899496f166d605b57e6f5e8e92ebd619_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

899496f166d605b57e6f5e8e92ebd619_JaffaCakes118
Size

324KB
MD5

899496f166d605b57e6f5e8e92ebd619
SHA1

03633e0c2c10f9a771a168bd72a3236e587968ec
SHA256

1374084ad5dc34df390a7d290837ca8744a37e8c7bcc27e722b27845a0207f8a
SHA512

9028df16a3cec01746b126f2399d05422b60e2c0dc6353cab9028b6ab3c7fb22ecc0ccd78cf46b5acf0e2d0af65be07a2b5d8f5f6ad7ea7a38619436975211c3
SSDEEP

6144:XdzG+v0ekhwAcHQMIOgFJ2gUdOiUO83UWAWjnk1twr:tzG0k2AcHvIOqnjOWUWAWDatwr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
899496f166d605b57e6f5e8e92ebd619_JaffaCakes118

Files

899496f166d605b57e6f5e8e92ebd619_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9b52d0f49441d3ceb6a53ff3f5451db5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\trayapp\TrayApp\Release\hpqtra08.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

InitCommonControlsEx

kernel32

LoadLibraryExA
GetModuleHandleA
ExitProcess
OpenProcess
GetCommandLineA
GetShortPathNameA
LocalFree
LocalAlloc
GetVersion
GetPrivateProfileIntA
MulDiv
WriteFile
SetFilePointer
CreateFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
FormatMessageA
LocalReAlloc
LocalSize
LocalUnlock
LocalLock
lstrcpynA
LoadLibraryA
SetErrorMode
IsDBCSLeadByte
GetFileAttributesA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetPrivateProfileSectionNamesA
ReleaseMutex
WaitForSingleObject
CreateMutexA
ReadFile
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
InterlockedIncrement
GetCurrentThread
lstrcmpiA
InterlockedDecrement
GetLastError
Sleep
DeleteFileA
SetEvent
SetLastError
GetSystemPowerStatus
InterlockedCompareExchange
CreateProcessA
GetCurrentThreadId
FreeLibrary
GetProcAddress
lstrcpyA
GetCurrentProcess
FlushInstructionCache
FindResourceA
LoadResource
LockResource
SizeofResource
RaiseException
InterlockedExchange
OutputDebugStringA
GetTickCount
CreateEventA
CloseHandle
ResetEvent
lstrlenA
GlobalAddAtomA
GlobalDeleteAtom
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateDirectoryA

user32

UnregisterClassA
RegisterClassA
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
IsIconic
MsgWaitForMultipleObjects
PostQuitMessage
TranslateMessage
PeekMessageA
GetDC
ReleaseDC
SystemParametersInfoA
SetRect
IsWindowEnabled
EnableWindow
GetClassNameA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetMenuItemCount
GetMenuItemInfoA
SetMenuItemInfoA
CallWindowProcA
FindWindowA
GetWindowThreadProcessId
MessageBoxA
LoadStringA
CharNextW
CharNextA
GetMessageA
DispatchMessageA
UnregisterDeviceNotification
RegisterDeviceNotificationA
PostMessageA
CreateDialogParamA
DialogBoxParamA
PostThreadMessageA
CreateWindowExA
LoadMenuA
DestroyMenu
RegisterClassExA
MessageBeep
DestroyWindow
LoadCursorA
GetClassInfoExA
SetFocus
KillTimer
SetTimer
BringWindowToTop
SetWindowLongA
IsWindow
RegisterWindowMessageA
EndDialog
GetSystemMetrics
LoadImageA
DefWindowProcA
wsprintfA
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
SetWindowPos
GetDlgItem
SetDlgItemTextA
GetDlgItemTextA
ShowWindow
ScreenToClient
GetClientRect
GetWindowRect
MoveWindow
SendMessageA
GetWindowLongA

gdi32

GetStockObject
SelectObject
GetTextMetricsA
GetDeviceCaps
GetObjectA
CreateFontIndirectA

advapi32

RegSetValueExA
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenThreadToken
OpenProcessToken
RegCloseKey
RegNotifyChangeKeyValue
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegQueryInfoKeyA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
CreateServiceA
DeleteService
ControlService
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CopySid
GetLengthSid
IsValidSid
SetServiceStatus
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
RegEnumKeyExA

ole32

CreateBindCtx
MkParseDisplayName
GetRunningObjectTable
CoInitializeSecurity
StringFromGUID2
CoTaskMemFree
CoRegisterClassObject
ProgIDFromCLSID
CoTaskMemRealloc
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
CLSIDFromString
CoGetInterfaceAndReleaseStream
CoUninitialize
CoInitialize
CoCreateInstance
CoGetInstanceFromFile
CreateFileMoniker
CoRevokeClassObject

oleaut32

VariantClear
SysFreeString
VarBstrCat
SysStringLen
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
VariantInit
LoadRegTypeLi
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
DispCallFunc
SetErrorInfo
CreateErrorInfo
GetErrorInfo

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

msvcr90

_purecall
_CxxThrowException
__CxxFrameHandler3
_mbsstr
??3@YAXPAX@Z
??_V@YAXPAX@Z
memset
??2@YAPAXI@Z
atol
free
strlen
_adjust_fdiv
_endthreadex
_beginthreadex
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
memcpy_s
sprintf_s
_recalloc
__p__commode
malloc
_resetstkoflw
memcmp
_wcsicmp
_mbsnbcpy_s
strcpy_s
wcsncpy_s
strcat_s
puts
vsprintf_s
calloc
_itoa_s
_mbschr
wcscpy_s
toupper
iswctype
isxdigit
_ltoa_s
atoi
_getcwd
_chdir
_chdrive
isdigit
memmove_s
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_mbsicmp
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode

Exports

Exports

?COMWndProc@@YGJPAUHWND__@@IIJ@Z

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b52d0f49441d3ceb6a53ff3f5451db5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

comctl32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 158KB - Virtual size: 158KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 66KB - Virtual size: 68KB

.rsrc Size: 51KB - Virtual size: 50KB

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 66KB - Virtual size: 68KB

.rsrc
Size: 51KB - Virtual size: 50KB