d30a2e42d4bd689de9427e1d796af012_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d30a2e42d4bd689de9427e1d796af012_JaffaCakes118
Size

280KB
MD5

d30a2e42d4bd689de9427e1d796af012
SHA1

c285eade3f8be2745c70946ca28a3f18cd608c7e
SHA256

d4d58a709774eaaba91db609f6b182899979023a39330a47e3223661883d13f3
SHA512

309dbcb337a23df17ec06b152f1ea901898999b6ff98ce25a0a376e2e413aacc7ac2c3386362cf3fa78c487ad4779fcfdfd175581209f265a7a153d1591d1be7
SSDEEP

3072:hKiaAB92iew/bIVJCxim5nxlbsw/iuOx5k+vZRgFZRgf9My9/mbR0QcT7FCOvV/u:hKiDrIVJhonxjiuOxW+N9bbTJC8QrL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d30a2e42d4bd689de9427e1d796af012_JaffaCakes118

Files

d30a2e42d4bd689de9427e1d796af012_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7c70154776a19fd8d826e18bb58ce452

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Projects\source\winsrc_wkssrv\avcontrol-oem\systray\Release\avgnt.pdb

Imports

mfc90u

ord4512
ord2282
ord6666
ord1357
ord2596
ord2130
ord3577
ord5573
ord3589
ord617
ord5572
ord341
ord1938
ord2288
ord6760
ord6311
ord4131
ord2904
ord814
ord2297
ord2289
ord2078
ord4396
ord5802
ord4320
ord2137
ord5652
ord5611
ord5595
ord6794
ord6524
ord4760
ord3531
ord400
ord2954
ord5625
ord3226
ord6376
ord4702
ord4741
ord5602
ord4345
ord3488
ord3543
ord1354
ord2106
ord3515
ord374
ord1675
ord1809
ord1810
ord5008
ord5324
ord5167
ord4631
ord639
ord5653
ord4682
ord1492
ord6408
ord3353
ord5632
ord4000
ord6187
ord1603
ord1137
ord2208
ord909
ord3185
ord296
ord280
ord811
ord813
ord935
ord6659
ord1607
ord285
ord293
ord3220
ord1599
ord5650
ord1727
ord1791
ord1792
ord2139
ord1442
ord6579
ord5404
ord3682
ord6804
ord4174
ord6802
ord1641
ord2368
ord5511
ord2375
ord2630
ord2612
ord2610
ord2628
ord2640
ord2617
ord2633
ord2638
ord2621
ord2623
ord2625
ord2619
ord2635
ord2615
ord971
ord967
ord969
ord965
ord960
ord5683
ord5509
ord5510
ord753
ord5152
ord5661
ord3268
ord4774
ord2597
ord6065
ord1108
ord3486
ord2592
ord2469
ord3662
ord585
ord1723
ord1787
ord3157
ord788
ord1431
ord1425
ord5403
ord5429
ord4616
ord2627
ord4878
ord4037
ord5685
ord6466
ord1728
ord5154
ord3743
ord4603
ord6800
ord5512
ord2069
ord2074
ord4664
ord1493
ord4910
ord1751
ord1754
ord6411
ord3355
ord1100
ord1064
ord3819
ord415
ord1681
ord4429
ord2650
ord2651
ord3287
ord5803
ord1176
ord4543
ord6577
ord5664
ord3907
ord4739
ord4026
ord2593
ord524
ord744
ord3477
ord542
ord4608
ord5277
ord5168
ord4632
ord5301
ord5047
ord5231
ord5508
ord980
ord3225
ord6375
ord6381
ord3230
ord6379
ord797
ord595
ord3674
ord3621
ord4044
ord1486
ord636
ord6098
ord367
ord1353
ord6091
ord1144
ord613
ord337
ord6096
ord3229
ord1380
ord2369
ord5338
ord3232
ord4553
ord4730
ord670
ord4344
ord4685
ord5450
ord5447
ord2860
ord5655
ord2079
ord2445
ord5615
ord4697
ord5598
ord5354
ord4985
ord4720
ord4007
ord2537
ord1222
ord2695
ord286
ord600
ord799
ord6604
ord5815
ord5663
ord5680
ord4347
ord5674
ord3217
ord2087
ord266
ord2084
ord1183
ord3670
ord589
ord4213
ord5830
ord6741
ord5548
ord1048
ord5567
ord265
ord436
ord2595
ord686
ord1432
ord2227
ord2265
ord3140
ord2269
ord4179
ord6035
ord2206
ord2251
ord4747
ord6803
ord4173
ord6801
ord4211
ord2447
ord6018
ord4996
ord5676
ord4423
ord794
ord4043
ord4448
ord4681
ord4905
ord4348
ord2891
ord4071
ord4081
ord4080
ord2764
ord2893
ord2774
ord3115
ord2966
ord4728
ord3112
ord2983
ord2771
ord2057
ord801
ord1272

