d4effb0ac1e663f97b12075f716e3b07_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d4effb0ac1e663f97b12075f716e3b07_JaffaCakes118
Size

764KB
MD5

d4effb0ac1e663f97b12075f716e3b07
SHA1

d5d95304a97e954422f4eb6e09564e3918f98088
SHA256

0e3812dec7c15b75c58aec1c1b3a2b350fdf2f6c98e6917f57358f587d34c7db
SHA512

10cc308742d6e53f5ae9c8dab03bfa3a1ade7da96f6ebfc8a64829b028be619d3bae6e4306ad2154272f53f2085a9cf759b27fdaae10c8b9a51315ef7fae4bb4
SSDEEP

12288:23wvSLiFnqVrCH7k76MYh9mjYAZSYADQi7tbpF:2bEnqVqjnmUmSSixb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4effb0ac1e663f97b12075f716e3b07_JaffaCakes118

Files

d4effb0ac1e663f97b12075f716e3b07_JaffaCakes118
.exe windows:4 windows x86 arch:x86

38a077d2f2405319904a721ba216a352

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ngscm

?Show@CNbuuCommonMessageBox@@SAHPAUHWND__@@PBG1I@Z
??0CPCSL2InfoReader@@QAE@XZ
?ReadPCSL@CPCSL2InfoReader@@QAEHPAG@Z
?GetUIManufacturer@CPCSL2InfoReader@@QAEPBGXZ
?PCSL_GetVariantID@CPCSL2InfoReader@@QAEGXZ
?GetResourceInstance@CNbuuLib@@SAPAUHINSTANCE__@@XZ
?NGSCM_LoadString@@YAHIPAGH@Z
??0CNbuuGraphics@@QAE@PAUHDC__@@@Z
?DrawImage@CNbuuGraphics@@QAEXPAVCNbuuBitmap@@HH@Z
??1CNbuuGraphics@@UAE@XZ
??0CRTLHelper@@QAE@PBG@Z
?FlipDialog@CRTLHelper@@QAEPAUDLGTEMPLATE@@PAUHINSTANCE__@@I@Z
??1CRTLHelper@@UAE@XZ
??1CNbuuBitmap@@UAE@XZ
?NGSCM_GetCommonNLR@@YAPAUHINSTANCE__@@XZ
??0CNbuuBitmap@@QAE@XZ
?LoadFromRes@CNbuuBitmap@@QAEXPAUHINSTANCE__@@I@Z
?IsLayoutRTL@CNbuuLib@@SAHXZ
?Mirror@CNbuuBitmap@@QAEXXZ
?SetLayout@CNbuuLib@@SAKK@Z
?TranslateMenuAccelerator@CNbuuWindowBackgroundCtrl@@QAEHPAUtagMSG@@@Z
??1CNbuuStaticCtrl@@UAE@XZ
??1CNbuuComboBoxCtrl@@UAE@XZ
??1CNbuuCheckButtonCtrl@@UAE@XZ
??1CNbuuCommonButtonCtrl@@UAE@XZ
?GetMenuHandle@CNbuuWindowBackgroundCtrl@@QAEPAUHMENU__@@XZ
??1CNbuuStaticBitmapSkin@@UAE@XZ
??0CNbuuStaticBitmapSkin@@QAE@XZ
?Load@CNbuuStaticBitmapSkin@@UAEXXZ
?Unload@CNbuuStaticBitmapSkin@@UAEXXZ
?IsValid@?$CNbuuBaseSkinImpl@VCNbuuStaticBitmapSkin@@VCNbuuStaticBitmapSkinDef@@@@UAE_NXZ
?Draw@CNbuuStaticBitmapSkin@@UAEXPAVCNbuuWindow@@PAVCNbuuGraphics@@HH@Z
?GetNextPhoneManufacturer@CPCSL2InfoReader@@QAEPBGXZ
?GetNumberOfPhoneManufacturers@CPCSL2InfoReader@@QAEHXZ
?GetFirstPhoneManufacturer@CPCSL2InfoReader@@QAEPBGXZ
?PcsInitializeWER@@YAHXZ
?DrawParentBackBuffer@CNbuuBackBuffer@@UAEXPAUHDC__@@UtagRECT@@@Z
?DrawBackBufferPart@CNbuuBackBuffer@@UAEXPAUHDC__@@UtagRECT@@11@Z
?DrawBackBuffer@CNbuuBackBuffer@@UAEXPAUHDC__@@UtagRECT@@1@Z
?DeleteBackBuffer@CNbuuBackBuffer@@UAEXXZ
?CreateBackBuffer@CNbuuBackBuffer@@UAEXHHPAVCNbuuGraphics@@@Z
??0CNbuuComboBoxCtrl@@QAE@XZ
??1CNbuuWindowBackgroundCtrl@@UAE@XZ
??1CNbuuWindowBackgroundSkin@@UAE@XZ
?Init@CNbuuLib@@SAXPAUHINSTANCE__@@0@Z
??0CNbuuWindowBackgroundCtrl@@QAE@XZ
??1CPCSL2InfoReader@@QAE@XZ
??0CNbuuWindowBackgroundSkin@@QAE@XZ
?PcsLoadFont@@YAXPAUtagLOGFONTW@@@Z
?SetResourceInstance@CNbuuLib@@SAXPAUHINSTANCE__@@@Z
?NGSCM_GetCommonNGR@@YAPAUHINSTANCE__@@XZ
?SetTooltip@?$CNbuuButtonImpl@VCNbuuCommonButtonSkin@@@@QAEXPAG@Z
??0CNbuuCommonButtonCtrl@@QAE@XZ
?SetTextColor@CNbuuStaticCtrl@@QAEXK@Z
??0CNbuuStaticCtrl@@QAE@XZ
??0CNbuuCheckButtonCtrl@@QAE@XZ
?SetSkinDef@?$CNbuuBaseSkinImpl@VCNbuuStaticBitmapSkin@@VCNbuuStaticBitmapSkinDef@@@@UAEXVCNbuuStaticBitmapSkinDef@@@Z
?Validate@CNbuuStaticBitmapSkin@@UAEXXZ

