dc86f8279f16999ffabc49e6af9a198e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dc86f8279f16999ffabc49e6af9a198e_JaffaCakes118
Size

501KB
MD5

dc86f8279f16999ffabc49e6af9a198e
SHA1

5d904a854750ba5c69517b36cf37e2d76cd497ca
SHA256

2515cd836e96b3bdc13e1dfdb260b1de01d4e1ad4e4856c4f549cb75042dfa07
SHA512

869f33528840c66b5800b75dc21dd05745c40fd74f10f33bd30719b91dca24200ebb1ba72520970e4634891879578eb8be60667d799f41c6116577a265e9081f
SSDEEP

12288:RUACCbK7vsRqMxqKBoOTgjX5I43D7rqSsQ:RUACf7sq223D7rqSt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc86f8279f16999ffabc49e6af9a198e_JaffaCakes118

Files

dc86f8279f16999ffabc49e6af9a198e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

992bab8f73e563f52172e89633e8aa18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\_VSS\Products\DriveCleanerInc\DriveCleanerDual\_Release\UnWizard.pdb

Imports

mfc71

ord4014
ord4038
ord3641
ord3441
ord1968
ord1934
ord1280
ord709
ord501
ord4648
ord4394
ord4692
ord4118
ord3401
ord2719
ord5203
ord1966
ord2367
ord3210
ord3287
ord3163
ord2368
ord3204
ord3161
ord5658
ord1903
ord2020
ord6275
ord605
ord356
ord354
ord4115
ord4580
ord3989
ord1425
ord5073
ord5731
ord1279
ord347
ord5641
ord5640
ord266
ord3835
ord3684
ord3596
ord6120
ord297
ord5915
ord1402
ord5214
ord760
ord572
ord589
ord4078
ord6037
ord330
ord3952
ord3423
ord2086
ord1545
ord4232
ord2991
ord3164
ord587
ord2322
ord5491
ord865
ord577
ord5637
ord1263
ord1482
ord280
ord602
ord1564
ord1930
ord265
ord783
ord2131
ord774
ord2130
ord300
ord6018
ord293
ord651
ord416
ord629
ord384
ord287
ord2264
ord2346
ord4100
ord2094
ord3244
ord1955
ord3174
ord747
ord559
ord3255
ord758
ord567
ord2075
ord2234
ord1580
ord1929
ord2233
ord5642
ord5727
ord5331
ord6297
ord5320
ord6286
ord2654
ord2272
ord4081
ord6020
ord4085
ord5710
ord2451
ord2263
ord1486
ord2160
ord1377
ord5833
ord1916
ord6172
ord6178
ord908
ord781
ord2095
ord1591
ord4240
ord3317
ord741
ord1397
ord6266
ord1933
ord1484
ord4099
ord2091
ord1570
ord4237
ord3229
ord657
ord1931
ord1483
ord4098
ord2089
ord1547
ord4234
ord3171
ord591
ord1554
ord3195
ord620
ord1587
ord3307
ord731
ord1550
ord3178
ord599
ord1576
ord1575
ord3249
ord671
ord1652
ord1596
ord2985
ord3326
ord752
ord2097
ord1908
ord1593
ord4242
ord3319
ord743
ord2092
ord1641
ord1571
ord4238
ord2958
ord3230
ord658
ord1654
ord1598
ord2987
ord3328
ord754
ord1638
ord1559
ord3215
ord643
ord1647
ord1589
ord3315
ord739
ord1646
ord1588
ord3312
ord6278
ord1643
ord1581
ord3292
ord715
ord2090
ord1637
ord1558
ord4236
ord3214
ord642
ord2098
ord1650
ord1594
ord4243
ord2983
ord3324
ord748
ord1635
ord1543
ord3157
ord583
ord1645
ord1586
ord3304
ord730
ord1644
ord1584
ord3298
ord1636
ord1548
ord3172
ord592
ord1639
ord1568
ord3227
ord656
ord1640
ord1569
ord3228
ord2370
ord1395
ord2794
ord5613
ord2328
ord299
ord2933
ord1265
ord777
ord2327
ord4032
ord282
ord2932
ord1264
ord4036
ord4037
ord2321
ord1262
ord4033
ord4034
ord2319
ord1260
ord259
ord1283
ord2371
ord6017
ord1971
ord2938
ord4109
ord1092
ord3233
ord423
ord660
ord4063
ord866
ord5466
ord1979
ord3454
ord3348
ord2074
ord3474
ord2802
ord3563
ord5991
ord4761
ord5994
ord3406
ord3488
ord3430
ord4001
ord4123
ord502
ord5647
ord5059
ord3551
ord3139
ord3571
ord3676
ord3583
ord3680
ord3587
ord3799
ord2876
ord3651
ord3302
ord5634
ord326
ord2882
ord2873
ord5746
ord2495
ord4104
ord5871
ord3473
ord3574
ord3437
ord3801
ord4185
ord3403
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord2248
ord3948
ord4568
ord5230
ord5213
ord5566
ord2838
ord4481
ord4261
ord3333
ord3830
ord1101
ord757
ord566
ord4541
ord3683
ord762
ord784
ord2176
ord1084
ord1308
ord4125
ord1191
ord1187
ord2469
ord911
ord304
ord3397
ord3934
ord907
ord3850
ord2594
ord2902
ord2372
ord2164
ord3761
ord5403
ord2468
ord6065
ord6090
ord5182
ord4212
ord4735
ord4890
ord1671
ord1670
ord1551
ord5912
ord1620
ord1617
ord3946
ord1401
ord4244
ord736
ord5152
ord4486
ord4262
ord764
ord6067
ord876
ord4035
ord578
ord1649
ord310
ord1207

