0db3dc2fe1d9e51e52498523455454d5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0db3dc2fe1d9e51e52498523455454d5_JaffaCakes118
Size

636KB
MD5

0db3dc2fe1d9e51e52498523455454d5
SHA1

177c0ba45bebe5d049519cf3f8774f1e5c915d22
SHA256

72233bb2648943cf0b4bc8551bccaed2530bb421aae039e7dabe59031c48e56d
SHA512

e3b4f71066426837ae13fc1d4ac44b89d560c866358b540ebdde20596e0e854ea76c33686cdde88b90719ddbb53154bfcd60dd7cbdaf57582632b26e63715691
SSDEEP

12288:02RAOnTBecXpdpAqOSs+FdLW/tLzye7K7HXz6nsz48rqHpiSgMZgEw4yOZ8VILfo:0YFLApSs+bW9zdmXEPzWMZgd4yOiM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0db3dc2fe1d9e51e52498523455454d5_JaffaCakes118

Files

0db3dc2fe1d9e51e52498523455454d5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

615b4a9eebb4b9282d5126fced4bfe95

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Destroy
ImageList_Create
ord17
PropertySheetA
ImageList_DragShowNolock
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragMove
ImageList_DragEnter
ImageList_BeginDrag
ImageList_Add

mpr

WNetCloseEnum
WNetOpenEnumA
WNetGetLastErrorA
WNetEnumResourceA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

rxtrace

rxtStartUpTracing
rxtSetPos
rxtTrace
rxtSetModuleID

rwclientgui

ShowOverrightPromptDlg
ShowRwRetrieveFailureDlg
ReadRwRegisterDlgPara
ShowRwRegisterDlg
ShowRwFirstLoginDlg
ShowNotifOkDlg
ShowNotifErrorDlg
ShowRwBadCloseDlg
ShowRwCapFailureDlg
ShowRwCheckServerDlg
RwGetCurrentAVI
ShowRwBackupDlg
IsDlgReady
GetDlgHWND
SetCallbackFunc
EnableBackupDlgButton
RwOpenAVI
DestoryRwBackupDlg
DestoryRwChecksvrDlg
SetElementText1
ShowHangOnDlg
ShowRwPromptSend
ShowBkSetMergeWindowToProcess
SetProgress
SetElementText

cfutilities

CFUtilities_TraceDetailW
CFFactory_GetMaxDebug
CFFactory_CreateInstanceExW
CFFactory_LoadExW
CFPorting_IsValidStringW
CFFactory_Unload
??0CFStringW@@QAE@XZ
??1CFStringW@@QAE@XZ
?c_str@CFStringW@@QBEPBGXZ
?npos@CFStringW@@2IB
?assign_mbcs@CFStringW@@QAE_NPBDI@Z
CFUtilities_TraceErrorW

cfruntime

CFRunTime_InstallCrashHandler

kernel32

lstrlenA
GetLogicalDrives
lstrcpyA
FreeResource
GetVersionExA
Sleep
ReleaseMutex
SetErrorMode
WinExec
SetPriorityClass
GetModuleFileNameA
GetDateFormatA
GetTimeFormatA
DeleteFileA
GetPrivateProfileStringA
MulDiv
GetLocaleInfoA
FreeLibrary
LockResource
LoadResource
FindResourceA
GetTickCount
FormatMessageA
FindClose
FindNextFileA
FindFirstFileA
SetLastError
GetDriveTypeA
GetCurrentThreadId
OpenMutexA
CreateMutexA
GetComputerNameA
RemoveDirectoryA
SetFileAttributesA
lstrcatA
CreateDirectoryA
MoveFileA
HeapValidate
GetProcessHeap
SetUnhandledExceptionFilter
SetEnvironmentVariableA
GetEnvironmentVariableA
GetModuleHandleA
IsBadReadPtr
GlobalAddAtomA
GlobalDeleteAtom
GetSystemDefaultLCID
lstrlenW
DosDateTimeToFileTime
GlobalFree
GlobalAlloc
ReadFile
CreateFileA
GetACP
WritePrivateProfileStringA
GetSystemDirectoryA
GetPrivateProfileIntA
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
GetFileAttributesA
TerminateProcess
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
GetSystemPowerStatus
CloseHandle
OpenProcess
GetCurrentThread
GetLastError
GetCurrentProcess
LocalAlloc
GetVersion
LoadLibraryA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetTimeZoneInformation
ExitThread
ResumeThread
CreateThread
HeapReAlloc
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
InterlockedExchange
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetOEMCP
GetCPInfo
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
WriteFile
CompareStringW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
InitializeCriticalSection
VirtualProtect
GetSystemInfo
SetFilePointer
HeapSize
IsBadCodePtr
SetStdHandle
FlushFileBuffers
GetLocaleInfoW
SetEndOfFile
CompareStringA
GetTempPathA