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdiplus

GdiplusShutdown
GdiplusStartup

mfc71u

ord629
ord1430
ord5319
ord2897
ord384
ord3289
ord6001
ord530
ord722
ord3249
ord2366
ord5710
ord745
ord557
ord6002
ord6000
ord5672
ord3248
ord443
ord676
ord5438
ord5709
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord2936
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3163
ord590
ord331
ord6061
ord5609
ord1079
ord5178
ord4729
ord4884
ord2011
ord1662
ord1661
ord5908
ord1611
ord1608
ord3940
ord1392
ord4238
ord5148
ord1899
ord5067
ord6271
ord4179
ord3397
ord4716
ord4276
ord1591
ord5956
ord920
ord925
ord929
ord927
ord931
ord2404
ord2388
ord2407
ord2402
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord5196
ord2856
ord4480
ord4256
ord3176
ord1784
ord2159
ord6232
ord2713
ord3395
ord2651
ord5829
ord3678
ord5911
ord1393
ord5210
ord3331
ord755
ord564
ord5713
ord3508
ord5337
ord6003
ord5440
ord2299
ord5442
ord631
ord386
ord5444
ord3857
ord1027
ord3677
ord4032
ord4008
ord6272
ord3795
ord6274
ord2054
ord5579
ord3851
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord3327
ord757
ord1049
ord2239
ord4314
ord6284
ord618
ord796
ord370
ord1194
ord1645
ord1589
ord2981
ord3322
ord572
ord754
ord1921
ord1785
ord1894
ord2365
ord2560
ord6059
ord3752
ord1299
ord2167
ord1555
ord416
ord2364
ord4119
ord3985
ord630
ord2012
ord5437
ord2861
ord5708
ord5999
ord1086
ord2985
ord760
ord3198
ord3204
ord1925
ord4094
ord2085
ord3238
ord1946
ord1962
ord1271
ord4112
ord1274
ord3635
ord605
ord354
ord5199
ord4574
ord4206
ord602
ord6033
ord5638
ord5727
ord2255
ord347
ord3155
ord1270
ord2361
ord5566
ord6086
ord709
ord1920
ord5723
ord501
ord2362
ord2066
ord3855
ord1182
ord1178
ord746
ord558
ord5327
ord6293
ord5316
ord6282
ord870
ord2895
ord280
ord284
ord577
ord774
ord288
ord283
ord2444
ord5398
ord2468
ord293
ord897
ord894
ord899
ord3927
ord5083
ord2121
ord776
ord5711
ord1198
ord5712
ord4101
ord5524
ord2282
ord1118
ord4026
ord4074
ord5485
ord2261
ord4078
ord6172
ord5558
ord3990
ord896
ord6166
ord1220
ord1472
ord1542
ord5231
ord5229
ord2384
ord2394
ord2392
ord2390
ord2386
ord2409
ord2397
ord1647
ord1646
ord1590
ord1883
ord6063
ord277
ord3842
ord2260
ord3756
ord3858
ord2271
ord4320
ord2009
ord1007
ord5096
ord566
ord6171
ord6165
ord497
ord1605
ord2461
ord3877
ord6167
ord6173
ord5864
ord3082
ord385
ord2341
ord2878
ord1479
ord282
ord2926
ord6111
ord860
ord4100
ord290
ord2932
ord1156
ord1058
ord2460
ord5705
ord5414
ord5484
ord6161
ord287
ord1906
ord3841
ord1252
ord5149
ord291
ord5478
ord1002
ord1518
ord1241
ord5707
ord5436
ord1176
ord1189
ord313
ord2343
ord328
ord5998
ord588
ord3159
ord5663
ord762
ord764
ord265
ord266
ord3800
ord2311

