8b8a4a79aaf0a0f7a4ba8cb36a0e86a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8b8a4a79aaf0a0f7a4ba8cb36a0e86a1_JaffaCakes118
Size

1.3MB
MD5

8b8a4a79aaf0a0f7a4ba8cb36a0e86a1
SHA1

55420675b915d2ccb582dfbc57604553d17127f9
SHA256

7464249799376bca46e5c7db8d09d5af2b18615028726368a927e0346c0670fb
SHA512

c6d8ab6b4aa62700a9caa96812ea163ca1b13e2203a1ea701e3b0f22436ac9153208793fdb270e6d14039d14692db063ea70a2e61e9f02aa826c8e8ba7b8b04c
SSDEEP

24576:SEbfH71M5np08lTlRVSarYyk2vYPuEc70QdlTssGNEi5j+LymIoRuxPjHSBpQc5j:SE1M5npXJ7syzvYPuEc70QdlTssGNEiM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b8a4a79aaf0a0f7a4ba8cb36a0e86a1_JaffaCakes118

Files

8b8a4a79aaf0a0f7a4ba8cb36a0e86a1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3bbd068fbe495fb6d876562e59b23e5d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

pcscm

?Hide@CSplashWnd@@QAEHI@Z
??1CSplashWnd@@UAE@XZ
?PcsInitializeWER@@YAHXZ
?DiscardTextureImages@CNBitmapButton@@QAEXXZ
?DiscardButtonImages@CNBitmapButton@@QAEXXZ
?GetFirstPhoneManufacturer@CPCSL2InfoReader@@QAEPBGXZ
?GetNumberOfPhoneManufacturers@CPCSL2InfoReader@@QAEHXZ
?GetNextPhoneManufacturer@CPCSL2InfoReader@@QAEPBGXZ
?Show@CSplashWnd@@QAEHI@Z
?GetUIManufacturer@CPCSL2InfoReader@@QAEPBGXZ
??0CPCSL2InfoReader@@QAE@XZ
?ReadPCSL@CPCSL2InfoReader@@QAEHPAG@Z
?SetStaticMembers@CNMessageBoxDlg@@SAHPAUHINSTANCE__@@0HHHHHHHHHHHHHHHHHHHHKKKK@Z
??0CNMessageBoxDlg@@QAE@XZ
?MessageBoxW@CNMessageBoxDlg@@QAEHPAUHWND__@@PBG1I@Z
?FreeMemory@CNMessageBoxDlg@@SAXXZ
??1CNMessageBoxDlg@@QAE@XZ
??1CPCSL2InfoReader@@QAE@XZ
?SetAnimationMembers@CPNGAnimation@@QAE_NHHH@Z
?SetAnimationCoordinates@CPNGAnimation@@QAEXUtagPOINT@@@Z
?SetDestinationWindow@CPNGAnimation@@QAE_NPAPAUHWND__@@@Z
?SetBitmapHandles@CPNGAnimation@@QAE_NHPAUHBITMAP__@@@Z
??0CSplashWnd@@QAE@PAUHINSTANCE__@@I@Z
??1CCommonAboutDlg@@UAE@XZ
?DoModal@CCommonAboutDlg@@QAEHXZ
?SetAboutBoxParams@CCommonAboutDlg@@QAEHPAUtagABOUTBOXPARAMS@@@Z
??0CCommonAboutDlg@@QAE@XZ
?SetBitmapStatic@CNBitmapUtil@@QAEHPAUHWND__@@HHHHW4BitmapType@@HHH@Z
