960ee0d6ace7582c62d904449fd07512_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

960ee0d6ace7582c62d904449fd07512_JaffaCakes118
Size

1.2MB
MD5

960ee0d6ace7582c62d904449fd07512
SHA1

40de4dea14b5b9cb46c6d464ab7106d38afa2a52
SHA256

9301973c507a9c00cf983a778a191aad1d0e8acfdb86d9b2b367af90b126c0a2
SHA512

fcb03e745f6e8c4afd8e2128c16ace9a93fcbe43917274736f35021d95850b5aec9fbb23b278d41fc97eb4f1b857626982a9ccaf1e682bd886a562de685ffad1
SSDEEP

12288:+0E7QiRCYGlioeS6RqiwLrBDuYali2LGKsuhICuKmmTsWJMAfy+QyMThobeDv9e/:+0QsEqiwxuWhmTsWffyyMCberEDyyNV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
960ee0d6ace7582c62d904449fd07512_JaffaCakes118

Files

960ee0d6ace7582c62d904449fd07512_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3ec9342581e173bebbb797c99e5ec855

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build\Cclassic10oemrel120\Code\Source\applications\CreatorEx\bin\release\Creatorc.pdb

Imports

gdiplus

GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipReleaseDC
GdipMeasureString
GdipCreateFont
GdiplusShutdown
GdiplusStartup
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipFree
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipAlloc
GdipCloneImage
GdipDrawImagePointRectI
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipDrawString
GdipCloneBrush
GdipCreatePen1
GdipDeletePen
GdipDrawRectangleI
GdipDrawImageRectRect
GdipSetStringFormatHotkeyPrefix
GdipGetDC
GdipDrawRectangle
GdipFillRectangle
GdipSetSmoothingMode
GdipFillRectangleI
GdipDrawImageRectRectI
GdipDeleteFont
GdipDeleteGraphics

