c01d52d1de65b876d4566342a31224a8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c01d52d1de65b876d4566342a31224a8_JaffaCakes118
Size

588KB
MD5

c01d52d1de65b876d4566342a31224a8
SHA1

08ba1e4e5e821be3c8f4204e364e14156cf22fda
SHA256

5ff6f19b17185f7190bf9139a682e530de3e4f7fa779f9034979e2e6c904cebe
SHA512

4405acf375bc0258deb2d70039f2aa402c8170ae39489e57e2e40f23887b7fea7ca8bf86b73bb9dbafdb737255acad6a66225890e3c26d695bfcb8046111027c
SSDEEP

12288:VSXWhbOWlSnkH/nCfKCDLu39/bCjS3a23wOMYyKMtYFbEqnusqnu4:1bCnkHvCfhDLu39WG3z3wOMkbw+us+u4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c01d52d1de65b876d4566342a31224a8_JaffaCakes118

Files

c01d52d1de65b876d4566342a31224a8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

390e738c8373b5c427b070a737c2a96c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Hudson\workspace\Release-2011.05\checkout\rc\MOD\rcc_host\Release\clienthost_u_u.pdb

Imports

kernel32

GetTimeZoneInformation
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
GetFullPathNameA
GetExitCodeProcess
CreatePipe
GetFileAttributesA
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetStdHandle
SetLastError
TlsFree
TlsSetValue
TlsAlloc
GetLocaleInfoW
CompareStringW
CompareStringA
GetDateFormatA
GetTimeFormatA
ExitProcess
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
DuplicateHandle
CreateProcessA
GetProcessHeap
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
RaiseException
RtlUnwind
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentThread
LocalAlloc
LocalFree
CreateDirectoryA
SetCurrentDirectoryA
SetCurrentDirectoryW
GetTempPathW
FindResourceA
BeginUpdateResourceA
UpdateResourceW
EndUpdateResourceW
LoadResource
LockResource
SizeofResource
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindFirstFileA
MultiByteToWideChar
RemoveDirectoryA
FindNextFileA
FindClose
GetTempPathA
FindResourceW
EnumResourceTypesW
lstrcpynW
GetModuleHandleA
lstrcpynA
lstrcpyW
CreateFileW
CopyFileW
SetFileAttributesW
CreateThread
TerminateThread
DeleteFileW
GetComputerNameW
WaitForMultipleObjects
GetCurrentProcess
GetWindowsDirectoryW
GetVersionExW
GetVolumeInformationW
GetVersion
IsBadReadPtr
LoadLibraryA
WriteFile
CreateMutexA
WaitForSingleObject
ReleaseMutex
ReadFile
CreateFileA
SetFilePointer
CloseHandle
DeleteFileA
FreeLibrary
LoadLibraryW
GetProcAddress
MulDiv
lstrcmpW
GetCurrentProcessId
Sleep
GetModuleFileNameW
GetCurrentDirectoryW
lstrcatW
GetTickCount
GetModuleHandleW
GetModuleFileNameA
GetLastError
lstrlenW
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
WideCharToMultiByte
TlsGetValue
SetEnvironmentVariableA

user32

ExitWindowsEx
IsCharAlphaNumericA
GetDesktopWindow
GetParent
GetWindow
GetMenu
GetFocus
AttachThreadInput
GetWindowThreadProcessId
SetWindowPos
InvalidateRect
GetForegroundWindow
SetForegroundWindow
IsWindowUnicode
SetParent
GetClassNameW
GetWindowTextLengthW
MessageBoxW
IsCharAlphaNumericW
DestroyIcon
EndDialog
RedrawWindow
SetWindowLongW
GetWindowLongW
OffsetRect
GetSystemMetrics
CharUpperBuffA
CharUpperBuffW
CharNextA
CharNextW
DialogBoxParamA
EnumChildWindows
LockWindowUpdate
GetDialogBaseUnits
GetWindowRgn
DefDlgProcA
GetClassNameA
LoadBitmapA
wsprintfA
SetWindowTextW
SetDlgItemTextW
LoadIconA
DialogBoxParamW
wsprintfW
CreateWindowExW
ShowWindow
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
UnregisterClassW
RegisterClassW
SystemParametersInfoW
DrawTextW
DrawTextA
FrameRect
BeginDeferWindowPos
IsWindow
DeferWindowPos
EndDeferWindowPos
GetSystemMenu
TrackPopupMenuEx
FillRect
GetWindowTextW
LoadImageW
LoadBitmapW
EnableMenuItem
GetWindowPlacement
IsWindowVisible
SetWindowRgn
GetClientRect
DrawIconEx
SetRect
MapWindowPoints
InflateRect
KillTimer
SetTimer
LoadCursorW
SetCursor
GetDlgItem
BeginPaint
EndPaint
SendMessageW
PostMessageW
IsWindowEnabled
IsIconic
GetDCEx
GetWindowDC
ReleaseDC
AdjustWindowRectEx
GetWindowRect
PtInRect
DefDlgProcW

gdi32

ExcludeClipRect
CreateSolidBrush
SetTextColor
BitBlt
DeleteObject
DeleteDC
GetClipBox
CreateCompatibleDC
LPtoDP
CreateCompatibleBitmap
SelectObject
GetMapMode
SetMapMode
GetWindowExtEx
SetWindowExtEx
GetViewportExtEx
DPtoLP
SetViewportOrgEx
GetBkColor
SetBkColor
ExtTextOutW
CreateDIBSection
CreateBitmap
GetObjectW
CreateRoundRectRgn
CreateRectRgnIndirect
StretchBlt
GetStockObject
CreateFontIndirectW
ExtSelectClipRgn
SetRectRgn
OffsetRgn
CreateRectRgn
GetTextExtentExPointW
GetTextExtentExPointA
GetTextExtentPoint32W
GetTextExtentPoint32A
SetBkMode
SetViewportExtEx

advapi32

FreeSid
RegCreateKeyExA
RegEnumValueW
RegEnumValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyW
RegCreateKeyA
RegCloseKey
RegDeleteValueW
RegDeleteValueA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
OpenSCManagerW
CloseServiceHandle
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
IsValidSid
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW

shell32

SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteA

ole32

CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen

shlwapi

PathCompactPathA
PathCompactPathW
PathAppendA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
VerQueryValueA

Exports

Exports

Data
Start
Stop

Sections

.text
Size: 440KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

390e738c8373b5c427b070a737c2a96c

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

Exports

Exports

Sections

.text Size: 440KB - Virtual size: 437KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: 36KB - Virtual size: 43KB

.rsrc Size: 128KB - Virtual size: 127KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 440KB - Virtual size: 437KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 36KB - Virtual size: 43KB

.rsrc
Size: 128KB - Virtual size: 127KB

.reloc
Size: 24KB - Virtual size: 23KB