821d37a5a567ff26df2dc4d550fb8f83_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

821d37a5a567ff26df2dc4d550fb8f83_JaffaCakes118
Size

481KB
MD5

821d37a5a567ff26df2dc4d550fb8f83
SHA1

6a220a35558a30ba94a1fa8d307cde4739bb957c
SHA256

92f614a99c4a04d53014ec42609e74b56177fcabd0c173d3cc6e7bab75a5349b
SHA512

e018b2493aeb3073134e1544039875a79a1d804e65d7c083cd3f2df10486dd0063a6c455a53da3777e6ab0f2be1bea1f3a4674f2bc203718bbdcb416347388d9
SSDEEP

6144:qDAOxHAITztr9lp7PyO5Q3MaCj0U0RojUkuzun1I0O6yf4FgS:qDVxPlps3MaCj0x+Ukuan1DO6yf4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
821d37a5a567ff26df2dc4d550fb8f83_JaffaCakes118

Files

821d37a5a567ff26df2dc4d550fb8f83_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6f8b6e6ccb024575d96aae4c6990d7ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\build\source\rpbgrecorder\rel32\RecordingManager.pdb

Imports

ole32

StringFromCLSID
CoTaskMemFree

kernel32

CreateDirectoryA
MoveFileA
GetTickCount
GetSystemInfo
GetVersion
RaiseException
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
GetCurrentProcessId
SetProcessWorkingSetSize
GetCurrentProcess
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
SetCurrentDirectoryA
GetCurrentDirectoryA
IsBadWritePtr
VirtualProtect
IsBadReadPtr
SetUnhandledExceptionFilter
TerminateThread
WaitForSingleObject
CreateThread
GetCurrentThreadId
CreateEventA
LocalFree
WriteFile
GetThreadContext
VirtualQuery
OpenProcess
SetFilePointer
GlobalMemoryStatus
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateProcessA
Sleep
FreeLibraryAndExitThread
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
GetSystemDirectoryA
CreateFileA
DeleteFileA
GetVersionExA
SetErrorMode
LoadLibraryA
GetProcAddress
FreeLibrary
GetEnvironmentVariableA
GetModuleFileNameA
SetEnvironmentVariableA
InterlockedDecrement
InterlockedIncrement
CreateMutexA
GetLastError
ReleaseMutex
CloseHandle
OpenEventA
SetLastError
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetEvent
GetModuleHandleA
WaitForMultipleObjects

user32

PostMessageA
DefWindowProcA
RegisterWindowMessageA
PostQuitMessage
EndPaint
GetWindowPlacement
SystemParametersInfoA
IsIconic
SetForegroundWindow
GetForegroundWindow
AttachThreadInput
FlashWindow
GetWindowThreadProcessId
GetDC
ReleaseDC
CharNextA
SetLastErrorEx
GetSystemMetrics
DestroyMenu
DestroyIcon
GetSubMenu
MessageBoxA
IsWindow
SetMenuDefaultItem
FindWindowA
SendMessageA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
BeginPaint

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA
RegDeleteValueA
RegQueryValueA
RegSetValueA
RegCreateKeyA
RegDeleteKeyA
RegEnumKeyA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExW
FreeSid

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

gdi32

GetDeviceCaps

shell32

ShellExecuteA
SHGetFolderPathA

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

shlwapi

PathAddBackslashA
PathAppendA

msvcr90

_invoke_watson
_controlfp_s
_XcptFilter
_putenv
_crt_debugger_hook
_exit
_cexit
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__getmainargs
_amsg_exit
_adjust_fdiv
__setusermatherr
_configthreadlocale
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_initterm_e
_initterm
_acmdln
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
strrchr
strncpy
strchr
malloc
free
realloc
_ismbcspace
memcpy
sprintf
memset
_vsnprintf
memmove
getenv
printf
strstr
_ismbblead
_stricmp
??_V@YAXPAX@Z
wcsnlen
memcpy_s
calloc
_recalloc
atoi
strnlen
memmove_s
_gmtime32
_time32
vsprintf
asctime
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
_unlock
exit

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 380KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6f8b6e6ccb024575d96aae4c6990d7ae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

kernel32

user32

advapi32

version

gdi32

shell32

msvcp90

shlwapi

msvcr90

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 380KB - Virtual size: 384KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 380KB - Virtual size: 384KB