a2531bfce068e100ed3982abfcfccdbd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a2531bfce068e100ed3982abfcfccdbd_JaffaCakes118
Size

3.1MB
MD5

a2531bfce068e100ed3982abfcfccdbd
SHA1

d628952813ff2b39506080554a0e06773d6b8966
SHA256

e0df25f895d192def1a6bdf5ec7877996dd2c54702149de295fbfbed3a3e5cc9
SHA512

3e464e35126708f13727c3740b99250ea1f935f0597e9a4d09e302abf3823802db9deb96a0d3065a8adf6443a09573ba29533168dc7c6f50b67880161ffe90e1
SSDEEP

49152:68r5oIQIoDRTjtkx+/c8CZsOrB6kJN89ZTWrd:6mB2RPq+0ZsKBTPrd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2531bfce068e100ed3982abfcfccdbd_JaffaCakes118

Files

a2531bfce068e100ed3982abfcfccdbd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d3e543fd1f05934a74115d4de5485c2a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
GetStringTypeExA
ReleaseMutex
CreateMutexA
GetVolumeInformationA
LocalFree
FormatMessageA
SetEnvironmentVariableA
GetLocaleInfoW
SetStdHandle
IsBadCodePtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetStdHandle
GetTimeZoneInformation
ReleaseSemaphore
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualFree
HeapCreate
QueryPerformanceCounter
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
ExitThread
TerminateProcess
GetSystemInfo
VirtualAlloc
RtlUnwind
ExitProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetFullPathNameA
RemoveDirectoryA
GetFileAttributesExA
HeapSize
HeapReAlloc
HeapDestroy
WaitForMultipleObjects
CreateSemaphoreA
OutputDebugStringA
GetSystemDirectoryA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetOEMCP
GetLocalTime
SetEndOfFile
SetFilePointer
ReadFile
SystemTimeToFileTime
SetFileTime
ResetEvent
DeleteCriticalSection
InitializeCriticalSection
CreateProcessA
TerminateThread
DeleteFileA
GetDriveTypeA
GetEnvironmentVariableA
GetCurrentThread
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
WinExec
GetWindowsDirectoryA
LoadLibraryExA
VirtualQuery
VirtualProtect
IsBadReadPtr
SetUnhandledExceptionFilter
CreateDirectoryA
GetFileAttributesA
FindFirstFileA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
WriteFile
CreateThread
SetThreadPriority
CreateEventA
GetTickCount
GetSystemTime
lstrcatA
InterlockedDecrement
lstrcpyW
InterlockedIncrement
GetCommandLineW
GetCurrentDirectoryA
MoveFileA
FreeResource
Sleep
GetCurrentProcessId
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
GetCommandLineA
CompareStringA
GetCurrentThreadId
SetEvent
WaitForSingleObject
GlobalAddAtomA
GlobalDeleteAtom
SuspendThread
ResumeThread
lstrcpyA
CopyFileA
CreateFileA
FlushFileBuffers
CloseHandle
LoadLibraryA
FreeLibrary
GetProcAddress
GetModuleFileNameA
GetLastError
LeaveCriticalSection
InterlockedExchange
EnterCriticalSection
MultiByteToWideChar
RaiseException
GetModuleHandleA
lstrcmpiA
GlobalAlloc
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
lstrlenW
lstrlenA
lstrcpynW
lstrcpynA
lstrcmpA
MulDiv
WideCharToMultiByte
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
UnhandledExceptionFilter

