f550011ad00b8545300e37e6f63ea67c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f550011ad00b8545300e37e6f63ea67c_JaffaCakes118
Size

734KB
MD5

f550011ad00b8545300e37e6f63ea67c
SHA1

bfd63ca93a01a7e5f0bd842bdbc5a98e14206334
SHA256

42b779eb32cb6a9760d65023d382dab5cacb33fd5cbce4daf520328e2fb88a20
SHA512

a77caeea163c05471d666d176e5de43b223df9fb437cc7396c3cca81405fdccc4a7e9443ab71a2705e2fff73758560361b7024938e66722c3a01c55c3914de91
SSDEEP

12288:SiECwOLlQh/wAMJFGEMbdjJS1dQnnqc1kY/HsXIxtohAnEV8c:57LlYMJFGEM581dQnnqc1DvKomAC8c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f550011ad00b8545300e37e6f63ea67c_JaffaCakes118

Files

f550011ad00b8545300e37e6f63ea67c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e08dc13ef2aa2e6046384859b42a98ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\xman\source\daily\Trelo\Targets\English\Extension Manager.pdb

Imports

kernel32

GlobalAddAtomW
GlobalDeleteAtom
GetUserDefaultUILanguage
GlobalGetAtomNameW
MulDiv
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
EnumUILanguagesW
GetShortPathNameW
CloseHandle
CreateProcessW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
LockResource
LoadResource
FindResourceW
LoadLibraryW
GetACP
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
GetProcAddress
SetLastError
GetLastError
FreeLibrary
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentProcess
GetModuleFileNameW
GetTempPathW
GetTempFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
GetVersionExW
CreateDirectoryW
RemoveDirectoryW
MoveFileW
GetFileAttributesW
SetFileAttributesW
GetTickCount
OpenProcess
LoadLibraryA
DeleteFileW
CopyFileW
FindClose
FindFirstFileW
FindNextFileW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
GetUserDefaultLangID

user32

LoadCursorW
GetSysColorBrush
GetDlgCtrlID
GetCursorPos
SetCursor
ReleaseCapture
IsWindow
SetCapture
ReleaseDC
CopyRect
PtInRect
OffsetRect
FillRect
IsRectEmpty
SetRect
LoadIconW
LoadBitmapW
SystemParametersInfoW
SetTimer
KillTimer
DrawStateW
RedrawWindow
GetCapture
wsprintfW
PeekMessageW
AppendMenuW
GetSystemMenu
CallWindowProcW
SetWindowLongW
GetWindowDC
GetDC
ScreenToClient
BringWindowToTop
DrawFocusRect
InflateRect
GetParent
GetClientRect
GetWindowRect
RegisterWindowMessageW
FindWindowW
UpdateWindow
GetMenu
PostMessageW
InsertMenuW
GetSubMenu
LoadImageW
GetSystemMetrics
GetClassInfoW
SetForegroundWindow
IsChild
InvalidateRect
IsIconic
GetSysColor
SendMessageW
EnableWindow
DestroyIcon

gdi32

RealizePalette
GetObjectW
DPtoLP
CreateBitmap
CreateCompatibleBitmap
SelectPalette
SetMapMode
BitBlt
SetBkColor
DeleteDC
CreatePalette
Rectangle
CreateSolidBrush
RemoveFontResourceW
AddFontResourceW
SelectObject
CreateCompatibleDC
CreateDIBitmap
CreateFontIndirectW
GetTextExtentPoint32W
DeleteObject
GetMapMode