?CreateColorBackground@CNBitmapUtil@@QAEHKHH@Z
?GetBackgroundStatic@CNBitmapUtil@@QAEPAUHBITMAP__@@PAUHWND__@@HHHHHH@Z
?AlphaBlendBitmaps@CNBitmapUtil@@QAEHHHH@Z
?CreateBitmapFromBitmapSection@CNBitmapUtil@@QAEPAUHBITMAP__@@HHHHPAU2@@Z
?PCSL_GetVariantID@CPCSL2InfoReader@@QAEGXZ
??0CNBitmapUtil@@QAE@XZ
?NLoadBitmap@CNBitmapUtil@@QAEPAUHBITMAP__@@PAUHINSTANCE__@@HW4BitmapType@@H@Z
?GetButtonHwnd@CNBitmapButton@@QAEPAUHWND__@@XZ
??0CCSDWrapper@@QAE@XZ
??0CCSDWrapperListener@@QAE@XZ
??1CCSDWrapper@@UAE@XZ
?Initialize@CCSDWrapper@@QAEJPAUHWND__@@@Z
?SetSupportedDevices@CCSDWrapper@@QAEXPBG@Z
?SetSelectionMode@CCSDWrapper@@QAEXK@Z
?AddListener@CCSDWrapper@@QAEXPAVCCSDWrapperListener@@@Z
?RemoveListener@CCSDWrapper@@QAEXPAVCCSDWrapperListener@@@Z
?Terminate@CCSDWrapper@@QAEXXZ
?SelectDevice@CCSDWrapper@@QAEJKH@Z
??1CNBitmapUtil@@QAE@XZ
?SelectDevice@CCSDWrapper@@QAEJH@Z
?GetSupportedDeviceCount@CCSDWrapper@@QAEHXZ
?GetBitmapHeight@CNBitmapUtil@@QAEHW4BitmapType@@@Z
?Show@CNBitmapButton@@QAEXH@Z
?SetTextureBitmaps@CNBitmapButton@@QAEHIPAUHINSTANCE__@@III@Z
?Create@CNBitmapButton@@QAEHPAUHINSTANCE__@@PAUHWND__@@ABUtagRECT@@IPBGK@Z
?SetShapeMasks@CNBitmapButton@@QAEHPAUHINSTANCE__@@IIIHK@Z
??0CNBitmapButton@@QAE@XZ
?GetBitmapWidth@CNBitmapUtil@@QAEHW4BitmapType@@@Z
?GetBitmapHandle@CNBitmapUtil@@QAEPAUHBITMAP__@@W4BitmapType@@H@Z
??1CNBitmapButton@@UAE@XZ
?MirrorSection@CNBitmapUtil@@QAEHW4BitmapType@@HHHHHHH@Z
?Clone@CNBitmapUtil@@QAEHW4BitmapType@@H0H@Z
?Resize@CNBitmapUtil@@QAEHW4BitmapType@@HHHH@Z
?DeleteBitmap@CNBitmapUtil@@QAEPAUHBITMAP__@@W4BitmapType@@H@Z
?AlphaBlendBitmapsBGPos@CNBitmapUtil@@QAEHHHHHH@Z
?CreateBitmapFromHandle@CNBitmapUtil@@QAEHPAUHBITMAP__@@W4BitmapType@@H@Z
?SetTextColor@CNBitmapButton@@QAEXIK@Z
?GetMinShapeSize@CNBitmapButton@@QAEXAAUtagSIZE@@@Z
?SetButtonText@CNBitmapButton@@QAEXPBGHI@Z
?EnableButton@CNBitmapButton@@QAEXH@Z
??1CPNGAnimation@@UAE@XZ
??0CPNGAnimation@@QAE@XZ
?StartAnimation@CPNGAnimation@@QAE_NXZ
?SetStartupFrame@CPNGAnimation@@QAE_NH@Z

