009b4600166393ff50f4601678ac9e76_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

009b4600166393ff50f4601678ac9e76_JaffaCakes118
Size

180KB
MD5

009b4600166393ff50f4601678ac9e76
SHA1

87a99aaded1a18214b55c8b02d3c7a80a5032614
SHA256

158a81a40056af471a48f6d16172f212a975f8d0aab086160468b1f09d3d1494
SHA512

ae9124b50a485cccd5a283a8083f7618124c66f46918749879c01554f5dee24709bcf03e63a4b107a58c9b8f4b4647333b6f0600673accf944841db313727e9a
SSDEEP

3072:8ksGFX7fKRPdiLUw3pe1nxMPgJF1zaou22t/rV053zNLcziM:8sjUPdiLU+8xkaNaoTKrV0Ii

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
009b4600166393ff50f4601678ac9e76_JaffaCakes118

Files

009b4600166393ff50f4601678ac9e76_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e5a17d6fa1c8b51a79b3f0a8db2e33e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

synerenc

AsureEncryptToStr62
AsureDecryptFromStr62

wlogtool

?SetLogFile@@YAXPAUHINSTANCE__@@H@Z
?Log2File@@YAXPBDZZ

mfc71

ord741
ord1728
ord310
ord784
ord1934
ord1917
ord709
ord6037
ord5635
ord5640
ord326
ord5613
ord5731
ord3401
ord2719
ord3761
ord3934
ord5642
ord501
ord764
ord3163
ord3210
ord3204
ord1280
ord3302
ord876
ord2902
ord2991
ord572
ord762
ord1554
ord4244
ord3195
ord620
ord2271
ord1903
ord3683
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5213
ord5566
ord2838
ord4481
ord3333
ord566
ord757
ord1054
ord1084
ord2248
ord1050
ord314
ord1049
ord6252
ord2020
ord2372
ord911
ord4035
ord605
ord907
ord1123
ord1439
ord6288
ord629
ord5089
ord384
ord5493
ord2703
ord3201
ord380
ord5323
ord2903
ord265
ord657
ord2322
ord5710
ord6180
ord6174
ord304
ord1091
ord908
ord2131
ord1482
ord5403
ord2475
ord297
ord3641
ord5182
ord4890
ord1671
ord1670
ord1551
ord5912
ord1401
ord578
ord4262
ord3182
ord3834
ord781
ord356
ord1892
ord1794
ord4212
ord4735
ord5833
ord6067
ord4580
ord1489
ord299
ord2933
ord6118
ord354
ord2168
ord6090
ord2657
ord1122
ord3997
ord2272
ord5563
ord715
ord2164
ord3989
ord3339
ord4104
ord3920
ord1643
ord1581
ord3292
ord2468
ord1486
ord6006
ord5716
ord1191
ord1187
ord266
ord1873
ord3406
ord6236
ord1397
ord6266
ord1933
ord1484
ord4099
ord2091
ord1570
ord4237
ord3229
ord3635
ord3595
ord5227
ord4569
ord5567
ord759
ord570
ord2249
ord583
ord658
ord6065
ord6283
ord3875
ord6119
ord5873
ord1056
ord1025
ord2321
ord2092
ord1641
ord1571
ord3317
ord2958
ord3230
ord5866
ord3879
ord1635
ord1543
ord3157
ord1063
ord3850
ord1916
ord4085
ord5683
ord3321
ord557
ord745
ord305
ord1185
ord5715
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord783
ord1230
ord4261
ord4486
ord3949
ord2644
ord3709
ord3719
ord3718
ord581
ord1167
ord1092
ord1209
ord1177
ord1175
ord1201
ord1120
ord371
ord1098
ord1208
ord1206
ord1037
ord315
ord765
ord2533
ord2646
ord2540
ord2862
ord2714
ord4307
ord2835
ord2731
ord2537
ord5200
ord1599
ord1655
ord1656
ord1964
ord5175
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2408
ord2413
ord2394
ord2410
ord934
ord930
ord932
ord928
ord923
ord5960
ord1600
ord4282
ord4722
ord3403
ord5214
ord4185
ord6275
ord5073
ord1908
ord5152
ord4240
ord1402
ord3946
ord1617
ord1620
ord5915
ord1591
ord2095
ord3684
ord5203
ord4238

