9695639d5fbab4d8c49624efa739422d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9695639d5fbab4d8c49624efa739422d_JaffaCakes118
Size

652KB
MD5

9695639d5fbab4d8c49624efa739422d
SHA1

1f57dacff6ab3c38a71cc13c159204b78f7e4543
SHA256

92bc4ebbd1a77e2a06715a588cbf8c841c181d8bdae38f6299915d82a06f417d
SHA512

06f9360d86b932c6b6d940bc2ad9cc96f754ce049afa08047f5cdd5a1e4bbe8d0a9abcbfb95808f9668c9b509ddbdbc0a7f67c052791e3fab8de10a11d92846d
SSDEEP

6144:bbTfnkd8Y5hqJqtrv8siUfGOKYdYt0dinQ1fSjcuf+ZmrQ9m:b/Pkd8U/riOxmnQlHmrQ9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9695639d5fbab4d8c49624efa739422d_JaffaCakes118

Files

9695639d5fbab4d8c49624efa739422d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f500cdf44e31c40d76a43e7e61848cb3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\NeroHomeOctane\NeroMediaManager\Browser\src\NeroMediaBrowser\Release Unicode\NeroHome.pdb

Imports

winmm

mixerClose
mixerGetControlDetailsW
mixerGetNumDevs
mixerOpen
mixerGetLineInfoW
mixerSetControlDetails
mixerGetLineControlsW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

kernel32

QueryPerformanceCounter
GetStartupInfoA
GetModuleHandleA
ExitProcess
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
lstrlenW
RaiseException
GetLastError
CloseHandle
CreateEventW
SetEvent
GetModuleFileNameW
FreeConsole
WaitForSingleObject
FindClose
FindNextFileW
FindFirstFileW
SetConsoleTitleW
GetTickCount
GetModuleHandleW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
LockResource
SizeofResource
LoadResource
FindResourceW
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
InterlockedCompareExchange
WriteFile
CreateFileW
GetCurrentThreadId
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
IsBadReadPtr
GetEnvironmentVariableW
GetProcAddress
FreeLibrary
LoadLibraryW
GetSystemDefaultLangID
GetLocaleInfoW
FreeResource
GetCurrentProcessId
GetSystemTimeAsFileTime
AllocConsole

user32

DestroyWindow
RegisterClassW
SetForegroundWindow
IsWindow
IsWindowVisible
LoadImageW
SendMessageW
LoadIconW
SetWindowTextW
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
DefWindowProcW
PostQuitMessage
KillTimer
SetTimer
UnregisterClassW
RegisterWindowMessageW
GetWindowLongW
SetWindowLongW
GetKeyState
MessageBoxW
PostMessageW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteExW

ole32

CoDisconnectObject
CoInitializeEx
CoUninitialize
CoCreateInstance
OleLoadFromStream
CreateStreamOnHGlobal

oleaut32

VarBstrCat
VariantChangeTypeEx
RegisterActiveObject
GetActiveObject
SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantChangeType
SysAllocStringLen
VarBstrCmp
VariantInit
VariantClear
VariantCopy
RevokeActiveObject

shlwapi

SHRegCloseUSKey
SHRegCreateUSKeyW
SHRegGetUSValueW
PathRemoveFileSpecW

msvcp71

?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Nomemory@std@@YAXXZ
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z

msvcr71

_wcsdup
free
malloc
puts
freopen
_iob
memmove
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_purecall
??_V@YAXPAX@Z
wcslen
_wsplitpath
strlen
memcpy
wcscmp
wcsncpy
_stricmp
_wtoi
strcmp
_strupr
strncpy
_snwprintf
_vsnwprintf
_vscwprintf
_callnewh
??1type_info@@UAE@XZ
__security_error_handler
__dllonexit
_onexit
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memset
_CxxThrowException
_except_handler3
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 536KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f500cdf44e31c40d76a43e7e61848cb3

Headers

File Characteristics

PDB Paths

Imports

winmm

setupapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 536KB - Virtual size: 608KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 536KB - Virtual size: 608KB