ade00a1c4e648b34fdff763318046ba9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ade00a1c4e648b34fdff763318046ba9_JaffaCakes118
Size

273KB
MD5

ade00a1c4e648b34fdff763318046ba9
SHA1

10b66374af447eb8be4f2193e1b0a369874ed289
SHA256

46cf81c963f59cd4c1afe556783b6a5158c118c41f2f7a872e1d6b079ab7d69b
SHA512

ce49f25e22bc8db5128a01b1a2289f681d409a63305e704a64ca1454b7e89294062167f23ec63fb661d4f436a04f51904046ecd0c7532734b7a4ecb8b48d9059
SSDEEP

3072:4hoJOMtp+I+8j1zeeOkYKmmkN0d+hMsdU9M:+ZMzJOkYK2H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ade00a1c4e648b34fdff763318046ba9_JaffaCakes118

Files

ade00a1c4e648b34fdff763318046ba9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

62cc8c17a1fdbc4c880cb354208802e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\400\Release\ashQuick.pdb

Imports

kernel32

FindResourceA
SetEvent
CloseHandle
WaitForSingleObject
GetFileAttributesA
CreateThread
CreateEventA
InterlockedIncrement
lstrcpynA
lstrcpyA
GetModuleFileNameA
lstrcatA
GetCurrentThreadId
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
LoadLibraryExA
GetModuleHandleA
MulDiv
lstrcmpiA
GlobalLock
lstrcmpA
SetLastError
GlobalFree
GlobalHandle
LockResource
Sleep
GetCommandLineA
TerminateThread
GetExitCodeThread
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
ExitProcess
LoadLibraryA
lstrlenA
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
InterlockedDecrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
GlobalAlloc
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GlobalUnlock
GetVersion

user32

ShowWindow
GetWindowRect
PostMessageA
MessageBoxA
GetActiveWindow
DialogBoxIndirectParamA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
RegisterClassExA
GetClassInfoExA
LoadCursorA
wsprintfA
CreateWindowExA
CreateAcceleratorTableA
LoadIconA
SetForegroundWindow
EndDialog
LoadBitmapA
SetWindowContextHelpId
MapDialogRect
GetClassNameA
SetWindowPos
DestroyWindow
SetActiveWindow
DestroyAcceleratorTable
GetDlgItem
IsWindow
GetFocus
IsChild
SetFocus
BeginPaint
EndPaint
CallWindowProcA
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
GetClientRect
FillRect
SetCapture
ReleaseCapture
GetSysColor
DefWindowProcA
SetDlgItemInt
SetDlgItemTextA
SendMessageA
GetWindow
GetSystemMetrics
SetWindowLongA
GetWindowLongA
CharNextA
PostThreadMessageA
RedrawWindow
GetParent
LoadStringA
UnregisterClassA

gdi32

SetTextColor
SetBkColor
CreateSolidBrush
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
CreateBrushIndirect
GetStockObject
DeleteObject

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

shell32

Shell_NotifyIconA

ole32

CoCreateInstance
OleLockRunning
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
StringFromGUID2

oleaut32

SysAllocString
SysFreeString
SysStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringByteLen
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocStringLen

shlwapi

PathFindExtensionA

msvcp71

?_Nomemory@std@@YAXXZ

msvcr71

memcpy
_mbschr
_controlfp
_mbsnbicmp
malloc
free
_resetstkoflw
__set_app_type
_except_handler3
_CxxThrowException
memset
??3@YAXPAX@Z
??_V@YAXPAX@Z
strcpy
sprintf
strlen
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__security_error_handler
_callnewh
_beginthreadex
strcat
_mbsncmp
_mbscmp
_mbsrchr
_mbsnbcpy
realloc
wcsncpy
__CxxFrameHandler
memcmp

ashtask

_tskFreeAreas@4
_tskProcessData@16
_tskAddAreaR@8
_tskDefTask@16
_tskLogResult@12
_tskFreeResult@4
_tskVirusAction@4
_tskCopyResult@4
_tskGetVirusDetailsType@12
_tskFreeLibrary@0
_tskExecData2@16
_tskFreeData@4
_tskInitLibrary@0

aswcmns

cmdlineGetRawCount
cmdlineAddParameterDefinition
cmdlineClose
cmdlineInitFromWindowApp
cmdlineInitialize
cmdlineGetRawParameter

aswcmnb

fsGetAvastSkinPath

ashbase

_basProductInfoFilesOnly@0
_basGetSkinFontsIfApplicable@8
_basGetProfileInt@12
_basIsCurrCodePageSkinnable@0
_basIsCurrCodePageRTL@0
_basFontSupportsCharset@8
_basLoadStorage@0
_basGetErrorString@12
_basFreeStorage@4
_basGetLanguagePath@0
_basErrorMessage@24
_basInitLibrary@4
_basLoadLanguage@4
_basFreeLibrary@0
_basInitThreadLocale@0
_basGetProcAddress@8
_basFormatNumber@16

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62cc8c17a1fdbc4c880cb354208802e9

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

ashtask

aswcmns

aswcmnb

ashbase

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 836B

.rsrc Size: 196KB - Virtual size: 193KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 836B

.rsrc
Size: 196KB - Virtual size: 193KB