bcfe216e4efe8fe2240b0e1ee18e6784_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bcfe216e4efe8fe2240b0e1ee18e6784_JaffaCakes118
Size

1.2MB
MD5

bcfe216e4efe8fe2240b0e1ee18e6784
SHA1

0bd80d90dff221376d056625b25dad92fcb97892
SHA256

d9ddb9787dc2662ecf9b4743e970b7f9d28ee9ab61a979f3bb6aa2f782ab9727
SHA512

bbff360f0a37b3a1c68b03e3c45602b643d3e8c10f9e4a789534ffcaeb81571c5436bc2dbd3aa58ee1d3f35e9265d39d67981f15a52f1fdbd6dafd9af7bf12b4
SSDEEP

24576:hUjsUFj+Si6l6hSvxkU7gET4HrB5RErOlnDGZRJslGzakVjXAIGXWzv9gE/4mi6G:hU5MdS5S1RE+GLJslGzakVLAIGXWzv9C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcfe216e4efe8fe2240b0e1ee18e6784_JaffaCakes118

Files

bcfe216e4efe8fe2240b0e1ee18e6784_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f021ca0040efe685f6a3a8d477af8658

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\Bb\2.0\Dev\src\public\SPBBCSvc\ntu.x86.vc71.Release\Symbols\SPBBCSvc.pdb

Imports

msi

ord74
ord94
ord92
ord8

kernel32

GetModuleHandleW
SetLastError
ReadFile
GetOverlappedResult
WriteFile
CreateEventW
CloseHandle
DeviceIoControl
CreateMutexA
GetStartupInfoA
GetProcessWorkingSetSize
GlobalMemoryStatus
GetThreadTimes
GetProcessTimes
GetTempFileNameW
CreateFileW
LocalAlloc
AllocConsole
GetConsoleScreenBufferInfo
GetConsoleMode
SetConsoleCtrlHandler
SetConsoleMode
FreeConsole
SetConsoleTitleW
GetNumberOfConsoleInputEvents
ReadConsoleInputW
GetConsoleTitleW
DuplicateHandle
OpenMutexW
CreateMutexW
ReleaseMutex
GetModuleFileNameW
lstrcpyW
SetEndOfFile
SetFilePointer
WaitForMultipleObjects
OpenEventW
ResetEvent
lstrlenW
GetCurrentThread
SetErrorMode
GetStdHandle
TerminateThread
CreateThread
ExitThread
SetThreadPriority
ResumeThread
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetLongPathNameW
LoadLibraryA
FindFirstFileA
WideCharToMultiByte
lstrlenA
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSize
FindClose
FindNextFileW
FindFirstFileW
WaitForMultipleObjectsEx
ReadDirectoryChangesW
SetConsoleActiveScreenBuffer
GetSystemDirectoryW
GetShortPathNameW
GetCommandLineW
GetSystemInfo
VirtualFree
TerminateProcess
LoadLibraryW
SetUnhandledExceptionFilter
GetThreadContext
LocalFree
GetModuleHandleA
GetStartupInfoW
ExitProcess
QueryPerformanceCounter
FormatMessageA
FormatMessageW
MultiByteToWideChar
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
FileTimeToSystemTime
SystemTimeToFileTime
LeaveCriticalSection
EnterCriticalSection
GetThreadLocale
InterlockedExchange
GetACP
GetVersionExW
GetLocaleInfoA
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
lstrcatW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
RaiseException
GetLocalTime
GetTickCount
Sleep
GetLastError
DeleteFileW
GetCurrentProcess
SetProcessWorkingSetSize
GetFileAttributesW
GetProcAddress
FreeLibrary
LoadLibraryExW
SetStdHandle
SetEvent
CreateFileA

user32

CreateWindowExW
GetWindowLongW
DefWindowProcW
SetWindowLongW
DestroyWindow
PostMessageW
PostThreadMessageW
RegisterClassExW
GetCaretPos
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageA
IsWindowUnicode
GetMessageA
DispatchMessageW
CharNextA
CharPrevA
GetCursorPos
GetQueueStatus
GetMessageTime
GetCapture
GetOpenClipboardWindow
wsprintfA
wsprintfW
UnregisterClassW
GetMessagePos
GetFocus
GetClipboardViewer
GetClassInfoExW
MsgWaitForMultipleObjectsEx
GetActiveWindow
GetClipboardOwner

