262b20517c00ce489824e0a9a0d6bdac_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

262b20517c00ce489824e0a9a0d6bdac_JaffaCakes118
Size

880KB
MD5

262b20517c00ce489824e0a9a0d6bdac
SHA1

cdd2030c8388c5c3e55177859fe02eafa5f393a3
SHA256

6c77c210da74ff90d57b5b680292e7f26368b2c858addb4662ba09d8576b5e4a
SHA512

0a085c094f43e6d76276b8a528edaa556c2309b5e15d65784b74209c99406ea95bc34f58569e1024af4a527d399e34765e1b8400460c12161ab116cea506525b
SSDEEP

24576:FEzKCtIOqlqq48kF+ej5vY/B4e77Ivwb3IlUznDThO3tT2g:FstItTaj5vY/CUznDVO3t5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
262b20517c00ce489824e0a9a0d6bdac_JaffaCakes118

Files

262b20517c00ce489824e0a9a0d6bdac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2336e55b35b83c3f3596b1466cd447b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ws2_32

WSAAsyncGetHostByAddr
WSACancelAsyncRequest
WSAAsyncSelect
accept
bind
closesocket
connect
ioctlsocket
WSAAsyncGetHostByName
getsockname
listen
recv
recvfrom
ntohs
sendto
shutdown
socket
gethostname
setsockopt
WSAGetLastError
inet_ntoa
htons
htonl
inet_addr
getpeername
send
gethostbyname
WSACleanup
WSAStartup

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod
timeSetEvent
timeKillEvent
timeGetDevCaps

zlib1

inflateInit_
inflateEnd
deflate
inflate
deflateEnd
deflateInit_

rhinonet

?GetUPnPDevice@CUPnPNetwork@@QBEPAVCUPnPDevice@@PBD@Z
?DeletePortMap@CUPnPDevice@@QAE_NPAXIPBD@Z
?ReleasePortMaps@CUPnPDevice@@SAXAAV?$vector@PAVCUPnPPortMap@@V?$allocator@PAVCUPnPPortMap@@@std@@@std@@@Z
?GetStartEndPorts@CUPnPDevice@@QBEXAAI0@Z
?DeletePortMaps@CUPnPDevice@@QAE_NPAX@Z
?NumPortMaps@CUPnPDevice@@QBEIXZ
?AddPortMap@CUPnPDevice@@QAE_NPAXIPBD1@Z
?AddPortMaps@CUPnPDevice@@QAE_NPAXIIPBD1@Z
?GetExternalIPAddress@CUPnPDevice@@QAE_NPAX@Z
?GetUSN@CUPnPDevice@@QBEABV?$CStdStr@D@@XZ
?GetNATEnabled@CUPnPDevice@@QAE_NPAXAA_N@Z
?ReleaseUPnPDevice@CUPnPNetwork@@QAEXPAVCUPnPDevice@@@Z
?Rediscover@CUPnPNetwork@@QAEXXZ
?Tickle@CUPnPNetwork@@QAEXXZ
?GetPortMappingDescription@CUPnPPortMap@@QBEPBDXZ
?GetInternalClient@CUPnPPortMap@@QBEPBDXZ
?GetIpAddr@CUPnPDevice@@QBEABV?$CStdStr@D@@XZ
?ParentDepth@CUPnPObject@@QAEHXZ
??0CUPnPNetwork@@QAE@P6GXPAXIPAVCUPnPObject@@@Z0@Z
?ExternalPort@CUPnPPortMap@@QBEIXZ
??1CUPnPNetwork@@UAE@XZ
IsPrivateIP
?GetPortMaps@CUPnPDevice@@QAE_NPAXAAV?$vector@PAVCUPnPPortMap@@V?$allocator@PAVCUPnPPortMap@@@std@@@std@@@Z