mfc71u

ord5742
ord2860
ord1921
ord1908
ord5442
ord2364
ord1960
ord1555
ord4109
ord1189
ord4119
ord5618
ord3829
ord313
ord4206
ord4729
ord3435
ord2361
ord2648
ord3446
ord5667
ord370
ord1027
ord5708
ord618
ord3483
ord722
ord3289
ord530
ord4379
ord4394
ord5527
ord2847
ord2936
ord3163
ord468
ord694
ord5999
ord6001
ord2297
ord2250
ord2520
ord4882
ord734
ord584
ord5755
ord1331
ord1968
ord458
ord1425
ord317
ord546
ord5440
ord1272
ord2781
ord2738
ord2002
ord5867
ord5373
ord6140
ord2867
ord3674
ord2861
ord1645
ord1589
ord3322
ord572
ord754
ord4344
ord3793
ord746
ord558
ord5316
ord6282
ord5434
ord2870
ord3204
ord1925
ord3198
ord1271
ord3995
ord4117
ord5727
ord2255
ord5637
ord502
ord629
ord1430
ord384
ord426
ord663
ord3508
ord599
ord1864
ord1785
ord3922
ord1541
ord2985
ord3172
ord6232
ord6036
ord6038
ord5960
ord5710
ord1021
ord3789
ord3134
ord655
ord1434
ord3677
ord1184
ord4025
ord757
ord2239
ord5113
ord1049
ord1117
ord1121
ord3824
ord5119
ord593
ord334
ord2046
ord332
ord3395
ord3589
ord3678
ord3590
ord760
ord709
ord501
ord5223
ord2240
ord4563
ord5563
ord759
ord1731
ord570
ord1270
ord1120
ord602
ord347
ord4112
ord3155
ord5633
ord758
ord567
ord605
ord1970
ord1281
ord356
ord3497
ord5441
ord2265
ord862
ord2368
ord2362
ord3157
ord3296
ord5636
ord4094
ord2085
ord3238
ord1946
ord6141
ord660
ord3885
ord2225
ord1244
ord3227
ord423
ord4057
ord5462
ord1000
ord5477
ord723
ord651
ord531
ord2521
ord5607
ord6056
ord5604
ord6050
ord4155
ord6053
ord5884
ord6033
ord5723
ord5638
ord5643
ord5519
ord5584
ord5410
ord5397
ord5917
ord5715
ord3174
ord6058
ord589
ord330
ord326
ord2066
ord2254
ord314
ord1959
ord4574
ord1087
ord5199
ord5630
ord1285
ord1179
ord6116
ord2652
ord2560
ord2369
ord6013
ord5631
ord6061
ord354
ord1545
ord3189
ord620
ord1416
ord563
ord753
ord2086
ord4234
ord3311
ord741
ord3983
ord1066
ord1957
ord3333
ord4226
ord3158
ord3645
ord2788
ord658
ord2077
ord587
ord1637
ord1579
ord3306
ord736
ord5965
ord3417
ord1628
ord1549
ord4230
ord3208
ord642
ord3346
ord3343
ord3344
ord4320
ord2009
ord1007
ord776
ord870
ord1542
ord5231
ord5229
ord2384
ord2394
ord2392
ord2390
ord2386
ord2409
ord2397
ord1647
ord1646
ord1590
ord577
ord283
ord3927
ord280
ord4078
ord1479
ord2895
ord282
ord2926
ord774
ord2121
ord293
ord2444
ord896
ord3990
ord5558
ord5524
ord5398
ord2460
ord2311
ord6111
ord1476
ord4101
ord2261
ord4074
ord5711
ord3103
ord1472
ord6171
ord5485
ord899
ord3104
ord1236
ord2876
ord1198
ord4026
ord6302
ord258
ord900
ord261
ord1906
ord1058
ord2260
ord6301
ord894
ord5869
ord860
ord3869
ord6063
ord3756
ord1172
ord6173
ord6167
ord5864
ord5416
ord1002
ord865
ord5083
ord3383
ord4060
ord777
ord5105
ord421
ord566
ord2461
ord1118
ord5118
ord4100
ord442
ord1156
ord2282
ord5712
ord6165
ord849
ord2932
ord5705
ord277
ord1220
ord1582
ord1536
ord6251
ord1006
ord3873
ord2893
ord416
ord3224
ord4232
ord1562
ord1632
ord2083
ord5654
ord2159
ord6293
ord5327
ord2155
ord5609
ord1571
ord2340
ord3249
ord457
ord1282
ord3910
ord1964
ord5392
ord6002
ord3586
ord2489
ord3327
ord5209
ord1176
ord265
ord557
ord266
ord1386
ord3331
ord5196
ord5210
ord5067
ord1393
ord5911
ord745
ord2167
ord1299
ord1079
ord1178
ord1182
ord5829
ord762
ord2651
ord6086
ord3176
ord4256
ord4480
ord2856
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2402
ord2407
ord2388
ord2404
ord931
ord927
ord929
ord925
ord920
ord5956
ord1591
ord4276
ord4716
ord3397
ord4179
ord6271
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord1661
ord1662
ord4884
ord5178
ord3635
ord4347
ord764
ord1894
ord2366
ord2365
ord1086
ord1047
ord1962
ord1274
ord2011
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord5562
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord3800
ord5579
ord2054
ord6274
ord3795
ord6272
ord4008
ord4032
ord3290
ord2468

msvcr71

wcsncpy
fopen
strrchr
memset
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
sprintf
__CxxFrameHandler
free
malloc
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
swprintf
memmove
_except_handler3
wcslen
wcscpy
_localtime64
wcsftime
_wchdir
_wgetcwd
towlower
fclose
_wfopen
_time64
_purecall
swscanf
_wtoi
_wmkdir
_wtof
floor
_wtol
ceil
wcstol
wcscmp
_wcsdup
strncpy
wcsstr