msvcr71

strcpy
atoi
_mbschr
_purecall
sprintf
strlen
?terminate@@YAXXZ
__security_error_handler
__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
_mbsicmp
_mbscmp
_mbsnbicmp
_ismbcalnum
_ismbcdigit
_mbsnbcmp
wcslen
strncpy
memcmp
strncmp
memcpy
_CxxThrowException
__CxxFrameHandler
malloc
_except_handler3
free
exit
strcat
time
srand
rand
atol
strftime
memset
_localtime64
_time64
_itoa
sscanf
strchr
_mbsnbcpy

kernel32

GetPrivateProfileStringA
GetTempPathA
lstrcmpA
FreeResource
FindResourceA
LoadResource
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryA
GetLastError
GetProcAddress
GetCurrentDirectoryA
FreeLibrary
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
SetEvent
WaitForSingleObject
CreateEventA
GetExitCodeThread
Sleep
ResumeThread
GlobalFree
LocalFree
LocalAlloc
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcpyA
MultiByteToWideChar
GetModuleFileNameA
InterlockedDecrement
WideCharToMultiByte

user32

KillTimer
GetMessageA
SetCursor
PeekMessageA
PostThreadMessageA
GetSysColor
IsWindow
SetRect
OffsetRect
FillRect
GetWindowRect
RedrawWindow
EnableWindow
SendMessageA
MessageBoxA
LoadStringA
LoadBitmapA
DispatchMessageA
LoadMenuA
GetDesktopWindow
SetTimer
TranslateMessage

gdi32

CreateRectRgn
GetObjectA
CreateFontIndirectA
GetTextColor

advapi32

RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA

oleaut32

SystemTimeToVariantTime
VarUdateFromDate
SysFreeString
SysAllocStringLen
SysStringLen
VariantClear
SysAllocString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

ntohs
setsockopt
send
accept
listen
gethostbyname
inet_ntoa
htonl
inet_addr
htons
bind
socket
closesocket
getsockname
connect
WSAStartup
WSACleanup
recv

Exports

Exports

?AMsgBox@@YAHHHHHHPAUHWND__@@@Z
?AsureGetCompany@@YAPADPAD@Z
?AsureGetIID_C@@YAPADPAD@Z
?AsureGetIID_S@@YAPADPAD@Z
?AsureMessageBox@@YAHPAUHWND__@@HHH@Z
?AsureMessageBox@@YAHPAUHWND__@@PBD1H@Z
?AsureSetCompany@@YAXPAD@Z
?AsureSetIID_C@@YAXPAD@Z
?AsureSetIID_S@@YAXPAD@Z
?gInputStr@@YAHHHPADHHH0PAUHWND__@@@Z
?gInputStr@@YAHPAD00HHH0PAUHWND__@@@Z
AsureFreeGlbRes
AsureFreeSharedRes
AsureGetGlbRes
AsureInitGlbRes
AsureInitSharedRes
AsureLoadBitmap
AsureLoadDialog
AsureLoadDialog2
AsureLoadFile2H
AsureLoadFile2P
AsureLoadMenu
AsureLoadResource
AsureLoadString
AsureSaveH2File
AsureSaveP2File
AsureSetGlbRes
DirectoryPicker
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
EditServerList
GetTodayDate
GetValidString
VerifyInteger
VerifyString123
g_WDLG_AddItem
g_WDLG_AddItemInt
g_WDLG_CloseWaitingDlg
g_WDLG_GetStatus
g_WDLG_SetBtnMode
g_WDLG_ShowWaitingDlg
g_WDLG_UpdateItem
g_WDLG_UpdateItemInt
g_WDLG_WaitWaitingDlg
glbGetLastErr

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5a17d6fa1c8b51a79b3f0a8db2e33e9

Headers

File Characteristics

Imports

synerenc

wlogtool

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shell32

oleaut32

version

ws2_32

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 60KB - Virtual size: 62KB

.rsrc Size: 4KB - Virtual size: 840B

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 60KB - Virtual size: 62KB

.rsrc
Size: 4KB - Virtual size: 840B

.reloc
Size: 12KB - Virtual size: 10KB