kernel32

GetStartupInfoA
InterlockedExchange
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
InterlockedCompareExchange
TerminateThread
ReleaseSemaphore
CreateSemaphoreA
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetDiskFreeSpaceA
lstrlenA
WaitForMultipleObjects
CreateEventA
InitializeCriticalSection
CloseHandle
EnterCriticalSection
FindFirstChangeNotificationA
PulseEvent
LeaveCriticalSection
Sleep
DeleteCriticalSection
FindCloseChangeNotification
GetCurrentThread
GetLastError
GetCurrentProcess
HeapAlloc
GetModuleFileNameA
HeapFree
GetProcessHeap
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetTimeZoneInformation
GetFileAttributesA
WriteFile
ReadFile
CreateFileA
SetFilePointer
SetEndOfFile
SetFileAttributesA
WinExec
MoveFileA
MoveFileExA
SystemTimeToFileTime
GetSystemTimeAsFileTime
CompareFileTime
SetFileTime
GetFileTime
FileTimeToSystemTime
GetCurrentDirectoryA
SetCurrentDirectoryA
GetModuleHandleA
FindResourceA
SizeofResource
GetProfileStringA
WriteProfileStringA
WaitForSingleObject
WritePrivateProfileStringA
GlobalMemoryStatus
OpenProcess
GetCurrentProcessId
GetTimeFormatA
SetProcessWorkingSetSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateMailslotA
GetComputerNameA
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
GetMailslotInfo
SetErrorMode
OpenEventA
SetEvent
GetVersionExA
GetSystemDirectoryA
HeapCompact
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
ResetEvent
SetThreadPriority
GetExitCodeThread
GetDateFormatA

user32

LoadStringA
PostMessageA
IsWindow
MessageBeep
PostQuitMessage
LoadImageA
LoadCursorA
ShowWindow
GetSysColorBrush
RegisterClassA
CreateWindowExA
DefWindowProcA
IsIconic
IsWindowVisible
GetWindowRect
DestroyWindow
MoveWindow
SendMessageA
BringWindowToTop
GetClientRect
GetParent
GetSystemMetrics
GetWindowTextLengthA
GetMessageA
DispatchMessageA
PeekMessageA
TranslateMessage
MsgWaitForMultipleObjectsEx
PostThreadMessageA
CharNextA
CharPrevA
CharLowerA
CharUpperA
UnregisterClassA

gdi32

CreateICA
DeleteDC
DeleteObject
SelectObject
GetTextExtentPointA
CreateFontA
GetDeviceCaps

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegEnumValueA
RegisterServiceCtrlHandlerA
SetServiceStatus
ControlService
StartServiceA
StartServiceCtrlDispatcherA
DeleteService
QueryServiceStatus
CloseServiceHandle
ChangeServiceConfigA
OpenServiceA
CreateServiceA
OpenSCManagerA
GetUserNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
ReportEventA
DeregisterEventSource
RegisterEventSourceA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
OpenThreadToken

shell32

SHGetFileInfoA

msvcr80

_amsg_exit
__getmainargs
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
_itoa
_strnicmp
_stricmp
_strdup
_unlink
_chmod
_strrev
_access
_ultoa
_cexit
_decode_pointer
_onexit
fopen
fread
fclose
??3@YAXPAX@Z
??0exception@std@@QAE@XZ
strncpy
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_beginthreadex
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_time32
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memmove
_invalid_parameter_noinfo
sprintf
memmove_s
strtol
qsort
strftime
isgraph
isprint
_gmtime32
_stat32i64
_stat32
fgets
toupper
sscanf
atoi
free
strchr
_localtime32
strrchr
_ctime32
_i64toa
_chdrive
atol
_chdir
_mkdir
_rmdir
strstr
isupper
isalpha
isdigit
fprintf
_mktime32
_vsnprintf
__timezone
atof
srand
rand
rename
_heapmin
strcpy_s
_atoi64
fopen_s
isspace
tolower
fprintf_s
_tzset
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
__CxxFrameHandler3
strcpy
memset
strlen
fgetc
strcmp
memcpy
_CxxThrowException
strcat
_beginthread
malloc
strncmp
islower
_time64
fputc
__iob_func
exit
calloc
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock

msvcp80

?tolower@?$ctype@D@std@@QBEDD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V32@D@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_Register@facet@locale@std@@QAEXXZ
??1locale@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
??0locale@std@@QAE@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Bid@locale@std@@QAEIXZ
??1_Lockit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
??0_Lockit@std@@QAE@H@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

Sections

.text
Size: 708KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2336e55b35b83c3f3596b1466cd447b9

Headers

File Characteristics

Imports

version

ws2_32

winmm

zlib1

rhinonet

kernel32

user32

gdi32

advapi32

shell32

msvcr80

msvcp80

Sections

.text Size: 708KB - Virtual size: 706KB

.rdata Size: 88KB - Virtual size: 86KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 60KB - Virtual size: 59KB

.text
Size: 708KB - Virtual size: 706KB

.rdata
Size: 88KB - Virtual size: 86KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 60KB - Virtual size: 59KB