ahclient

DisplayAdobeHelpClientPage
InitializeAdobeHelpClient

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

mfc80u

ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5199
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord6720
ord1542
ord1661
ord1662
ord2011
ord4574
ord4884
ord4729
ord4206
ord5178
ord3635
ord1883
ord744
ord870
ord6306
ord5091
ord556
ord774
ord6063
ord2651
ord2311
ord4026
ord293
ord6115
ord3435
ord1864
ord1784
ord4259
ord4271
ord1297
ord2164
ord5201
ord5144
ord1393
ord3939
ord5911
ord6721
ord1548
ord4013
ord2418
ord2419
ord2986
ord5352
ord4898
ord2933
ord4129
ord4303
ord5006
ord5003
ord2609
ord1904
ord2237
ord1472
ord762
ord1079
ord1086
ord4119
ord1155
ord5161
ord2895
ord5558
ord3990
ord4100
ord2261
ord2424
ord6086
ord940
ord1315
ord280
ord715
ord2239
ord6301
ord3103
ord630
ord2365
ord2366
ord3327
ord4255
ord4475
ord2832
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord2012
ord3390
ord3927
ord3677
ord1476
ord5221
ord2260
ord956
ord547
ord5971
ord1117
ord899
ord896
ord5113
ord3444
ord3639
ord368
ord4258
ord4476
ord6039
ord5930
ord2762
ord3034
ord4216
ord1913
ord4699
ord4733
ord4846
ord4251
ord5491
ord2736
ord5408
ord1370
ord5588
ord5152
ord2042
ord2007
ord6234
ord2615
ord2608
ord4560
ord616
ord2386
ord266
ord1176
ord2860
ord1172
ord5316
ord6282
ord1571
ord2121
ord3224
ord5210
ord4232
ord5327
ord6293
ord3869
ord3459
ord6764
ord591
ord620
ord651
ord4267
ord1547
ord5170
ord1351
ord3338
ord5200
ord5147
ord5910
ord6763
ord3968
ord4854
ord4857
ord4373
ord4378
ord4375
ord4393
ord4395
ord4380
ord4770
ord4172
ord4165
ord4974
ord4775
ord4198
ord4784
ord4437
ord4438
ord3734
ord6233
ord5485
ord4314
ord1925
ord3204
ord2361
ord1894
ord572
ord3165
ord2985
ord4228
ord1538
ord2080
ord4092
ord1474
ord1922
ord3189
ord1299
ord1118
ord2167
ord2413
ord2414
ord2415
ord2412
ord2411
ord416
ord393
ord5609
ord4929
ord5829
ord5867
ord3995
ord4117
ord5637
ord502
ord6302
ord5524
ord3082
ord3104
ord5979
ord2151
ord4581
ord3641
ord6232
ord3756
ord5803
ord1479
ord282
ord6700
ord860
ord5705
ord2444
ord897
ord4074
ord4101
ord6173
ord6167
ord6111
ord281
ord5484
ord5712
ord745
ord557
ord5398
ord2460
ord2282
ord772
ord6015
ord1430
ord5083
ord3842
ord3157
ord1271
ord2255
ord1959
ord3678
ord658
ord2867
ord5636
ord5727
ord326
ord3789
ord3645
ord3460
ord395
ord635
ord4293
ord4244
ord3752
ord3642
ord5638
ord6033
ord566
ord2984
ord3824
ord757
ord1906
ord284
ord2159
ord3286
ord1572
ord1634
ord287
ord1785
ord1386
ord3198
ord6061
ord709
ord501
ord3630
ord290
ord3050
ord385
ord3194
ord4713
ord4728
ord4205
ord4904
ord4619
ord4578
ord4458
ord4966
ord3783
ord587
ord3158
ord4226
ord1536
ord6751
ord6749
ord3155
ord1058
ord1921
ord1555
ord3983
ord2648
ord629
ord384
ord2461
ord380
ord3195
ord2696
ord2697
ord5489
ord6009
ord3383
ord4459
ord4488
ord4536
ord900
ord5319
ord6284
ord1182
ord1178
ord3452
ord3088
ord2740
ord2747
ord2744
ord2111
ord5621
ord5873
ord2897
ord4049
ord6206
ord911
ord2299
ord2465
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4256
ord3176
ord354
ord605
ord776
ord5118
ord5119
ord3249
ord334
ord283
ord593
ord577
ord764
ord2340
ord1198

msvcr80

_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
calloc
abort
realloc
memcpy
memmove
wcstombs
strncpy
strcspn
_time64
_localtime64_s
_mktime64
wcsstr
_swprintf
malloc
iswspace
_wsplitpath
wcstok
wcsncpy
wcschr
_wtoi
_wcsicmp
memmove_s
wcsrchr
memset
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
free
_wcsdup
wcstombs_s
strcpy_s
_purecall
__RTDynamicCast
wcsncmp
_invalid_parameter_noinfo
_wcsnicmp
__CxxFrameHandler3
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr

ole32

CoInitialize
CoCreateInstance

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW
RegSetValueExW
InitializeSid
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthorityCount
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
GetSidSubAuthority

shell32

SHFileOperationW
SHGetMalloc
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 472KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e08dc13ef2aa2e6046384859b42a98ac

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ahclient

msvcp80

mfc80u

msvcr80

ole32

advapi32

shell32

version

Sections

.text Size: 472KB - Virtual size: 469KB

.rdata Size: 120KB - Virtual size: 116KB

.data Size: 16KB - Virtual size: 24KB

.rsrc Size: 48KB - Virtual size: 47KB

.rrdata Size: 68KB - Virtual size: 68KB

.text
Size: 472KB - Virtual size: 469KB

.rdata
Size: 120KB - Virtual size: 116KB

.data
Size: 16KB - Virtual size: 24KB

.rsrc
Size: 48KB - Virtual size: 47KB

.rrdata
Size: 68KB - Virtual size: 68KB