kernel32

MultiByteToWideChar
LocalLock
LocalFree
LocalUnlock
GetSystemDirectoryW
lstrcpyW
ReleaseMutex
CreateMutexW
DeleteFileW
GetFileAttributesW
lstrcmpiW
GetLocaleInfoW
GetVolumeInformationW
SearchPathW
CreateToolhelp32Snapshot
GetCurrentProcessId
Process32FirstW
Process32NextW
OpenProcess
GetModuleHandleW
LoadLibraryExW
WideCharToMultiByte
GetLocalTime
FormatMessageW
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
Sleep
CreateDirectoryW
GetLastError
ResetEvent
WaitForSingleObject
CloseHandle
lstrlenW
SetEvent
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateEventW
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
GetVersionExA
FlushInstructionCache
GetCurrentProcess
VirtualProtect
GlobalReAlloc
GlobalLock
GlobalAlloc
ExpandEnvironmentStringsA
LoadLibraryA
GetModuleFileNameA
CreateMutexA
CreateFileMappingA
CreateFileA
OpenFileMappingA
GetTempPathA
GetModuleHandleA
GetStartupInfoW
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetWindowsDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetTempPathW
GlobalFree
GetProfileStringW
GetDiskFreeSpaceW
GetLongPathNameW
GetNumberFormatW
FileTimeToSystemTime
GetSystemPowerStatus
CreateProcessW
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLogicalDrives
CompareFileTime
GetTickCount
OpenMutexW
InterlockedIncrement
WaitForMultipleObjects
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetVersion
MulDiv
LockResource
LoadResource
FindResourceW
SetLastError
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
GlobalUnlock
SuspendThread
ResumeThread
TerminateThread
GetDriveTypeW
GetModuleFileNameW
CreateThread

user32

CreatePopupMenu
IsIconic
GetWindowRect
GetParent
IsWindow
CloseClipboard
EmptyClipboard
OpenClipboard
RegisterClipboardFormatW
LoadIconW
DestroyIcon
GetMessagePos
SetWindowPos
RemovePropW
GetPropW
SetPropW
CallNextHookEx
wsprintfW
DrawIcon
SetMenuItemInfoW
SetWindowRgn
SetCapture
SetCursor
GetSystemMetrics
GetDesktopWindow
MessageBoxW
OffsetRect
GetDC
ReleaseDC
TranslateAcceleratorW
EnableMenuItem
ClientToScreen
InvalidateRect
PostThreadMessageW
SetFocus
GetKeyState
RegisterWindowMessageW
GetClassNameW
GetWindowLongW
GetWindow
GetClientRect
PostMessageW
EnableWindow
GetCursorPos
IsChild
GetFocus
KillTimer
GetMenu
SendMessageW
GetSystemMenu
GetIconInfo
WindowFromDC
SetWindowsHookExW
UnhookWindowsHookEx
SetWindowTextW
CreateWindowExW
LoadAcceleratorsW
CopyImage
ReleaseCapture
ScreenToClient
PtInRect
SystemParametersInfoA
SetRectEmpty
DrawFrameControl
GetCapture
RegisterClassExW
GetSysColorBrush
EqualRect
DrawIconEx
IsWindowEnabled
keybd_event
GetMessageW
WaitMessage
TranslateMessage
DispatchMessageW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
CallWindowProcW
ModifyMenuW
GetMenuItemInfoW
GetMenuState
GetMenuDefaultItem
AppendMenuW
DrawFocusRect
DrawEdge
FillRect
LoadMenuW
LoadBitmapW
IsMenu
IntersectRect
IsRectEmpty
CopyRect
GetMenuInfo
GetSysColor
SystemParametersInfoW
DrawStateW
GetDlgItem
LoadImageW
UpdateLayeredWindow
LoadCursorW
InsertMenuW
GetSubMenu
GetMenuItemID
GetMenuItemCount
PostQuitMessage
EnumDisplaySettingsW
ChangeDisplaySettingsW
EnumWindows
SetForegroundWindow
ShowWindow
SendMessageTimeoutW
PeekMessageW
SetWindowLongW
SetRect
UpdateWindow
CharUpperW
GetWindowDC
RedrawWindow
SetTimer
IsWindowVisible
InflateRect