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

connapi

ord206
ord204
ord205
ord201
ord507
ord553
ord504
ord503
ord505
ord500
ord502
ord501
ord550
ord552
ord551
ord10
ord11
ord506
ord200

psapi

GetModuleFileNameExW
EnumProcessModules

mfc71u

ord2388
ord2407
ord2402
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4256
ord764
ord1785
ord591
ord1922
ord1474
ord4092
ord2080
ord1538
ord5911
ord1393
ord4228
ord5210
ord2985
ord4255
ord3165
ord572
ord2155
ord5609
ord4119
ord2651
ord6086
ord5065
ord5066
ord5064
ord4791
ord4838
ord4730
ord5207
ord4714
ord1784
ord1864
ord6232
ord4184
ord5891
ord4611
ord762
ord1894
ord266
ord265
ord5663
ord3159
ord588
ord5998
ord328
ord2343
ord313
ord1189
ord1176
ord3249
ord629
ord1430
ord6284
ord3946
ord5319
ord384
ord5489
ord3195
ord380
ord5672
ord3248
ord6000
ord443
ord676
ord557
ord745
ord5436
ord1241
ord5707
ord1518
ord3851
ord2897
ord739
ord5829
ord5699
ord2422
ord1638
ord1580
ord3309
ord3603
ord3596
ord3629
ord3422
ord590
ord2132
ord331
ord4475
ord2832
ord631
ord386
ord5406
ord2936
ord1021
ord3168
ord747
ord1178
ord657
ord1388
ord6262
ord1924
ord1475
ord4093
ord2082
ord1561
ord4231
ord3223
ord3289
ord530
ord722
ord6001
ord5440
ord5710
ord1522
ord1086
ord1494
ord3065
ord2161
ord2247
ord5186
ord1117
ord2241
ord314
ord2244
ord2243
ord3163
ord2827
ord1067
ord797
ord6002
ord5438
ord5709
ord564
ord755
ord1925
ord5199
ord5654
ord4109
ord3395
ord4110
ord1079
ord6061
ord4112
ord3198
ord3204
ord1271
ord602
ord1920
ord347
ord3155
ord3296
ord1270
ord2361
ord5727
ord2225
ord5633
ord4314
ord4206
ord709
ord2404
ord2159
ord2362
ord1123
ord1139
ord701
ord1287
ord1386
ord3133
ord587
ord3678
ord3331
ord1299
ord2167
ord630
ord2012
ord3589
ord1911
ord2925
ord5220
ord5223
ord3942
ord4563
ord5226
ord5209
ord570
ord759
ord2240
ord3901
ord462
ord5713
ord3662
ord3661
ord3635
ord3435
ord605
ord354
ord4574
ord3546
ord4861
ord4207
ord718
ord516
ord3547
ord1318
ord2027
ord1573
ord4274
ord1512
ord4266
ord721
ord528
ord524
ord4577
ord5208
ord3508
ord5337
ord6003
ord2299
ord5442
ord5444
ord3857
ord1027
ord2149
ord1194
ord651
ord754
ord416
ord2861
ord1555
ord3985
ord1080
ord5327
ord6293
ord5316
ord6282
ord1645
ord1589
ord2981
ord3322
ord2364
ord4347
ord3925
ord2279
ord3677
ord4032
ord4008
ord6272
ord3795
ord6274
ord2054
ord5579
ord3800
ord6215
ord5378
ord3826
ord5222
ord4562
ord5562
ord3327
ord757
ord6248
ord5564
ord5565
ord5379
ord1049
ord1121
ord2239
ord715
ord1946
ord5138
ord5566
ord1091
ord1190
ord5181
ord6140
ord1022
ord1119
ord4094
ord2085
ord3238
ord2365
ord1274
ord1634
ord1572
ord3286
ord2255
ord4312
ord3670
ord3577
ord2089
ord1641
ord1585
ord4237
ord748
ord5637
ord1198
ord326
ord1957
ord5638
ord3995
ord4117
ord6033
ord3064
ord6116
ord2421
ord3281
ord3157
ord977
ord5472
ord2977
ord3318
ord2077
ord4226
ord3158
ord1403
ord760
ord5723
ord2066
ord2086
ord4234
ord3311
ord741
ord2713
ord1416
ord1545
ord3189
ord620
ord3590
ord1971
ord2809
ord3855
ord1182
ord746
ord558
ord370
ord618
ord5999
ord5708
ord1542
ord5231
ord5229
ord2384
ord2394
ord2392
ord2390
ord2386
ord2409
ord2397
ord1647
ord1646
ord1590
ord577
ord776
ord293
ord1883
ord870
ord2311
ord280
ord2121
ord283
ord4026
ord3927
ord774
ord896
ord1472
ord6063
ord1220
ord5083
ord4100
ord2261
ord899
ord2697
ord1476
ord2895
ord284
ord288
ord2444
ord5398
ord2468
ord897
ord894
ord2271
ord1479
ord6111
ord282
ord2926
ord5485
ord559
ord6040
ord1164
ord1118
ord5711
ord5712
ord4101
ord5524
ord2282
ord6171
ord3756
ord4078
ord4074
ord476
ord6172
ord5558
ord3990
ord6166
ord2260
ord5414
ord6165
ord2310
ord3082
ord385
ord3841
ord526
ord3858
ord287
ord777
ord6167
ord1906
ord290
ord1616
ord3877
ord5864
ord2893
ord2878
ord4320
ord2009
ord1007
ord5096
ord566
ord2932
ord1058
ord6173
ord2460
ord1536
ord1156
ord277
ord860
ord1582
ord5705
ord5484
ord3842
ord2461
ord6161
ord2341
ord1252
ord5149
ord6160
ord291
ord5478
ord1002
ord931
ord927
ord929
ord925
ord920
ord5956
ord1591
ord4276
ord4716
ord3397
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940

msvcr71

wcsncpy
strncpy
memcmp
fabs
wcsncat
strncat
sprintf
wcschr
_wtol
localtime
gmtime
time
_tzset
_mktime64
_gmtime64
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
__security_error_handler
_controlfp
floor
wcsstr
wcstok
_wtoi
_wcsdup
free
_CxxThrowException
wcscat
strtoul
_wsetlocale
wcscmp
towupper
iswspace
iswpunct
iswascii
wcsftime
strlen
strcpy
_localtime64
_time64
wcslen
_wmakepath
wcscpy
wcstoul
_except_handler3
wcstol
ceil
_wsplitpath
_purecall
div
memcpy
__CxxFrameHandler
memset

