a9b41ce060bd3b905300ad006a82a7f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a9b41ce060bd3b905300ad006a82a7f1_JaffaCakes118
Size

209KB
MD5

a9b41ce060bd3b905300ad006a82a7f1
SHA1

401d8620d619e5d088e24ece74e35b8178ea9b4e
SHA256

c26ea61f89ba2970733dbc6b4ee6501ceaf225674e525fae971a97f08b78c21a
SHA512

37cea481f7b7b11945757ccde5c4d950a512e4680823e7a60d1da8fff95cc083b033cbe8172abdf20d3d4f7d9e8f8556a0cc29cd52e693f34eb19aa0ed48d222
SSDEEP

3072:bTUrCtXxhnuLBN4ax8eo1oXsw9mC5cdJWl0tezhl91a2EAVNudVfpl4Mi8vRcR8E:bTUue4axp0hgV1Cnpv9Rc6Y1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9b41ce060bd3b905300ad006a82a7f1_JaffaCakes118

Files

a9b41ce060bd3b905300ad006a82a7f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9a0fe547d15a705af37c94e68ca0f740

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\NeroHomeOctane\NeroMediaManager_OCTANE3_RELEASE\NeroMediaManager\MediaLibrary\src\NMBgMonitor\Release Unicode\NMBgMonitor.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
lstrcpynW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GetTickCount
GetFileAttributesW
WaitForSingleObject
GetCurrentProcessId
CreateEventW
SetEvent
PostQueuedCompletionStatus
CreateIoCompletionPort
ReadDirectoryChangesW
DuplicateHandle
GetCurrentProcess
CancelIo
CreateFileW
GetQueuedCompletionStatus
Sleep
CreateThread
lstrcmpiW
GetCurrentThreadId
CreateMutexW
SetLastError
GetCommandLineW
GetProcAddress
GetLastError
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
GetModuleHandleA
ExitProcess
GetVersionExA
GetExitCodeThread
WideCharToMultiByte
InterlockedCompareExchange
IsBadReadPtr
GetEnvironmentVariableW
LoadLibraryW
OpenEventW
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrcpyW
lstrlenW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
lstrcatW
InterlockedExchange

user32

CharUpperW
KillTimer
DefWindowProcW
PostQuitMessage
TranslateMessage
DispatchMessageW
GetMessageW
PostThreadMessageW
SetTimer
CreateWindowExW
RegisterClassW
DestroyWindow
SetWindowLongW
GetWindowLongW
MessageBoxW
CharNextW
PostMessageW
UnregisterClassW
RegisterWindowMessageW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

ole32

CoCreateInstance
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
StringFromGUID2
CoSetProxyBlanket
CoCopyProxy
CoTaskMemAlloc
CoTaskMemFree

oleaut32

UnRegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString
RegisterTypeLi

ws2_32

inet_addr

shlwapi

SHRegWriteUSValueW
SHRegQueryUSValueW
SHRegDeleteUSValueW
SHRegCreateUSKeyW
SHRegCloseUSKey
PathIsURLW
UrlCreateFromPathW
UrlCanonicalizeW
UrlIsW
PathFindExtensionW
PathRemoveBackslashW
PathFindFileNameW
PathAppendW
PathIsUNCW
PathCreateFromUrlW

msvcp71

?_Nomemory@std@@YAXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?to_int_type@?$char_traits@D@std@@SAHABD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

msvcr71

??0exception@@QAE@XZ
_wcsicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
_callnewh
memset
_beginthreadex
_itow
isdigit
strchr
_snwprintf
_wtoi
_wcsdup
wcslen
_vsnwprintf
memmove
wcschr
wcsncpy
wprintf
realloc
_wsplitpath
??_V@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
_wcsnicmp
??1exception@@UAE@XZ
_except_handler3
_CxxThrowException
free
malloc
??3@YAXPAX@Z
_purecall

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9a0fe547d15a705af37c94e68ca0f740

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

shlwapi

msvcp71

msvcr71

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 16KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 1KB

.rrdata Size: 60KB - Virtual size: 60KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 1KB

.rrdata
Size: 60KB - Virtual size: 60KB