetServiceStatus
ControlService
RegDeleteValueA
RegQueryInfoKeyA
CloseServiceHandle
RegDeleteKeyA
IsValidSid
QueryServiceStatus
RegCreateKeyExA
RegSetValueExA
OpenSCManagerA
CopySid
OpenServiceA
StartServiceCtrlDispatcherA
CreateServiceA
OpenProcessToken
GetTokenInformation
DeleteService
AccessCheck
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
RegCloseKey
SetSecurityDescriptorGroup
RegOpenKeyExA
SetSecurityDescriptorDacl
RegEnumKeyExA
GetLengthSid
IsValidSecurityDescriptor
InitializeSecurityDescriptor
RegNotifyChangeKeyValue
FreeSid
RegQueryValueExA
RegEnumValueA
AddAccessAllowedAce
OpenThreadToken
SetThreadToken
CryptGetUserKey
CryptDestroyKey
CryptGetProvParam
GetUserNameA
CryptReleaseContext
CryptAcquireContextA
CryptGenKey
CryptGetKeyParam

ole32

CoRegisterClassObject
CoTaskMemFree
CoRevokeClassObject
CoInitializeSecurity
CoTaskMemRealloc
StringFromGUID2
CoInitialize
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CLSIDFromString
CoRevertToSelf
CoImpersonateClient
CoCreateInstance

oleaut32

VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
SysStringLen
LoadRegTypeLi
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayDestroyData
SafeArrayGetLBound
SysStringByteLen
SafeArrayUnaccessData
SysAllocString
VariantClear
SysAllocStringByteLen
VariantInit
SafeArrayCreate
SafeArrayAccessData
SafeArrayDestroy
SysFreeString

msvcr80

_CxxThrowException
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
memcpy
__CxxFrameHandler3
_invoke_watson
_vsnprintf_s
?terminate@@YAXXZ
memset
atoi
memmove
strncpy_s
realloc
strncat_s
qsort
strchr
vsprintf_s
_mbsnbcpy_s
_itoa_s
wcsncpy_s
strstr
_mbscmp
_mbsrchr
strcpy_s
fprintf
fclose
_vscprintf
_stricmp
strcat_s
fopen_s
_snscanf_s
strrchr
??_U@YAPAXI@Z
_purecall
memcpy_s
_strdup
_recalloc
_beginthreadex
??_V@YAXPAX@Z
_snprintf_s
calloc
_strnicmp
??3@YAXPAX@Z
_resetstkoflw
??2@YAPAXI@Z
free
malloc
memmove_s

userenv

UnloadUserProfile

Sections

.text
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b74177afdce8865547cbeb979cd1fe63

Headers

File Characteristics

PDB Paths

Imports

ws2_32

crypt32

shlwapi

rpcrt4

winscard

scarddlg

kernel32

user32

advapi32

ole32

oleaut32

msvcr80

userenv

Sections

.text Size: 154KB - Virtual size: 153KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 10KB - Virtual size: 11KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 154KB - Virtual size: 153KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 10KB - Virtual size: 11KB

.rsrc
Size: 17KB - Virtual size: 16KB