user32

GetMenuDefaultItem
DrawIconEx
DrawStateA
CheckRadioButton
IsDlgButtonChecked
IsRectEmpty
SetWindowRgn
ExitWindowsEx
EndDialog
OpenClipboard
EmptyClipboard
CloseClipboard
DrawFrameControl
CharLowerA
WindowFromPoint
GetWindowThreadProcessId
IsWindowEnabled
DrawFocusRect
FrameRect
SetRect
GetMessagePos
LoadAcceleratorsA
SetWindowsHookExA
UnhookWindowsHookEx
DefMDIChildProcA
GetClassNameA
CallNextHookEx
GetActiveWindow
GetDCEx
wsprintfA
RegisterClassExA
GetDesktopWindow
WindowFromDC
SetWindowPlacement
GetWindowPlacement
IsZoomed
TranslateMDISysAccel
SetWindowLongA
GetWindowLongA
SendMessageA
IsMenu
LoadImageA
LoadMenuA
DialogBoxParamA
DefFrameProcA
BringWindowToTop
ModifyMenuA
SetMenuItemInfoA
LoadBitmapA
GetClassInfoExA
GetSystemMetrics
CharNextA
MessageBoxA
SetParent
LockWindowUpdate
ClientToScreen
MoveWindow
SetMenu
IsWindowVisible
EqualRect
SetWindowTextA
GetWindowTextLengthA
GetWindowTextA
UpdateWindow
GetKeyState
DispatchMessageA
GetMessageA
IsIconic
DragDetect
SetClipboardData
GetMenu
DeleteMenu
GetDlgItemTextA
CheckDlgButton
WaitMessage
PackDDElParam
SetMenuDefaultItem
GetPropA
MapDialogRect
GetClientRect
InvalidateRect
SetTimer
GetParent
GetDlgCtrlID
IsWindow
GetWindow
GetTopWindow
TranslateAcceleratorA
CallWindowProcA
DestroyWindow
GetWindowRect
DefWindowProcA
CreateWindowExA
GetDialogBaseUnits
ValidateRect
GetIconInfo
CreateIconIndirect
CopyIcon
ChildWindowFromPoint
GetClipboardData
IsClipboardFormatAvailable
TranslateMessage
CreateIconFromResourceEx
GetScrollPos
SetPropA
IsDialogMessageA
FillRect
GetFocus
IsChild
GetClassInfoA
LoadIconA
DestroyIcon
RegisterWindowMessageA
InflateRect
DrawEdge
CopyRect
KillTimer
GetCursorPos
CheckMenuRadioItem
SetDlgItemInt
GetDlgItemInt
EnableWindow
RegisterClassA
CreateMenu
ScreenToClient
LoadCursorA
GetClassLongA
SetCursor
DestroyCursor
ReleaseCapture
SetCapture
GetDoubleClickTime
GetWindowDC
GetSysColorBrush
FindWindowA
SetForegroundWindow
CreateDialogParamA
SetDlgItemTextA
PostMessageA
RemoveMenu
PeekMessageA
PtInRect
MapWindowPoints
TrackPopupMenuEx
CreatePopupMenu
DrawTextA
OffsetRect
SetRectEmpty
GetDC
ReleaseDC
IntersectRect
GetSysColor
EndPaint
BeginPaint
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SystemParametersInfoA
SetFocus
GetCapture
GetDlgItem
ShowWindow
TrackPopupMenu
GetSystemMenu
GetMonitorInfoA
MonitorFromPoint
DestroyMenu
SetWindowPos
RedrawWindow
DrawMenuBar
GetSubMenu
GetMenuStringA
GetMenuItemCount
PostQuitMessage
LoadStringA
LoadStringW
AdjustWindowRectEx
MessageBeep
GetMenuItemInfoA
AppendMenuA

gdi32

GetTextExtentExPointA
GetDIBits
SetRectRgn
CreateRectRgnIndirect
OffsetRgn
TextOutA
SetTextJustification
StretchBlt
ExcludeClipRect
CreateFontIndirectW
GetViewportOrgEx
TextOutW
CreateRoundRectRgn
CombineRgn
FrameRgn
CreateDIBSection
SetBrushOrgEx
SelectPalette
RealizePalette
ExtCreatePen
GetTextExtentPoint32A
CreatePolygonRgn
FillRgn
CreateBitmap
CreatePatternBrush
SetBkColor
Rectangle
Polyline
Polygon
CreatePen
MoveToEx
LineTo
SetTextColor
SetBkMode
PatBlt
SaveDC
IntersectClipRect
CreateRectRgn
GetClipRgn
SelectClipRgn
RestoreDC
GetClipBox
LPtoDP
DPtoLP
SetWindowOrgEx
GetObjectA
CreateFontIndirectA
GetStockObject
GetDeviceCaps
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SetViewportOrgEx
DeleteDC
DeleteObject
GetTextMetricsA
ExtTextOutA
SelectObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExA
RegQueryValueA
RegDeleteValueA
GetLengthSid
LookupAccountNameA
GetTokenInformation
OpenThreadToken
GetUserNameA
CloseServiceHandle
ControlService
OpenServiceA
EnumDependentServicesA
QueryServiceStatus
OpenSCManagerA
RegCloseKey

