093eff8f8c3f8f78b72f7fc96b120720_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

093eff8f8c3f8f78b72f7fc96b120720_JaffaCakes118
Size

128KB
MD5

093eff8f8c3f8f78b72f7fc96b120720
SHA1

ff11b86429679745f7330323bd52016a610c0f4d
SHA256

b1a4814310c658091c7d0eb20d3bf14deb7189d3628413907a5f9e1261f0ff1b
SHA512

b78ac901b1bbf1250db4a1ad8b82829d482b075f799e7d999a0132d87bd345cd17a843b90646b8a2e391e1084c4a8d1d226e1ba39ecaa5270acf2f17a8123160
SSDEEP

1536:AVLOhgkBJ9XOt8cBX9Iw/3Lze3Oi1jm3zbptwzAOI5JQzsqQ1DBAy3tdSFBc:qEgiXI8cBS3Oi1j8BPOI5s8Dx3WFK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
093eff8f8c3f8f78b72f7fc96b120720_JaffaCakes118

Files

093eff8f8c3f8f78b72f7fc96b120720_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5cac07f2516fccbe25b145656b81112d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\hummer\Hummer1.20_BugfixProj\Basic_Hummer2_VOB\Hummer2008\Output\Bin\QQ.pdb

Imports

comctl32

InitCommonControlsEx

common

??0CTXStringW@@QAE@PA_W@Z
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
??BCTXBSTR@@QBEPA_WXZ
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
??0CTXBSTR@@QAE@PB_W@Z
??1CTXStringW@@QAE@XZ
??1CTXBSTR@@QAE@XZ
??BCTXStringW@@QBEPB_WXZ
??YCTXStringW@@QAEAAV0@PB_W@Z
?OnUninitCom@Misc@Util@@YAXXZ
??YCTXStringW@@QAEAAV0@ABV0@@Z
?TrimLeft@CTXStringW@@QAEAAV1@XZ
?Find@CTXStringW@@QBEHPB_WH@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
?Find@CTXStringW@@QBEH_WH@Z
?Format@CTXStringW@@QAAXPB_WZZ
??0CTXStringW@@QAE@XZ
?IsEmpty@CTXStringW@@QBE_NXZ
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
?Left@CTXStringW@@QBE?AV1@H@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?GetMemoryUsage@Sys@Util@@YAXAAK0@Z
??0CTXBSTR@@QAE@XZ
ord37
??ICTXBSTR@@QAEPAPA_WXZ
??0CTXStringW@@QAE@PB_W@Z
??8@YA_NABVCTXStringW@@PB_W@Z
?SetIdleCallback@TXTimer@@YAHPAUITXIdleCallback@@I@Z
?SetTimeout@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?MinimzeMemory@Sys@Util@@YAXXZ
?GetSession@TXLog@@YAKXZ
?GetLCID@NLS@@YAKXZ
?ValidateBugReport@TXBugReport@@YAXXZ
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?InitNetwork@Network@Util@@YAHXZ
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
?InitPlatformGFConfig@Boot@Util@@YAHXZ
?InitPlatformFileSystem@Boot@Util@@YAHXZ
?InitPlatformModeConfig@Boot@Util@@YAHXZ
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6G?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAUtagBugReportInfo@1@PBD20PAX@Z@Z
?NotifyIdle@TXTimer@@YAXXZ
?GetLength@CTXStringW@@QBEHXZ
?AddIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
?NotifyIdle@Window@Util@@YAJXZ
?DelIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
?Append@CTXStringW@@QAEXPB_W@Z
?OnExitCoreCenter@Misc@Util@@YAXXZ
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
?OnExitWinMain@Misc@Util@@YAXXZ
??0CTXStringW@@QAE@ABV0@@Z

kernelutil

?GetBuildVer@Version@@YAKXZ
?GetMinorVer@Version@@YAEXZ
?GetUserDataSaveSetting@Sys@Util@@YA?AVCTXStringW@@AAKAAV3@@Z
?GetProgramBinDir@Sys@Util@@YA?AVCTXStringW@@V3@@Z
?GetProgramRootDir@Sys@Util@@YA?AVCTXStringW@@XZ
?GetMajorVer@Version@@YAEXZ
?GetGlobalSysDir@Sys@Util@@YA?AVCTXStringW@@XZ
?Init@Version@@YAHXZ

kernel32

WaitForSingleObject
InterlockedDecrement
Sleep
OpenEventW
SetEvent
GetModuleHandleW
GetVersionExW
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateFileW
GetFileSize
InitializeCriticalSection
ReadFile
CloseHandle
CreateThread
GetModuleFileNameW
GetDriveTypeW
OpenMutexW
CreateMutexW
GetCurrentProcessId
GetCurrentThreadId
CreateEventW
SetThreadPriority
GetCurrentThread
LoadLibraryW
GetProcAddress
DeleteCriticalSection
FreeLibrary
GetTickCount
lstrlenW
QueryPerformanceCounter
InterlockedIncrement
GetProcessTimes
GetCurrentProcess
GetSystemTimeAsFileTime
CreateProcessW
InterlockedExchange
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InterlockedCompareExchange

user32

TranslateMessage
PeekMessageW
DispatchMessageW
WaitMessage
PostThreadMessageW
MessageBoxW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

ole32

OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize

atl80

ord64
ord32
ord30

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

msvcr80

_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__CxxFrameHandler3
__p__commode
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
??1exception@std@@UAE@XZ
_CxxThrowException
??2@YAPAXI@Z
_time64
__argc
__wargv
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cac07f2516fccbe25b145656b81112d

Headers

File Characteristics

PDB Paths

Imports

comctl32

common

kernelutil

kernel32

user32

advapi32

ole32

atl80

msvcp80

msvcr80

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 12KB - Virtual size: 9KB

.rsrc Size: 68KB - Virtual size: 65KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 68KB - Virtual size: 65KB