8d1b79f8fed177829ce401eb143f2f03_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d1b79f8fed177829ce401eb143f2f03_JaffaCakes118
Size

485KB
MD5

8d1b79f8fed177829ce401eb143f2f03
SHA1

fe0480ceec71d6411717dc9887c47f363eaafaf1
SHA256

52f92379b32d90d31527cbaa7ab5e502e71125397f3fbdd2dd4ef69e5d9a152e
SHA512

fbfd73258a3622eeeb34ac1295f5b106a8eecfc4f5a73e442304255f89f94a00fe67298086acc58e88b314f2d10f02722b9b4eae6d508befff87f92b98b31a3c
SSDEEP

6144:StpP8GU7/mm0PHRRAOSOuJ+N5rvvu9qm9+VtGbwsTtwiJZVlW:StpkFrhIx71uJ+fbvNm9+wxfbW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d1b79f8fed177829ce401eb143f2f03_JaffaCakes118

Files

8d1b79f8fed177829ce401eb143f2f03_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ac9ca2f2ac9622388867899e757f0115

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\Consumer_Licensing_Technologies_r7.0\Ui\Symantec\SymCUW\Symcuw\Release_Unicode\SYMCUW.pdb

Imports

kernel32

GetCurrentThreadId
GetModuleHandleW
lstrcpynA
lstrcpynW
lstrlenW
WideCharToMultiByte
GlobalFree
CloseHandle
ReadFile
GlobalLock
GlobalAlloc
GetFileSize
CreateFileW
FreeLibrary
LoadLibraryExW
GetProcAddress
HeapCreate
HeapDestroy
LocalFree
GetFileAttributesW
lstrcatW
lstrcpyW
GetModuleFileNameW
lstrcmpiW
CreateThread
GetCurrentProcess
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
GetSystemTimeAsFileTime
EnterCriticalSection
GetStartupInfoW
GetModuleHandleA
ExitProcess
DuplicateHandle
WaitForSingleObject
InterlockedDecrement
WaitForMultipleObjects
CreateDirectoryW
DeleteFileW
SetEndOfFile
FlushFileBuffers
OpenSemaphoreW
CreateSemaphoreW
ReleaseSemaphore
OpenMutexW
CreateMutexW
ReleaseMutex
GetThreadContext
SetUnhandledExceptionFilter
LoadLibraryW
TerminateProcess
InterlockedExchangeAdd
GetTickCount
GetCurrentThread
GetSystemInfo
VirtualAlloc
VirtualFree
GetShortPathNameW
GetLongPathNameW
GetSystemDirectoryW
GetWindowsDirectoryW
GlobalSize
GlobalUnlock
OutputDebugStringW
WriteFile
SetFilePointer
GetLocalTime
GetCurrentProcessId
TryEnterCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
GetVersionExA
lstrlenA
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
GetLastError
InterlockedIncrement
HeapAlloc
WaitForMultipleObjectsEx
HeapFree
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
QueryPerformanceCounter
InterlockedExchange

user32

TranslateMessage
DispatchMessageW
RemoveMenu
PeekMessageW
PtInRect
CreatePopupMenu
GetMenuItemCount
AppendMenuW
DestroyMenu
MessageBeep
TrackPopupMenuEx
LoadStringA
SetFocus
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
IsWindow
SetWindowTextW
LoadIconW
SetForegroundWindow
LoadStringW
LoadMenuW
LoadAcceleratorsW
CallWindowProcW
GetClassInfoExW
LoadCursorW
wsprintfW
LoadImageW
RegisterClassExW
CreateWindowExW
PostQuitMessage
DefWindowProcW
PostMessageW
CopyRect
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
EnableWindow
UnregisterClassA
GetSystemMetrics
CharPrevW
GetMessageA
IsWindowUnicode
DispatchMessageA
MsgWaitForMultipleObjectsEx
ShowWindow
SetWindowPos
SendMessageW
GetWindowLongW
SetWindowLongW
DestroyWindow
TranslateAcceleratorW
UnregisterClassW
GetMessageW
CharNextW
EndPaint
BeginPaint
MessageBoxW
MsgWaitForMultipleObjects
DrawTextW
FillRect

gdi32

DeleteDC
DeleteObject
GetStockObject

advapi32

RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
CheckTokenMembership
AllocateAndInitializeSid
RegEnumValueW
FreeSid
EqualSid
GetTokenInformation
OpenProcessToken
OpenThreadToken

ole32

GetHGlobalFromStream
OleLoadFromStream
CreateStreamOnHGlobal
OleSaveToStream
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayCreateVector
VariantCopyInd
SafeArrayRedim
SafeArrayUnlock
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayLock
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VarUI4FromStr
SafeArrayUnaccessData

shlwapi

SHDeleteKeyW
SHDeleteEmptyKeyW
PathSkipRootW
PathAddBackslashW
PathIsUNCW

comctl32

InitCommonControlsEx

msvcp71

?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?_Nomemory@std@@YAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?to_int_type@?$char_traits@G@std@@SAGABG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?eof@?$char_traits@G@std@@SAGXZ
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?to_char_type@?$char_traits@G@std@@SAGABG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?at@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
?id@?$ctype@G@std@@2V0locale@2@A
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?width@ios_base@std@@QBEHXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?to_int_type@?$char_traits@D@std@@SAHABD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ

msvcr71

__p___argc
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
free
_CxxThrowException
_except_handler3
malloc
??3@YAXPAX@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
wcscmp
_wtoi
_purecall
??_V@YAXPAX@Z
_wcsicmp
_wtol
wcslen
realloc
wcsncpy
memmove
_mbscmp
wcsstr
_vscwprintf
vswprintf
wcsrchr
_wcsnicmp
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
_onexit
__p___wargv
memset
_callnewh
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
_mbsinc
_mbschr
_vscprintf
vsprintf
wcschr
_wsplitpath
wcsncmp
?_set_new_mode@@YAHH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_set_purecall_handler
_set_security_error_handler
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ac9ca2f2ac9622388867899e757f0115

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

comctl32

msvcp71

msvcr71

version

shell32

Sections

.text Size: 212KB - Virtual size: 211KB

.rdata Size: 160KB - Virtual size: 159KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 28KB - Virtual size: 26KB

.wrdata Size: 72KB - Virtual size: 72KB

.text
Size: 212KB - Virtual size: 211KB

.rdata
Size: 160KB - Virtual size: 159KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 28KB - Virtual size: 26KB

.wrdata
Size: 72KB - Virtual size: 72KB