shell32

ExtractAssociatedIconA
SHChangeNotify
Shell_NotifyIconA
DragFinish
DragQueryFileA
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoLockObjectExternal
RevokeDragDrop
CoInitialize
ReleaseStgMedium
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
DoDragDrop
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
RegisterDragDrop

oleaut32

VariantClear
DispCallFunc
VariantInit
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantCopy
VariantChangeType
VarDecCmp
VarDecFromStr
VarR8FromStr
VarI4FromStr
VarDateFromStr

atl71

ord63
ord48
ord47
ord10
ord64
ord42
ord46
ord44
ord43
ord66
ord23
ord61
ord65

shlwapi

PathAddBackslashA
UrlUnescapeA
AssocQueryStringA
PathIsDirectoryA
PathFileExistsA
PathStripToRootA

comctl32

ImageList_Create
ImageList_Destroy
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageCount
ord6
ord8
ImageList_LoadImageA
DestroyPropertySheetPage
PropertySheetA
CreatePropertySheetPageA
ImageList_DrawEx
ImageList_GetIconSize
ord17
ImageList_SetBkColor
ImageList_Draw

ws2_32

closesocket
connect
htons
__WSAFDIsSet
accept
select
WSACreateEvent
socket
gethostbyaddr
gethostbyname
inet_addr
recv
ntohl
inet_ntoa
ntohs
htonl
WSACleanup
WSAGetLastError
setsockopt
WSARecv
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSASend
WSAConnect
bind
getsockname
listen
ioctlsocket
WSARecvFrom
WSASendTo
WSAStartup
shutdown
WSAAccept
WSASocketA
gethostname
sendto
recvfrom
send

wininet

InternetGetCookieA
InternetTimeToSystemTime
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCloseHandle
InternetSetOptionA
InternetOpenA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA
HttpAddRequestHeadersA

