048cb408a0aab2e36d74ad4ace299445_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

048cb408a0aab2e36d74ad4ace299445_JaffaCakes118
Size

1.1MB
MD5

048cb408a0aab2e36d74ad4ace299445
SHA1

18e3f2ff53876d47809f3c1bc8e2455244ad2c0d
SHA256

a5983dc81fde80f9f2e100d768e62eb664f0cb2f842faf65c72ca99e31daabde
SHA512

8634a59c900fe694035e0fb500c41c7663fbe737192d9b534dcca408dce6405335596d8ff979fc7e0cb60d9593f4733ee82dc29a86d6f07c85167ff57f2cce9c
SSDEEP

12288:uCXVnmmlCex4DZgEejXgaqeBHKdgqnuwqnuDEpP7mLdKGxuJ:bBE+gaqeBHKdg+uw+u0YcJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
048cb408a0aab2e36d74ad4ace299445_JaffaCakes118

Files

048cb408a0aab2e36d74ad4ace299445_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a46789e748f48a7e610934c7a2710d37

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\PCC16\Src\Installer\SetupWizard\Win32\Release_L10N\tisspwiz.pdb

Imports

mfc80u

ord4553
ord5043
ord1182
ord1983
ord4433
ord4362
ord4495
ord1908
ord4840
ord4964
ord353
ord4523
ord4474
ord4965
ord4510
ord348
ord4942
ord4788
ord4281
ord4370
ord4371
ord603
ord4957
ord2797
ord4790
ord4704
ord4799
ord5047
ord4958
ord4643
ord4940
ord4501
ord4955
ord4668
ord4125
ord1293
ord1999
ord4126
ord1178
ord4667
ord4194
ord4337
ord1384
ord985
ord5388
ord3706
ord3698
ord2812
ord3471
ord3894
ord410
ord648
ord2711
ord1553
ord3644
ord5162
ord1610
ord4581
ord4383
ord4908
ord4513
ord3435
ord4026
ord354
ord605
ord5199
ord3635
ord4574
ord1386
ord6063
ord280
ord4256
ord1392
ord5908
ord6720
ord776
ord1542
ord1661
ord1662
ord2011
ord4884
ord4729
ord4206
ord5178
ord1416
ord3158
ord4226
ord1536
ord2260
ord2444
ord265
ord1176
ord5201
ord5144
ord3642
ord3939
ord1548
ord4013
ord2418
ord2419
ord2986
ord395
ord5352
ord635
ord940
ord4898
ord2933
ord553
ord4129
ord742
ord4303
ord562
ord5006
ord751
ord5003
ord4293
ord2609
ord1904
ord2237
ord2310
ord5161
ord1156
ord2424
ord5364
ord5701
ord5799
ord4244
ord4259
ord4271
ord3460
ord1297
ord2164
ord644
ord3163
ord4475
ord2936
ord1604
ord1603
ord1941
ord4123
ord2049
ord3903
ord5943
ord3900
ord3108
ord5940
ord5567
ord3393
ord2402
ord4108
ord4111
ord6062
ord3754
ord1086
ord2647
ord5798
ord4118
ord6060
ord6085
ord3982
ord2154
ord5827
ord5828
ord2137
ord1303
ord1311
ord5311
ord6715
ord1718
ord406
ord6716
ord587
ord3395
ord2713
ord4109
ord2225
ord3570
ord629
ord317
ord584
ord319
ord4914
ord758
ord3787
ord433
ord667
ord3990
ord5558
ord4078
ord3448
ord620
ord4101
ord4929
ord896
ord383
ord393
ord6764
ord6277
ord6133
ord1472
ord3327
ord2832
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord566
ord757
ord5113
ord3824
ord1096
ord4461
ord1049
ord4463
ord5971
ord3677
ord4025
ord547
ord2239
ord956
ord1121
ord3176
ord334
ord593
ord5221
ord6061
ord6279
ord4733
ord4846
ord4251
ord5491
ord2736
ord5408
ord1370
ord5588
ord5152
ord2042
ord2007
ord6234
ord2615
ord2608
ord4560
ord3444
ord3639
ord368
ord616
ord4258
ord4699
ord4476
ord6039
ord5930
ord2762
ord3034
ord4216
ord1913
ord3079
ord5518
ord385
ord630
ord2012
ord3082
ord4098
ord3298
ord730
ord314
ord6751
ord2243
ord2241
ord2244
ord3610
ord1198
ord1489
ord4514
ord5202
ord5829
ord2386
ord3734
ord2409
ord4438
ord4437
ord4784
ord2415
ord4198
ord4775
ord2413
ord4974
ord2651
ord4165
ord4172
ord2414
ord4770
ord2399
ord4380
ord2169
ord4395
ord2163
ord4393
ord1513
ord4375
ord6273
ord4378
ord3796
ord6086
ord4373
ord6275
ord4857
ord3338
ord4854
ord4961
ord6232
ord3968
ord1351
ord6763
ord5170
ord5910
ord1955
ord1079
ord1611
ord1647
ord2155
ord1608
ord1646
ord3940
ord1547
ord1393
ord5196
ord4238
ord2531
ord5147
ord2725
ord1899
ord2829
ord5067
ord4301
ord3641
ord6271
ord2708
ord4179
ord2856
ord283
ord5200
ord2534
ord2640
ord1784
ord2527
ord1785
ord3712
ord3713
ord1864
ord3198
ord774
ord3756
ord4119
ord5609
ord6033
ord777
ord5638
ord1894
ord2362
ord2366
ord4882
ord326
ord5723
ord3157
ord1959
ord2361
ord1270
ord602
ord347
ord709
ord501
ord2086
ord1582
ord3296
ord4234
ord3311
ord741
ord5630
ord5633
ord1925
ord1118
ord3155
ord3204
ord293
ord1271
ord2311
ord4347
ord3678
ord583
ord572
ord1626
ord1534
ord6721
ord5911
ord5148
ord5210
ord2985
ord925
ord927
ord2397
ord2379
ord2381
ord3339
ord1353
ord5171
ord1590
ord4255
ord3151
ord3703
ord2638
ord762
ord3397
ord3943
ord4716
ord4480
ord4276
ord4267
ord1591
ord5956
ord5231
ord5229
ord920
ord577
ord5727
ord2411
ord2648
ord929
ord4314
ord3459
ord2412
ord931
ord2384
ord266
ord2404
ord2388
ord2394
ord2392
ord2390
ord1058
ord567
ord2407
ord2712
ord764