msvcr71

_setmbcp
strrchr
free
malloc
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_mbscmp
__CxxFrameHandler
_except_handler3
_CxxThrowException
__RTDynamicCast
_wcsdup
wcslen
memmove
atol
_mbsnbcpy
sprintf
_vscwprintf
vswprintf
_controlfp
__security_error_handler
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
memset
strtoul
atoi
strtol
_mbslen
_mbsicmp
vsprintf
_vscprintf

kernel32

GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
ExitProcess
GetStartupInfoA
GetModuleHandleA
FindResourceExW
FindResourceW
SetLastError
VirtualProtect
GetCurrentProcess
WriteProcessMemory
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
lstrcmpA
InterlockedCompareExchange
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetFileSize
lstrcpynA
SetFilePointer
ReadFile
InterlockedDecrement
InterlockedIncrement
MulDiv
FreeLibrary
LoadLibraryA
GetProcAddress
CreateThread
TerminateThread
DeleteCriticalSection
lstrcmpiA
GetLastError
RaiseException
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
DeleteFileA
WaitForSingleObject
CreateProcessA
CloseHandle
WriteFile
CreateFileA
lstrcpyA
lstrcatA
lstrlenA
GetModuleFileNameA
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LocalFree
GetSystemTimeAsFileTime

user32

MapWindowPoints
SetTimer
KillTimer
SetScrollPos
EnableScrollBar
LoadMenuA
DestroyCursor
SetParent
GetComboBoxInfo
GetCapture
DispatchMessageA
GetWindowRect
DrawFocusRect
GetAsyncKeyState
EndPaint
BeginPaint
PeekMessageA
MsgWaitForMultipleObjects
GetParent
SetFocus
EnableWindow
CallWindowProcA
DestroyMenu
IsRectEmpty
IsZoomed
IsIconic
GetMenuItemID
SetMenuDefaultItem
EnableMenuItem
AppendMenuA
CreatePopupMenu
SetRect
GetSubMenu
WindowFromPoint
LoadImageW
LoadImageA
LoadCursorW
LoadIconW
LoadIconA
LoadBitmapW
LoadStringW
LoadStringA
GetSystemMetrics
UnhookWindowsHookEx
ReleaseCapture
SetCapture
ClientToScreen
GetWindowTextA
SetWindowsHookExA
GetKeyboardState
SetKeyboardState
CallNextHookEx
GetKeyState
IsWindowEnabled
GetActiveWindow
SystemParametersInfoA
GetSysColor
UpdateWindow
SetRectEmpty
GetMenuItemRect
UnionRect
TrackPopupMenuEx
TrackPopupMenu
FillRect
FrameRect
SetMenuItemInfoA
SetMenuItemBitmaps
GetMenuItemInfoA
GetMenuDefaultItem
InflateRect
GetMenuItemCount
GetMenuState
IsMenu
InsertMenuItemA
CopyImage
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
GetDesktopWindow
PostMessageA
GetDlgCtrlID
LoadCursorA
OffsetRect
CopyRect
SetCursor
ValidateRect
DrawTextA
IsWindowVisible
GetWindowLongA
DestroyIcon
RedrawWindow
IsWindow
ShowWindow
GetCursorPos
GetWindow
GetClassNameA
GetWindowDC
SetWindowLongA
FindWindowExA
ReleaseDC
GetDC
ScreenToClient
GetClientRect
SetWindowRgn
SendMessageA
LoadBitmapA
GetSystemMenu
PtInRect
DrawStateA
InvalidateRect
MessageBoxA
TranslateMessage

gdi32

TextOutA
SetTextColor
SetBkMode
SetBkColor
GetBkMode
GetBkColor
GetTextColor
LineTo
MoveToEx
StretchBlt
CreateDIBitmap
CreateBrushIndirect
GetPixel
SetBitmapBits
GetBitmapBits
GetDIBits
SetMapMode
GetMapMode
CreateBitmap
DPtoLP
SetStretchBltMode
GetDeviceCaps
SetPixel
CreateFontA
GetTextMetricsA
CreateRectRgnIndirect
PatBlt
CreateCompatibleDC
BitBlt
DeleteDC
CreateEllipticRgn
GetTextExtentPoint32A
Rectangle
SelectObject
CreateCompatibleBitmap
CreateFontIndirectA
ExtCreatePen
CreatePen
GetStockObject
CreateRectRgn
CombineRgn
CreateSolidBrush
GetObjectA
DeleteObject

msimg32

AlphaBlend

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteA

comctl32

ImageList_Draw
ImageList_AddMasked
ImageList_GetIconSize
ImageList_DrawEx
ImageList_GetImageCount
_TrackMouseEvent
ord17
ImageList_GetImageInfo
ImageList_GetIcon

shlwapi

PathRenameExtensionA
PathAppendA
PathRemoveFileSpecA

ole32

CoCreateInstance
OleRun
CoUninitialize
CoInitialize

oleaut32

SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
VariantInit
SysStringLen
SysAllocStringByteLen
SysAllocString
SysFreeString

msvcp71

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 541B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

992bab8f73e563f52172e89633e8aa18

Headers

File Characteristics

PDB Paths

Imports

mfc71

msvcr71

kernel32

user32

gdi32

msimg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp71

imagehlp

Sections

.text Size: 358KB - Virtual size: 357KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 6KB - Virtual size: 8KB

.tls Size: 1024B - Virtual size: 541B

.rsrc Size: 41KB - Virtual size: 62KB

.text
Size: 358KB - Virtual size: 357KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 6KB - Virtual size: 8KB

.tls
Size: 1024B - Virtual size: 541B

.rsrc
Size: 41KB - Virtual size: 62KB