135a48b065c3bfedba6c6ba3a388290d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

135a48b065c3bfedba6c6ba3a388290d_JaffaCakes118
Size

648KB
MD5

135a48b065c3bfedba6c6ba3a388290d
SHA1

9da5e2c595f341cbec535b7d9bd38479aab9835d
SHA256

942751cdfa007dca49e85977f18140e12a34820cd317ea9e360cba0be2060971
SHA512

289027ddb46ab946093471ddfea1ef25110223aba3b100165c5c8818a8fe32439b9d60aa1acd1a45c6525c4746d664d21c0c295782b941f265d03f652f77e714
SSDEEP

12288:rjyQpsr4LrNOoxiK6F0NmpJJiheaJwpH5ESVsLKedRmaGnE2KO:rLvUyz6KdRmaGEr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
135a48b065c3bfedba6c6ba3a388290d_JaffaCakes118

Files

135a48b065c3bfedba6c6ba3a388290d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a1321a53f26676c4ef7f2f686577c677

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Work\VRDT55\실시간감시기\VRMONSVC-V\20091126\VRMONSVC_Z\Release\vrmonsvc.pdb

Imports

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

kernel32

CreateDirectoryA
SetNamedPipeHandleState
MoveFileA
ReleaseSemaphore
CreateSemaphoreA
LocalAlloc
MoveFileExA
CreateMutexA
GetVersionExA
CreateProcessA
GlobalMemoryStatus
GetCurrentThreadId
GetOverlappedResult
GetComputerNameA
WritePrivateProfileStringA
GetPrivateProfileSectionA
GetLogicalDrives
CreateNamedPipeA
ConnectNamedPipe
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
DisconnectNamedPipe
GetShortPathNameW
CreateFileA
GetFileSize
ReadFile
DeleteFileA
WriteFile
OpenEventA
GetDriveTypeA
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
GetExitCodeProcess
TerminateProcess
GetCommandLineA
GetFileAttributesA
SetFileAttributesA
CopyFileA
DeviceIoControl
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
GetShortPathNameA
GetSystemDirectoryA
GetWindowsDirectoryA
LoadLibraryA
GetLocalTime
GetSystemTime
GetProcessHeap
MulDiv
SizeofResource
LockResource
LoadResource
FindResourceA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalFree
SetLastError
SetErrorMode
GetModuleFileNameW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FreeResource
SetThreadPriority
ResumeThread
SuspendThread
lstrcmpA
GlobalFlags
GetAtomNameA
GetThreadLocale
FileTimeToSystemTime
SystemTimeToFileTime
LoadLibraryExA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileTime
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
RaiseException
ExitThread
HeapSize
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FatalAppExitA
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
HeapAlloc
HeapFree
CreateEventA
CreateThread
GetCurrentProcessId
OpenProcess
WaitForSingleObject
ResetEvent
SetProcessWorkingSetSize
FindFirstFileA
FindClose
FormatMessageA
LocalFree
OutputDebugStringA
Sleep
GetModuleFileNameA
GetProcAddress
FreeLibrary
CloseHandle
SetEvent
GetLastError
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrlenA
lstrcmpiA
lstrcmpiW
GetStringTypeExA
GetStringTypeExW
WideCharToMultiByte
lstrlenW
CompareStringA
CompareStringW
GetEnvironmentVariableA
MultiByteToWideChar
InterlockedExchange
GetVersion
GetEnvironmentVariableW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

ole32

OleRegGetUserType
ReadFmtUserTypeStg
CoTaskMemFree
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
WriteFmtUserTypeStg
OleDuplicateData
CoDisconnectObject
CoCreateInstance
StringFromGUID2
CLSIDFromString
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
SetConvertStg
ReadClassStg
WriteClassStg

user32

GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageA
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
IsWindow
GetFocus
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetCapture
IsChild
WinHelpA
SendDlgItemMessageA
LoadIconA
RegisterWindowMessageA
ValidateRect
GetCursorPos
GetActiveWindow
TranslateMessage
GetMessageA
SetWindowTextA
UnregisterClassA
CheckDlgButton
CheckRadioButton
GetDlgItemInt
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
IsDialogMessageA
MoveWindow
ShowWindow
ScrollWindowEx
InflateRect
CheckMenuItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetMenuItemInfoA
DestroyMenu
PostQuitMessage
SetCursor
ShowOwnedPopups
DeleteMenu
DestroyIcon
GetNextDlgTabItem
CreateDialogIndirectParamA
GetDialogBaseUnits
PeekMessageA
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
SetScrollRange
GetScrollInfo
SetScrollInfo
PtInRect
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetScrollPos
GetKeyState
CharLowerW
CharLowerA
CharUpperW
CharUpperA
CloseDesktop
CloseWindowStation
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
SetUserObjectSecurity
GetUserObjectSecurity
SendMessageA
FindWindowA
wsprintfA
MessageBoxA
EndDialog
GetDlgItemTextA
KillTimer
SetTimer
SetFocus
GetDlgItem
SetActiveWindow
SetWindowPos
DialogBoxParamA
SetThreadDesktop
OpenInputDesktop
GetThreadDesktop
GetScrollRange
CopyRect
SetScrollPos
PostMessageA
GetDesktopWindow

advapi32

StartServiceCtrlDispatcherA
CreateServiceA
OpenSCManagerA
DeleteService
QueryServiceStatus
ControlService
OpenServiceA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetServiceStatus
RevertToSelf
CreateProcessAsUserA
ImpersonateLoggedOnUser
CopySid
GetLengthSid
GetTokenInformation
SetSecurityDescriptorDacl
AddAce
GetAce
InitializeAcl
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
RegDeleteValueA
RegSetValueExA
StartServiceA
ChangeServiceConfigA
RegCreateKeyExA
RegisterServiceCtrlHandlerA
RegCreateKeyA
OpenProcessToken
EqualSid
FreeSid
AllocateAndInitializeSid
QueryServiceConfigA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegSetValueA
CloseServiceHandle

ws2_32

gethostbyname
gethostname
WSAStartup
WSACleanup
inet_ntoa

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

shlwapi

PathFindFileNameA
PathRemoveExtensionA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

gdi32

ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
GetTextMetricsA
GetTextExtentPoint32A
DPtoLP
OffsetViewportOrgEx
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateFontIndirectA
GetDCOrgEx
GetDeviceCaps
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreateBitmap
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SaveDC
CreateDCA
CopyMetaFileA
TextOutA
RectVisible
PtVisible
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
DeleteObject
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetObjectA
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
StartDocA
SetViewportExtEx

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetFileTitleA

shell32

SHGetFileInfoA
ExtractIconA

oleaut32

SafeArrayAllocDescriptor
SysFreeString
SysAllocStringByteLen
SysStringLen
SysStringByteLen
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate

Sections

.text
Size: 432KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a1321a53f26676c4ef7f2f686577c677

Headers

File Characteristics

PDB Paths

Imports

psapi

kernel32

userenv

ole32

user32

advapi32

ws2_32

oleacc

shlwapi

gdi32

winspool.drv

comdlg32

shell32

oleaut32

Sections

.text Size: 432KB - Virtual size: 429KB

.rdata Size: 148KB - Virtual size: 146KB

.data Size: 12KB - Virtual size: 73KB

.rsrc Size: 52KB - Virtual size: 52KB

.text
Size: 432KB - Virtual size: 429KB

.rdata
Size: 148KB - Virtual size: 146KB

.data
Size: 12KB - Virtual size: 73KB

.rsrc
Size: 52KB - Virtual size: 52KB