msvcr80

_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
memset
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_beginthreadex
_errno
_vsnwprintf_s
ceil
iswalnum
wcsncpy_s
memcpy_s
wcscpy_s
malloc
strncmp
rand
_time64
srand
strchr
strtoul
iswdigit
strcpy_s
wcsncmp
calloc
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
memmove
_wtoi
_recalloc
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
floor
_purecall
free
memcpy
__CxxFrameHandler3
_CxxThrowException
?terminate@@YAXXZ

kernel32

UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
TerminateThread
GetExitCodeThread
ResumeThread
SetThreadPriority
CreateProcessW
GetVersionExW
OpenMutexW
ReleaseMutex
CreateMutexW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
SetEvent
GetFileAttributesA
LoadLibraryExW
GetCurrentThreadId
CreateEventW
lstrcmpiW
LeaveCriticalSection
GetLocalTime
EnterCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalLock
LoadResource
SizeofResource
FindResourceW
TerminateProcess
GetCurrentProcess
GetWindowsDirectoryW
GetCurrentProcessId
CopyFileW
GetModuleHandleW
GetModuleFileNameW
lstrlenA
MultiByteToWideChar
FormatMessageW
GetTickCount
GetSystemDirectoryA
LocalFree
LocalAlloc
WideCharToMultiByte
GetProcAddress
GetLastError
CloseHandle
Sleep
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
lstrlenW
LoadLibraryW
WaitForSingleObject
RaiseException
lstrcpyW
FreeLibrary
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
IsDebuggerPresent

user32

FrameRect
SetWindowRgn
FillRect
GetParent
ReleaseDC
UnregisterClassA
GetDC
GetClientRect
LoadBitmapW
EnableWindow
UpdateWindow
BringWindowToTop
SendMessageTimeoutW
SystemParametersInfoW
PostThreadMessageW
GetMessageW
MsgWaitForMultipleObjects
LoadImageW
TranslateMessage
PeekMessageW
LoadCursorW
CopyIcon
MessageBeep
SetRect
SetFocus
SetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
CharNextW
OpenClipboard
GetKeyState
CloseClipboard
GetClipboardData
IntersectRect
GetWindowLongW
CopyRect
DestroyIcon
SetTimer
SendMessageW
LoadIconW
MessageBoxW
OffsetRect
KillTimer
GetAsyncKeyState
PostMessageW
SetCursor
InvalidateRect
DrawStateW
RedrawWindow
DrawFocusRect
GetWindowRect
DestroyCursor
GetSysColor
DispatchMessageW
GetSystemMetrics

gdi32

GetStockObject
GetViewportOrgEx
CreateRectRgnIndirect
CreateBitmap
GetTextExtentPoint32W
CreateFontIndirectW
FrameRgn
CreatePatternBrush
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CombineRgn
CreateRectRgn
StretchBlt
CreateSolidBrush
GetObjectW

advapi32

SetSecurityDescriptorDacl
GetSidSubAuthority
InitializeSid
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CopySid
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
RegFlushKey
RegEnumValueW
InitializeAcl
AddAce
GetAclInformation
GetLengthSid
IsValidSid
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSidLengthRequired
MakeSelfRelativeSD

shell32

ShellExecuteW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindFileNameA

ole32

CoDisconnectObject
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleLoadPicture
SafeArrayGetVartype
SysFreeString
SysAllocString
VariantInit
VariantClear
SafeArrayCreate
SafeArrayCopy
SafeArrayGetElement
SafeArrayPutElement
VarUI4FromStr

msvcp80

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

ws2_32

closesocket
select
recv
WSAGetLastError
send
shutdown
WSAStartup
WSACleanup
ntohl
getaddrinfo
socket
connect
freeaddrinfo
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACloseEvent

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WYCao
Size: 720KB - Virtual size: 720KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a46789e748f48a7e610934c7a2710d37

Headers

File Characteristics

PDB Paths

Imports

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp80

ws2_32

Sections

.text Size: 204KB - Virtual size: 203KB

.rdata Size: 152KB - Virtual size: 149KB

.data Size: 32KB - Virtual size: 35KB

.WYCao Size: 720KB - Virtual size: 720KB

.text
Size: 204KB - Virtual size: 203KB

.rdata
Size: 152KB - Virtual size: 149KB

.data
Size: 32KB - Virtual size: 35KB

.WYCao
Size: 720KB - Virtual size: 720KB