b50c785ee672ffe3673ea7bc4f0739f4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b50c785ee672ffe3673ea7bc4f0739f4_JaffaCakes118
Size

52KB
MD5

b50c785ee672ffe3673ea7bc4f0739f4
SHA1

4cc368432297639b2e97fa47df0230fdaa7f1cf4
SHA256

79fbb1d5f3fa4b0c26f8963c00ff9589b48019ef96f0d079a6837d056c1b1acd
SHA512

ce064d1c7857ac9516d0f3a877adc35a2f48ee37b08fe3215d751ade49654199b99f5139bb106d2671e44aef411b26c507f82eacc744aa252800e7cbf38ef6e8
SSDEEP

768:1pjISKN5kz8sTEnHRwl1zX3IAvAU8O4h7+U/5IVs2WIAxoY9B:/ugz8sTEnG1D3IAvJ4h7+k/2QxB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b50c785ee672ffe3673ea7bc4f0739f4_JaffaCakes118

Files

b50c785ee672ffe3673ea7bc4f0739f4_JaffaCakes118
.exe windows:6 windows x86 arch:x86

302f57c78258db1bb26ae3fa1c9f5a00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

OpenEventA
ReleaseMutex
WaitForSingleObject
CreateFileA
GetLastError
GetModuleHandleA
GetCurrentProcess
CreateProcessA
GetTickCount
CreateMutexA
SetEvent
ResetEvent
CreateEventA
CloseHandle
LocalFree
CreateNamedPipeA
LocalAlloc
DisconnectNamedPipe
FlushFileBuffers
WriteFile
ReadFile
GetOverlappedResult
ConnectNamedPipe
GetVersionExW
GetVersion
FileTimeToSystemTime
lstrlenA
OpenMutexA
GetStartupInfoA
lstrcatA
lstrcpyA
GetProcAddress
Sleep
GetModuleHandleW
CreateThread
GetModuleFileNameA

user32

SetWindowTextA
CloseDesktop
GetWindowRect
GetSystemMetrics
SendDlgItemMessageA
CreateDialogParamA
DestroyWindow
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
OpenWindowStationW
GetProcessWindowStation
SetUserObjectSecurity
GetUserObjectSecurity
wsprintfA
MessageBoxW
MessageBoxA
SendMessageA
GetParent
DispatchMessageA
TranslateMessage
IsDialogMessageW
GetMessageA
CreateWindowExA
SetTimer
SetWindowPos
RegisterClassA
DefWindowProcW
RegisterWindowMessageA
ShowWindow
DefWindowProcA

gdi32

GetStockObject

advapi32

CreateProcessAsUserW
SetTokenInformation
SetServiceStatus
ControlService
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegDeleteValueA
DeleteService
CreateServiceA
RegCreateKeyA
RegSetValueExA
OpenSCManagerW
OpenServiceA
CloseServiceHandle
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegisterEventSourceA
ReportEventW
DeregisterEventSource
GetSidLengthRequired
FreeSid
AllocateAndInitializeSid
GetTokenInformation
AddAccessAllowedAce
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
AddAce
CopySid
SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
LogonUserW

