88fa13e7bb3d1fae690c91e22b3a8145_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

88fa13e7bb3d1fae690c91e22b3a8145_JaffaCakes118
Size

228KB
MD5

88fa13e7bb3d1fae690c91e22b3a8145
SHA1

adce7905ff7ac0107c0df3e47ada804cff8a2732
SHA256

c7286d7e5571e332c920efd28c15e59da24c0171d4f3d05733cf9f8ed5b9ff40
SHA512

648443e9a28e30f82596266fdcd536007f626608e74ae176d3c1c6e46d74cc905c3a584f9221546e4fd287148c71c18287026a32dd35a623e24dd90e803f666a
SSDEEP

6144:8kR5o6HKkWCoTtbCnNsWTB/DczO3Uuiz:F5oqZ4tGnNsWTZDoz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88fa13e7bb3d1fae690c91e22b3a8145_JaffaCakes118

Files

88fa13e7bb3d1fae690c91e22b3a8145_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b93e8ef72cebae8f1d0489871bf7ef89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\_SVN\SpywareRemover2009\release\Updater.pdb

Imports

kernel32

GetLastError
CreateDirectoryA
FindClose
FindNextFileA
SetFileAttributesA
RemoveDirectoryA
DeleteFileA
GetFileAttributesA
FindFirstFileA
InterlockedExchange
GetVersionExA
SetLastError
GetCurrentDirectoryA
GetSystemDirectoryA
OpenEventA
Sleep
CopyFileA
GetDriveTypeA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
GetTickCount
GetLocalTime
CreateProcessA
CreateFileA
SetFilePointer
ReadFile
GetFileSize
OutputDebugStringA
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GetCurrentProcessId
GetCurrentProcess
WaitForMultipleObjectsEx
TerminateThread
GetCurrentThreadId
lstrlenA
WriteFile
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
WaitForSingleObject
CreateThread
ResetEvent
CloseHandle
GetExitCodeThread
ExitThread
CreateEventA
SetEvent
SetEndOfFile
GetSystemTimeAsFileTime
GetVolumeInformationA
GetWindowsDirectoryA
InterlockedCompareExchange

user32

wsprintfA
LoadStringA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA

advapi32

RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

msvcr80

__clean_type_info_names_internal
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_ultoa
_vscprintf
_vsnprintf
_time64
_localtime64
asctime
_mbsnbcat
srand
rand
atoi
fopen
fwrite
fclose
??3@YAXPAX@Z
free
_recalloc
memcpy_s
calloc
__CxxFrameHandler3
_mbsnbcpy
_mbsrchr
_mbsicmp
_mbsnbcmp
_mbsnbicmp
_CxxThrowException
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_vsnprintf_s
memset
_purecall
_itoa
??_V@YAXPAX@Z
_invalid_parameter_noinfo
??_U@YAPAXI@Z
memcpy
malloc
_snprintf
sprintf
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_mbstok
_fstat64i32
fread
ferror
_errno
fputc
ftell
fprintf
_fdopen
_fileno

msvcp80

??0?$allocator@D@std@@QAE@ABV01@@Z
?construct@?$allocator@D@std@@QAEXPADABD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V32@0@Z
?max_size@?$allocator@D@std@@QBEIXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??0?$allocator@D@std@@QAE@XZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?_Xran@_String_base@std@@SAXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0ABV12@@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

shlwapi

PathAppendA
PathFileExistsA

wininet

InternetSetOptionA
InternetQueryOptionA
InternetGetConnectedState
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
HttpSendRequestA
HttpAddRequestHeadersA
HttpQueryInfoA
HttpOpenRequestA
InternetConnectA
InternetOpenA

setupapi

SetupInstallFileA

ws2_32

WSACreateEvent
WSASetEvent
WSAWaitForMultipleEvents
WSAResetEvent
closesocket
shutdown
inet_ntoa
WSAGetLastError
WSARecvFrom
WSASendTo
setsockopt
WSASocketA
gethostbyname
inet_addr
WSACloseEvent

iphlpapi

GetAdaptersInfo

Exports

Exports

??0CUpdater@@QAE@W4DLL_UPDATE_KIND@@@Z
??4CUpdater@@QAEAAV0@ABV0@@Z
?SetNotificationHandlers@CUpdater@@QAEXPAVCDownloadNotifications@@PAVCScriptNotifications@@@Z
?UpdateNow@CUpdater@@QAEHPBD@Z

Sections

.text
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b93e8ef72cebae8f1d0489871bf7ef89

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

msvcr80

msvcp80

shlwapi

wininet

setupapi

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 152KB - Virtual size: 150KB

.rdata Size: 48KB - Virtual size: 46KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 568B

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 152KB - Virtual size: 150KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 568B

.reloc
Size: 16KB - Virtual size: 15KB