kernel32

GetLongPathNameW
LCMapStringW
CreateMutexW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetEnvironmentVariableW
GetTimeZoneInformation
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
lstrcpyW
CopyFileW
SystemTimeToFileTime
CompareFileTime
GetModuleHandleW
DeleteFileW
MoveFileW
ResumeThread
MultiByteToWideChar
FileTimeToSystemTime
FileTimeToLocalFileTime
LoadLibraryA
WaitForSingleObject
ExitThread
CreateEventA
OpenEventA
GetModuleHandleA
GetStartupInfoW
ExitProcess
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEnvironmentVariableW
GetVersionExA
CreateThread
GetVersionExW
WideCharToMultiByte
GetTickCount
OpenEventW
GetACP
GetLastError
CreateDirectoryW
GetPrivateProfileStringW
Process32NextW
CloseHandle
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
WaitForMultipleObjects
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceW
LoadLibraryW
Sleep
GetProcAddress
GetModuleFileNameW
LoadLibraryExW
ExpandEnvironmentStringsW
CreateEventW

user32

GetSysColor
ClientToScreen
ScreenToClient
GetMenuItemCount
GetMenuState
SetCapture
ReleaseCapture
GetMenuItemID
MapDialogRect
wsprintfW
SendMessageCallbackW
IsWindowEnabled
GetActiveWindow
SetActiveWindow
RegisterWindowMessageW
FindWindowW
LoadCursorW
SetCursor
PeekMessageW
LoadStringW
DestroyIcon
SetForegroundWindow
SystemParametersInfoW
ShowWindow
LoadIconW
MsgWaitForMultipleObjects
InflateRect
DrawIcon
LoadImageW
PtInRect
IsWindowVisible
WinHelpW
GetWindowContextHelpId
SetWindowContextHelpId
GetParent
DrawIconEx
DrawTextW
ReleaseDC
GetDC
GetClientRect
GetSystemMetrics
MoveWindow
LockWindowUpdate
SetWindowRgn
GetCursorPos
GetFocus
DrawFocusRect
CopyRect
LoadMenuW
InsertMenuW
GetSubMenu
GetMenuDefaultItem
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
GetWindowTextW
MessageBoxW
PostQuitMessage
IsWindow
GetDoubleClickTime
MessageBeep
GetWindowInfo
EnumChildWindows
EnableWindow
SendMessageW
SetWindowPos
GetWindowRect
SetTimer
KillTimer
PostMessageW
wvsprintfW
InvalidateRect
GetDesktopWindow
TranslateMessage
DispatchMessageW
GetClassNameW

gdi32

CombineRgn
CreateRectRgnIndirect
CreateRectRgn
CreateCompatibleBitmap
CreateFontW
GetTextColor
Ellipse
CreateFontIndirectW
GetTextExtentPoint32W
ExtTextOutW
RoundRect
CreatePen
DeleteObject
GetDeviceCaps
CreateCompatibleDC
GetObjectW
CreateBrushIndirect
GetStockObject
StretchBlt
GetPixel
BitBlt
SelectObject

advapi32

RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegEnumKeyW
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetDesktopFolder
ShellExecuteW
SHGetFolderPathW
SHGetMalloc
SHGetFolderLocation

comctl32

ImageList_ReplaceIcon

shlwapi

StrRetToBufW

ole32

CoInitialize
CreateStreamOnHGlobal
CLSIDFromString
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoTaskMemFree
StringFromCLSID
CoGetInterfaceAndReleaseStream
OleInitialize
OleUninitialize
CoCreateInstance

oleaut32

SysFreeString
SafeArrayCreate
SafeArrayRedim
SafeArrayPutElement
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate
SysAllocString
SysStringLen
SysAllocStringLen
SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy

Sections

.text
Size: 1004KB - Virtual size: 1002KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 236KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3bbd068fbe495fb6d876562e59b23e5d

Headers

File Characteristics

Imports

pcscm

version

connapi

psapi

mfc71u

msvcr71

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

Sections

.text Size: 1004KB - Virtual size: 1002KB

.rdata Size: 236KB - Virtual size: 234KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 92KB - Virtual size: 92KB

.text
Size: 1004KB - Virtual size: 1002KB

.rdata
Size: 236KB - Virtual size: 234KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 92KB - Virtual size: 92KB