shell32

Shell_NotifyIconA

bdrockui

?Load@TIcon@@QAEHHHH@Z
??1TIcon@@QAE@XZ
??0TIcon@@QAE@XZ

bdrock20

??YTString@@QAEAAV0@ABV0@@Z
?Append@TString@@QAEXPBGH@Z
?Length@TString@@QBEHXZ
??0UserLoginInfo@@QAE@XZ
??1TFileLoc@@QAE@XZ
??1TFolderLoc@@QAE@XZ
??1ChunkManager@@QAE@XZ
?CHClose@ChunkManager@@QAEHXZ
?Encrypt@TString@@QAEXXZ
?Reset@UserLoginInfo@@QAEXXZ
?Import@UserLoginInfo@@QAEHPAEH@Z
?MemPtr@TMemory@@QAEPAXXZ
?GetSize@TMemory@@QAEIXZ
?CHGetChunk@ChunkManager@@QAEHHHPAPAVTMemory@@@Z
?CHVerify@ChunkManager@@QAEHXZ
?CHOpen@ChunkManager@@QAEHPAVTFileLoc@@H@Z
?BE@@3PAVBedrockEnvType@@A
?Exists@TFileLoc@@UAEHXZ
?Set@TFileLoc@@UAEHPAVTFolderLoc@@PAVTString@@@Z
?GetParent@TFileLoc@@UAEHPAVTFolderLoc@@@Z
?SetPath@TFileLoc@@UAEHPAVTString@@H@Z
??0ChunkManager@@QAE@XZ
??0TFolderLoc@@QAE@XZ
??0TFileLoc@@QAE@XZ
?MemAlloc@@YAPAXI@Z
??PTDate@@QBEHV0@@Z
??0TDate@@QAE@ABV0@@Z
?SetToCurrent@TDate@@QAEXXZ
??NTDate@@QBEHV0@@Z
??YTDate@@QAEABV0@VTDateStep@@@Z
??0TDateStep@@QAE@ABV0@@Z
??0TDateStep@@QAE@GGGGGGGG@Z
?IsDefault@TDate@@QAEHXZ
?FromSystemTime@TDate@@QAEXPBVUSYSTEMTIME@@@Z
?ZeroFill@@YAXPAXI@Z
??4TDate@@QAEABV0@ABV0@@Z
?ConvertNewlines@TString@@QAEXHH@Z
??MTDate@@QBEHV0@@Z
??1VNativNodeInfo@@QAE@XZ
?Read@TFile@@QAEHPAIPAE@Z
?GetInfo@TFile@@QAEHPAVVNativNodeInfo@@@Z
?Open@TFile@@QAEHPAVTFileLoc@@H@Z
?GetPath@TFolderLoc@@UAEHPAVTString@@H@Z
??4TFolderLoc@@QAEAAV0@AAV0@@Z
??0VNativNodeInfo@@QAE@XZ
?Write@TFile@@QAEHPAIPAE@Z
?SetFileSize@TFile@@QAEH_K@Z
?SScanf@TString@@QAAHPAGZZ
?ReplaceSubstring@TString@@QAEHPBGH0HHHH@Z
?Identical@TString@@QBEHABV1@@Z
?MakeLower@TString@@QAEXXZ
?IsEmpty@TString@@QBEHXZ
?GetNthToken@TString@@QAEHPAV1@GHH@Z
?SPrintf@TString@@QAAXGHZZ
?UGetProcAddress@@YAP6GHXZPAUHINSTANCE__@@PAVTString@@@Z
?SetUserFolder@BedrockEnvType@@QAEXXZ
?SetWorkFolder@BedrockEnvType@@QAEXXZ
??0TString@@QAE@PBGH@Z
?UFindRBUTerminalSession@@YAHPAVTString@@0PAI@Z
?UWTSQueryUserToken@@YAHIPAX@Z
?MemFree@@YAXPAX@Z
??1UserLoginInfo@@QAE@XZ
?GetBuffer@TString@@QAEPAGH@Z
?LoadKString@TString@@QAEHGI@Z
?AssignAnsi@TString@@QAEHPBDHH@Z
??0TString@@QAE@GI@Z
?SPrintf@TString@@QAAXPAV1@ZZ
?LengthAnsi@TString@@QAEHH@Z
?LeftAnsi@TString@@QAE?AV1@HH@Z
?ReadBufferAnsi@TString@@QAEPADH@Z
?CloseBufferAnsi@TString@@QAEXXZ
??0TFile@@QAE@XZ
??1TFile@@QAE@XZ
?Close@TFile@@QAEHXZ
??1TString@@QAE@XZ
??0TString@@QAE@XZ
??0TDate@@QAE@XZ
?ReleaseBuffer@TString@@QAEXH@Z

msvcr70

__CxxFrameHandler
memset
_except_handler3
strcpy
_itoa
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memcpy

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

302f57c78258db1bb26ae3fa1c9f5a00

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

bdrockui

bdrock20

msvcr70

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 8KB