user32

GetKeyState
GetWindow
ScreenToClient
MoveWindow
LoadMenuA
SetMenu
DrawMenuBar
BeginPaint
EndPaint
InvalidateRect
GetMenu
PostQuitMessage
GetFocus
KillTimer
GetSubMenu
SetCapture
GetCursorPos
EnableMenuItem
SetForegroundWindow
DefWindowProcA
ExitWindowsEx
GetAsyncKeyState
GetDC
ReleaseDC
LoadIconA
RegisterClassA
CreateWindowExA
LoadAcceleratorsA
ShowWindow
SetTimer
TranslateAcceleratorA
ReleaseCapture
TranslateMessage
DispatchMessageA
PeekMessageA
FindWindowA
UpdateWindow
RedrawWindow
DialogBoxIndirectParamA
GetDlgItemTextA
MessageBoxA
SetFocus
DialogBoxParamA
CallWindowProcA
LoadImageA
MapWindowPoints
wsprintfA
LoadCursorA
SetCursor
SetWindowLongA
DestroyWindow
GetParent
PostMessageA
WinHelpA
GetClientRect
SetWindowPos
SendDlgItemMessageA
SendMessageA
EnableWindow
EnumWindows
GetDesktopWindow
GetSystemMenu
GetMenuItemCount
LoadStringA
GetMessageA
UnhookWindowsHookEx
ShowCursor
GetNextDlgTabItem
CreateDialogParamA
GetWindowTextA
IsWindowVisible
GetClassNameA
GetWindowRect
GetSystemMetrics
GetWindowLongA
GetDlgItem
EndDialog
GetSysColor
UnregisterClassA
IsDlgButtonChecked
GetDlgItemInt
BringWindowToTop
GetMenuStringA
AppendMenuA
CreateMenu
InsertMenuA
CreateDialogIndirectParamA
GetWindowPlacement
InflateRect
DrawEdge
DrawFocusRect
wsprintfW
CheckDlgButton
SetRect
RemovePropA
MessageBeep
GetPropA
SetPropA
SystemParametersInfoA
GetActiveWindow
GetLastActivePopup
CheckRadioButton
GetDlgCtrlID
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
DestroyMenu

gdi32

DeleteDC
CreateSolidBrush
SetMapMode
GetTextExtentPoint32A
SelectObject
BitBlt
RealizePalette
UpdateColors
CreateFontIndirectA
GetTextMetricsA
GetDeviceCaps
DeleteObject
DPtoLP
GetObjectA
GetMapMode
CreateCompatibleDC
RestoreDC
SaveDC
CreatePalette
CreateDIBitmap
StretchBlt
SetBkMode
SelectPalette
GetStockObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

IsValidSecurityDescriptor
GetNamedSecurityInfoA
SetEntriesInAclA
SetNamedSecurityInfoA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
LookupAccountNameA
RegCreateKeyA
RegSetValueExA
OpenSCManagerA
OpenServiceA
StartServiceA
LogonUserA
LookupAccountSidA
AddAccessDeniedAce
RegOpenKeyExA
RegDeleteValueA
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
RegOpenKeyA
RegEnumKeyA
RegQueryValueA
RegQueryValueExA
RegCloseKey
GetTokenInformation
ImpersonateSelf
OpenThreadToken
OpenProcessToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
IsValidSid
FreeSid
RevertToSelf
AccessCheck
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl

shell32

SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoCreateInstance
CoInitialize

Exports

Exports

_rwDBClose@8
_rwDBFindChildIDByName@16
_rwDBGetFirstID@8
_rwDBGetNextID@12
_rwDBIsTree@8
_rwDBReadName@16
_rwDateTimeToString@12
_rwGetCurrentDosDateTime@0

Sections

.text
Size: 508KB - Virtual size: 506KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

615b4a9eebb4b9282d5126fced4bfe95

Headers

File Characteristics

Imports

comctl32

mpr

version

rxtrace

rwclientgui

cfutilities

cfruntime

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 508KB - Virtual size: 506KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 88KB - Virtual size: 149KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 508KB - Virtual size: 506KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 88KB - Virtual size: 149KB

.rsrc
Size: 12KB - Virtual size: 8KB