00952c026a7c40df7eb1735b4a0e558a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

00952c026a7c40df7eb1735b4a0e558a_JaffaCakes118
Size

148KB
MD5

00952c026a7c40df7eb1735b4a0e558a
SHA1

8aec40f0db8b59fc750ba07ba1c3d24c6abfaf26
SHA256

e93f33a2cdfac0070f8dce74b7c43456f21fd273eb1c75b498a2fb268c9aa1c7
SHA512

b5de3d2e8551f530d65fc3a798d1cf02a47ef16464b038e3fa5965632ddba6529a4d27e50e5f6cfe1ec1c8d1c54e0a5de1260fdb17a31bd90491da56926754b3
SSDEEP

3072:Ov+GaOUogWMmaNUMJYYHjlbW2SgRrwMtNXFokMDviqiD/B9R9H7XRRPWt:ztpDrDlbW2PRd2EB9n7nC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00952c026a7c40df7eb1735b4a0e558a_JaffaCakes118

Files

00952c026a7c40df7eb1735b4a0e558a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a64958cec582413ef6cc979ba8415beb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\NIGHTL~1.0_0\tmp\deploy\plugin\jusched\obj\jusched.pdb

Imports

advapi32

RegNotifyChangeKeyValue
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

gdi32

GetStockObject

wininet

InternetCloseHandle
HttpQueryInfoA
InternetErrorDlg
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetTimeToSystemTime
InternetTimeFromSystemTime
InternetReadFile

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
ExitProcess
GetStartupInfoA
DeleteFileA
GetCurrentProcessId
GetTickCount
SystemTimeToFileTime
CompareFileTime
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
lstrcatA
lstrcpyA
CreateEventA
WaitForSingleObject
WaitForMultipleObjects
lstrlenA
GetModuleFileNameA
CreateMutexA
GetCommandLineA
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GetProcAddress
LoadLibraryA
SetEvent
lstrcmpA
CreateThread
ReadFile
CreateProcessA
SetHandleInformation
CreatePipe
Sleep
ResetEvent
GetSystemTime
CreateFileA
GetCurrentProcess
GetSystemInfo
WriteFile
SetFilePointer
GetTempPathA
GetEnvironmentVariableA
LocalFree
SystemTimeToTzSpecificLocalTime

user32

wsprintfA
CharNextA
GetDesktopWindow
MessageBoxA
LoadStringA
LoadImageA
PostMessageA
SetForegroundWindow
RegisterClassA
CreateWindowExA
ShowWindow
SetWindowLongA
DestroyWindow
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
PeekMessageA
GetWindowLongA
DefWindowProcA
PostQuitMessage
CreatePopupMenu
AppendMenuA
GetCursorPos
TrackPopupMenu

ole32

StringFromCLSID
CLSIDFromString
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

shell32

Shell_NotifyIconA
ShellExecuteA

oleaut32

VarUI4FromStr

msvcr71

__security_error_handler
_controlfp
_stricmp
_strcmpi
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_strdup
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
memset
iswspace
isspace
rand
strtol
srand
strncat
sprintf
strncmp
sscanf
_purecall
??2@YAPAXI@Z
strncpy
strrchr
strstr
_CxxThrowException
realloc
??_U@YAPAXI@Z
_resetstkoflw
malloc
asctime
__CxxFrameHandler
time
localtime
mktime
??_V@YAXPAX@Z
_except_handler3
free
??3@YAXPAX@Z

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a64958cec582413ef6cc979ba8415beb

Headers

File Characteristics

PDB Paths

Imports

advapi32

gdi32

wininet

kernel32

user32

ole32

shell32

oleaut32

msvcr71

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 84KB - Virtual size: 84KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 84KB - Virtual size: 84KB