gdi32

EqualRgn
SetStretchBltMode
CreateDIBSection
ExtCreateRegion
DeleteDC
FrameRgn
OffsetRgn
CreatePolygonRgn
StretchBlt
SelectClipRgn
GetStockObject
Escape
TextOutW
RectVisible
PtVisible
SetPixel
GetPixel
BitBlt
RoundRect
Rectangle
GetNearestColor
SetBrushOrgEx
CombineRgn
CreateRectRgnIndirect
CreateRectRgn
CreateCompatibleBitmap
CreateFontIndirectW
CreateSolidBrush
CreatePen
UnrealizeObject
GetObjectW
DeleteObject
CreateCompatibleDC
GetDeviceCaps
GetTextMetricsW
GetTextExtentPoint32W
ExtTextOutW
SelectObject
CreateFontW
CreateRoundRectRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

advapi32

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegOpenKeyW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteExA
SHBrowseForFolderW
ShellExecuteW
SHGetFolderPathW
DragQueryFileW
SHGetFileInfoW
SHGetMalloc
ExtractIconExW
ord2
SHGetSpecialFolderLocation
SHGetPathFromIDListW

comctl32

ImageList_GetIcon
ord17
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Add
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_GetIconSize
ImageList_SetBkColor
_TrackMouseEvent
ImageList_LoadImageW

shlwapi

PathAppendW
StrToIntW
SHGetValueW
StrRChrW
SHEnumValueW
PathIsDirectoryW
PathStripPathW
PathRemoveExtensionW
PathRenameExtensionW
PathFindFileNameW
PathFindExtensionW
PathAddExtensionW
PathStripToRootW
PathGetDriveNumberW
PathRemoveFileSpecW
SHStrDupW
PathFileExistsW
PathCombineW

ole32

CoCreateGuid
StringFromGUID2
CoInitializeSecurity
OleSetClipboard
CoCreateInstance
OleRun

oleaut32

SafeArrayCreate
SafeArrayPutElement
VariantCopy
SysStringLen
VarBstrFromDate
VarUdateFromDate
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
SystemTimeToVariantTime
GetErrorInfo

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

cpscommontools12oem

??1CMGICriticalSection@@UAE@XZ
??0CMGICriticalSection@@QAE@XZ

Exports

Exports

??0CBut@@QAE@ABV0@@Z
??0CMonikerReader@@QAE@XZ
??0CXmlGroup@@QAE@ABV0@@Z
??1CBut@@QAE@XZ
??1CPackDir@@QAE@XZ
??4CBut@@QAEAAV0@ABV0@@Z
??4CMonikerReader@@QAEAAV0@ABV0@@Z
??4CScroller@@QAEAAV0@ABV0@@Z
??4CXmlGroup@@QAEAAV0@ABV0@@Z
??4CXmlReader@@QAEAAV0@ABV0@@Z

Sections

.text
Size: 684KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3ec9342581e173bebbb797c99e5ec855

Headers

File Characteristics

PDB Paths

Imports

gdiplus

mfc71u

msvcr71

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp71

cpscommontools12oem

Exports

Exports

Sections

.text Size: 684KB - Virtual size: 681KB

.rdata Size: 180KB - Virtual size: 176KB

.data Size: 28KB - Virtual size: 44KB

.rsrc Size: 356KB - Virtual size: 356KB

.text
Size: 684KB - Virtual size: 681KB

.rdata
Size: 180KB - Virtual size: 176KB

.data
Size: 28KB - Virtual size: 44KB

.rsrc
Size: 356KB - Virtual size: 356KB