winmm

sndPlaySoundA
timeGetTime

iphlpapi

GetIpForwardTable
SendARP

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

emule

svrConnectToServer
svrSetWnd
?RetShareDirList@Allocator@DLL_Bridge@@SA_NPAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
?GetShareDirList@Allocator@DLL_Bridge@@SAPAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ
shrResetShareDir
edDeleteFile
edGetLinkByShare
?ShareInfo@TypeCasting@DLL_Bridge@@SA_NPAUBuf_ShareInfo@@PAX@Z
?ShareFile@TypeCasting@DLL_Bridge@@SA_NPAUBuf_ShareFile@@PAX@Z
?RetShareFile@Allocator@DLL_Bridge@@SA_NPAV?$vector@PAXV?$allocator@PAX@std@@@std@@@Z
?GetShareFile@Allocator@DLL_Bridge@@SAPAV?$vector@PAXV?$allocator@PAX@std@@@std@@XZ
shrSetSharePriority
edIsPartFile
shrGetSharePriority
edGetUploadSpeed
?GetPreference@Allocator@DLL_Bridge@@SA_NPAUMuleOptions@2@@Z
?SetPreference@Allocator@DLL_Bridge@@SA_NPAUMuleOptions@2@@Z
prefGetListenPort
taskPreview
trfsSetPriority
svrAddServer
taskStop
?GetServerList@Allocator@DLL_Bridge@@SAPAV?$vector@UeServerItem@@V?$allocator@UeServerItem@@@std@@@std@@XZ
trfsGetTaskByLink
trfsAddED2KLink
shrGetShareByLink
edDeleteFileByLink
taskStart
taskReadyPreview
taskIsStopped
taskIsPaused
taskIsCompleted
?TaskItem@TypeCasting@DLL_Bridge@@SA_NPAUBUF_TASKITEM@@PAUeMuleTaskItem@@@Z
?GetTempFiles@Allocator@DLL_Bridge@@SA_NPAXPA_W@Z
?RetFileList@Allocator@DLL_Bridge@@SA_NPAV?$vector@PAXV?$allocator@PAX@std@@@std@@@Z
?FileList@TypeCasting@DLL_Bridge@@SA_NPAUBuf_FileList@@PAX@Z
?GetFileList@Allocator@DLL_Bridge@@SAPAV?$vector@PAXV?$allocator@PAX@std@@@std@@PAX@Z
?RetUserList@Allocator@DLL_Bridge@@SA_NPAV?$vector@UBuf_UserList@@V?$allocator@UBuf_UserList@@@std@@@std@@@Z
?GetUserList@Allocator@DLL_Bridge@@SAPAV?$vector@UBuf_UserList@@V?$allocator@UBuf_UserList@@@std@@@std@@PAX@Z
taskIsStarted
edRelease
edStartMsgPump
edInit
edSendExitMsg
?RetServerList@Allocator@DLL_Bridge@@SA_NPAV?$vector@UeServerItem@@V?$allocator@UeServerItem@@@std@@@std@@@Z
?GetLogQueue@Allocator@DLL_Bridge@@SAPAV?$deque@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@XZ
taskPause
?RetLogQueue@Allocator@DLL_Bridge@@SA_NPAV?$deque@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
kadIsConnected
svrIsConnected
?UploadItem@TypeCasting@DLL_Bridge@@SA_NPAUBuf_UploadItem@@PAX@Z
svrDisconnect
svrStopConnectionTry
svrConnectToAnyServer
kadBootstrap
kadDisconnect
edGetLinkByServer
?ServerItem@TypeCasting@DLL_Bridge@@SA_NPAUBuf_ServerItem@@PAUeServerItem@@@Z
edGetCoreInfo
svrIsConnecting
kadIsConnecting
svrRemoveAllServer
svrRemoveServer
svrRemoveServerFromStatic
svrAddServerToStatic
svrServerPriority
?PickSearchResult@Allocator@DLL_Bridge@@SAPAV?$vector@UeSearchItem@@V?$allocator@UeSearchItem@@@std@@@std@@K@Z
?RetSearchResult@Allocator@DLL_Bridge@@SA_NPAV?$vector@UeSearchItem@@V?$allocator@UeSearchItem@@@std@@@std@@@Z
srchSetWnd
srchStartNewSearch
svrGetServerCount
?SearchItem@TypeCasting@DLL_Bridge@@SA_NPAUBuf_SearchItem@@PAUeSearchItem@@@Z
srchRemoveResult
trfsGetTaskPriority
edIsLowID
edIsFileExist
?GetFileComment@Allocator@DLL_Bridge@@SAPAV?$vector@UBuf_Comment@@V?$allocator@UBuf_Comment@@@std@@@std@@PAX@Z
?RetFileComment@Allocator@DLL_Bridge@@SA_NPAV?$vector@UBuf_Comment@@V?$allocator@UBuf_Comment@@@std@@@std@@@Z
edGetLinkBySearch
edIsReady
edIsRunning

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 308KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3e543fd1f05934a74115d4de5485c2a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

atl71

shlwapi

comctl32

ws2_32

wininet

winmm

iphlpapi

version

emule

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 308KB - Virtual size: 304KB

.data Size: 80KB - Virtual size: 557KB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 512KB - Virtual size: 508KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 308KB - Virtual size: 304KB

.data
Size: 80KB - Virtual size: 557KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 512KB - Virtual size: 508KB