msvcr90

_wcsdup
exit
wcsncpy_s
wcsncat_s
wcscmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
free
wcsncmp
memset
__CxxFrameHandler3
wcscat
wcsncat
wcslen
wcscpy
memcpy
_waccess
wcscat_s
swprintf_s
rand
srand
wcscpy_s
swscanf_s
_wfopen_s
vswprintf_s
iswspace
iswalnum
_wsplitpath_s
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
fclose
strncpy
_wfopen
_wchdir
wcsstr
_wgetcwd
_wcsupr
_wsplitpath
wcsrchr
malloc
_snwprintf
wcschr
_time64
_invalid_parameter_noinfo
wcsncpy
_wtoi
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memmove_s
_wcsicmp

kernel32

RemoveDirectoryW
SetEvent
Sleep
CreateEventW
OpenEventW
CloseHandle
FreeLibrary
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GetPriorityClass
LoadLibraryW
lstrcpynW
GetProcAddress
ResetEvent
WaitForMultipleObjects
GetCurrentProcessId
CreateDirectoryW
GetPrivateProfileStringW
GetFileAttributesW
GetModuleFileNameW
WritePrivateProfileStringW
GetLastError
LocalFree
SetErrorMode
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringW
GetModuleHandleW
CreateProcessW
GetVersionExW
OpenProcess
GetExitCodeProcess
WaitForSingleObject
SetProcessWorkingSetSize
MulDiv
CreateFileW
DeleteFileW
SetFileAttributesW
WriteFile
LoadLibraryExW
DeviceIoControl
LoadLibraryA
ExpandEnvironmentStringsA
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
PulseEvent

user32

LoadStringW
KillTimer
PostMessageW
GetSubMenu
SetForegroundWindow
LoadMenuW
AppendMenuW
GetCursorPos
CreatePopupMenu
GetMenuItemCount
RemoveMenu
SetMenuDefaultItem
GetClientRect
RedrawWindow
SetWindowPos
IsWindowVisible
GetDlgCtrlID
GetWindowRect
GetParent
GetDC
ReleaseDC
TranslateAcceleratorW
EnableWindow
SetTimer
PostQuitMessage
RegisterWindowMessageW
LoadImageW
LoadIconW
SendMessageW
UpdateWindow
GetForegroundWindow

gdi32

CreatePatternBrush
DeleteObject
GetObjectW
GetPixel
CreateSolidBrush
CreateCompatibleDC
GetDeviceCaps
RealizePalette
BitBlt
GetDIBColorTable
CreateHalftonePalette
CreateFontIndirectW
GetTextExtentPoint32W
GetStockObject
CreatePalette

advapi32

RegOpenKeyExA
RegQueryValueExA
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
CloseServiceHandle
SetEntriesInAclW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW

shell32

Shell_NotifyIconW
ShellExecuteW

cclib

??1CCLCButton@@UAE@XZ
?LoadStringW@CCLCResString@@QAA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@IZZ
?performSelfTest@CCLib@@SA_NPB_W0H@Z
?getFileInfo@CCLib@@SA_NPB_WPAUCCLIB_FILEINFO@@@Z
?LoadImageW@CCLCResString@@SAPAXPB_WIIHHI@Z
?LoadColor@CCLCResString@@QAEKPB_W@Z
?MessageBoxW@CCLib@@SAHPAUHWND__@@PB_W1I@Z
?ShowHelp@CCLib@@SA_NK@Z
?LoadMasterRegKey@CCLCResString@@QAEPA_WXZ
??0CCLCFControl@@QAE@XZ
??1CCLCFControl@@QAE@XZ
?VerifyPasswordHash@CCLib@@SA_NPB_W0@Z
?Log@CCLib@@SAXPB_W0ZZ
??0CCLCResString@@QAE@PAUHINSTANCE__@@PB_WH@Z
?LoadStringW@CCLCResString@@QAEPA_WPB_W@Z
?LoadFileName@CCLCResString@@QAEPA_WPB_W@Z
??1CCLCResString@@QAE@XZ
??0CCLCButton@@QAE@XZ

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7c70154776a19fd8d826e18bb58ce452

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

shell32

cclib

msvcp90

Sections

.text Size: 97KB - Virtual size: 96KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 45KB - Virtual size: 44KB

.trdata Size: 76KB - Virtual size: 76KB

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 45KB - Virtual size: 44KB

.trdata
Size: 76KB - Virtual size: 76KB