advapi32

GetSecurityDescriptorDacl
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegEnumValueW
RegCreateKeyExW
ChangeServiceConfig2W
DeleteService
SetServiceStatus
RegisterServiceCtrlHandlerW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
DeregisterEventSource
ReportEventW
LookupAccountNameW
GetUserNameW
RegisterEventSourceW
IsValidSid
CopySid
GetLengthSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
MakeSelfRelativeSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
InitializeSecurityDescriptor
AddAce
InitializeAcl
GetAclInformation
GetSecurityDescriptorSacl
GetSecurityDescriptorGroup
RegOpenKeyExW
GetSecurityDescriptorOwner
MakeAbsoluteSD
ConvertSidToStringSidW
CreateServiceW
QueryServiceStatus
ControlService
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW
SetSecurityDescriptorDacl

ole32

OleRun
CoCreateInstance
CoInitializeEx
CoUninitialize
CLSIDFromProgID

oleaut32

SysFreeString
SafeArrayPutElement
VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantInit
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
SafeArrayUnlock
GetErrorInfo
SysStringLen

shlwapi

PathAddBackslashW
SHDeleteKeyW
PathAppendW

msvcp71

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?sync_with_stdio@ios_base@std@@SA_N_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?widen@?$ctype@G@std@@QBEGD@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?_Nomemory@std@@YAXXZ
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??Bid@locale@std@@QAEIXZ
?_Incref@facet@locale@std@@QAEXXZ
??1locale@std@@QAE@XZ
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Register@facet@locale@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??_D?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
?clear@ios_base@std@@QAEXH_N@Z
?_Unlock@_Mutex@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?str@?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ

msvcr71

_stat
wcstombs
_errno
__mb_cur_max
isspace
mblen
strncmp
__RTDynamicCast
_itow
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__security_error_handler
_set_security_error_handler
_set_purecall_handler
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
swscanf
_resetstkoflw
wcscspn
_wfdopen
_iob
_wsplitpath
__CxxFrameHandler
_CxxThrowException
_beginthreadex
_endthreadex
_callnewh
realloc
_except_handler3
memset
wcstoul
wcsspn
_mktime64
_wcslwr
wcsstr
_wcsicmp
_mbsrchr
sprintf
mbstowcs
strncpy
malloc
wcscat
rand
srand
_localtime64
wcsftime
_time64
wcscpy
wcsncpy
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
vsprintf
_vscprintf
wcschr
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
wcscmp
_wcsupr
wcsrchr
_purecall
memmove
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
vswprintf
_vscwprintf
free
wcslen
??_V@YAXPAX@Z
??3@YAXPAX@Z
time
_close
_read
_eof
_open
_lseek
_strnicmp
_stricmp
_open_osfhandle

rpcrt4

UuidFromStringW
RpcStringFreeW
UuidToStringW
UuidCompare

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

Exports

Exports

IsdGetCapability
IsdGetRandomNumber
IsdGetStatistic
IsdTestRandomGenerator

Sections

.text
Size: 736KB - Virtual size: 734KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.crdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f021ca0040efe685f6a3a8d477af8658

Headers

File Characteristics

PDB Paths

Imports

msi

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

rpcrt4

version

shell32

Exports

Exports

Sections

.text Size: 736KB - Virtual size: 734KB

.rdata Size: 304KB - Virtual size: 302KB

.data Size: 28KB - Virtual size: 28KB

.data1 Size: 4KB - Virtual size: 1KB

.rsrc Size: 52KB - Virtual size: 50KB

.crdata Size: 80KB - Virtual size: 80KB

.text
Size: 736KB - Virtual size: 734KB

.rdata
Size: 304KB - Virtual size: 302KB

.data
Size: 28KB - Virtual size: 28KB

.data1
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 52KB - Virtual size: 50KB

.crdata
Size: 80KB - Virtual size: 80KB