msvcr71

_wtoi64
_wtoi
_purecall
wcscat
swprintf
wcsncpy
memcmp
fabs
ceil
floor
wcsncat
strlen
strncat
sprintf
strtoul
strcpy
wcschr
_wtol
localtime
gmtime
time
_tzset
_mktime64
_gmtime64
_except_handler3
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
__security_error_handler
_controlfp
free
_wcsdup
_wsetlocale
wcscmp
wcsftime
towupper
iswspace
iswpunct
iswascii
wcslen
_wsplitpath
_wmakepath
wcscpy
wcstoul
wcstol
div
memcpy
__CxxFrameHandler
memset

kernel32

GetVersionExW
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
ExitProcess
GetStartupInfoW
GetModuleHandleA
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
Sleep
GetLongPathNameW
CreateDirectoryW
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeZoneInformation
FindResourceExW
CreateFileW
WriteFile
GetTempPathW
GetTickCount
GetTempFileNameW
LoadResource
LockResource
SizeofResource
FreeResource
DeleteFileW
GetACP
FreeLibrary
GetProcAddress
LoadLibraryW
FindResourceW
GetModuleFileNameW
LoadLibraryExW
GetLastError
ExpandEnvironmentStringsW
CreateEventW
OpenEventW
CloseHandle
ResetEvent
SetEvent
MoveFileW

user32

TranslateAcceleratorW
GetFocus
PeekMessageW
MsgWaitForMultipleObjects
SetFocus
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetDlgItem
ShowWindow
MapWindowPoints
LockWindowUpdate
GetClientRect
PostMessageW
GetWindowLongW
GetMenuItemCount
GetMenuItemID
IsIconic
IsZoomed
DialogBoxIndirectParamW
GetPropW
SetPropW
OffsetRect
DrawTextW
EndDialog
IsWindow
SetClassLongW
GetClassLongW
GetMonitorInfoW
MonitorFromRect
SystemParametersInfoW
GetSysColor
PtInRect
GetForegroundWindow
PostQuitMessage
GetMenuState
GetDC
ReleaseDC
GetMenuDefaultItem
RegisterWindowMessageW
wsprintfW
InsertMenuW
InsertMenuItemW
EnableMenuItem
CopyRect
SetWindowPos
LoadAcceleratorsW
GetSubMenu
SetMenuDefaultItem
EndMenu
LoadIconW
LoadStringW
GetNextDlgTabItem
GetClassNameW
GetDesktopWindow
GetCursorPos
WinHelpW
SetTimer
EnableWindow
MoveWindow
InvalidateRect
EnumChildWindows
KillTimer
GetWindowRect
GetParent
InflateRect
SetForegroundWindow
ScreenToClient
ChildWindowFromPoint
ReleaseCapture
SetCapture
ClientToScreen
LoadCursorW
SetCursor
LoadMenuW
GetSystemMetrics
SendMessageW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW
SetBkMode
Ellipse
GetObjectW
GetTextExtentPoint32W
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SetTextColor

advapi32

RegEnumKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExW
RegCloseKey

shell32

ShellExecuteW

comctl32

ImageList_ReplaceIcon
InitCommonControlsEx

ole32

CoTaskMemFree
CreateStreamOnHGlobal
StringFromCLSID
CLSIDFromString

oleaut32

VariantClear
VariantTimeToSystemTime
SysFreeString
SafeArrayGetElement
SafeArrayGetUBound
SystemTimeToVariantTime
VarUdateFromDate

Sections

.text
Size: 568KB - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vrdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

38a077d2f2405319904a721ba216a352

Headers

File Characteristics

Imports

ngscm

version

gdiplus

mfc71u

msvcr71

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

Sections

.text Size: 568KB - Virtual size: 564KB

.rdata Size: 112KB - Virtual size: 108KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 16KB - Virtual size: 15KB

.vrdata Size: 60KB - Virtual size: 60KB

.text
Size: 568KB - Virtual size: 564KB

.rdata
Size: 112KB - Virtual size: 108KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 16KB - Virtual size: 15KB

.vrdata
Size: 60KB - Virtual size: 60KB