278d42b0be1eb79ecf03d3fac1a48f80_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

278d42b0be1eb79ecf03d3fac1a48f80_JaffaCakes118
Size

706KB
MD5

278d42b0be1eb79ecf03d3fac1a48f80
SHA1

12de03953067508c7655934fbd8e967ee828af8b
SHA256

7acf948ee8e27de6e80c5587d9c9bb697701e5f01468ca52967f8fadbbae9090
SHA512

a89b681984bea1364372138c395d7f4479ea96e38095dffcc14ec069b6b719727f241ff347f471249ba08cfad47634333da7bb132a5cfb00a3f3ced09bbbda7e
SSDEEP

12288:YyYtiwZo1bL/ADmc1G8sfwx8D9bnd+YbNsEsqk8jk:aiwihymx8s4x8DJN+EpkI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
278d42b0be1eb79ecf03d3fac1a48f80_JaffaCakes118

Files

278d42b0be1eb79ecf03d3fac1a48f80_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4c0cef5f6f3061d384f0c596c645e15a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\depot\Xman\trelo\source\Manager\Win\Release\Manager.pdb

Imports

kernel32

GlobalAddAtomW
GlobalDeleteAtom
GetVersionExW
GetACP
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
ExitProcess
GetStartupInfoW
GetModuleHandleA
FindNextFileW
FindFirstFileW
FindClose
CopyFileW
DeleteFileW
OpenProcess
GetTickCount
SetFileAttributesW
GetFileAttributesW
MoveFileW
RemoveDirectoryW
CreateDirectoryW
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetModuleFileNameW
GetCurrentProcess
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
FindResourceW
LoadResource
LockResource
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateProcessW
CloseHandle
GetShortPathNameW
EnumUILanguagesW
GetUserDefaultUILanguage
GetUserDefaultLangID
LoadLibraryA
GetProcAddress
GlobalGetAtomNameW
MulDiv

user32

GetCursorPos
SetCursor
ReleaseCapture
IsWindow
GetDesktopWindow
SetCapture
ReleaseDC
CopyRect
PtInRect
OffsetRect
FillRect
IsRectEmpty
SetRect
LoadIconW
LoadBitmapW
SystemParametersInfoW
SetTimer
KillTimer
DrawStateW
RedrawWindow
GetCapture
DestroyIcon
wsprintfW
GetDlgCtrlID
AppendMenuW
GetSystemMenu
CallWindowProcW
SetWindowLongW
GetWindowDC
GetDC
ScreenToClient
BringWindowToTop
DrawFocusRect
InflateRect
GetParent
GetClientRect
GetWindowRect
RegisterWindowMessageW
FindWindowW
UpdateWindow
GetMenu
PostMessageW
InsertMenuW
GetSubMenu
LoadImageW
GetSystemMetrics
GetClassInfoW
SetForegroundWindow
IsChild
InvalidateRect
IsIconic
GetSysColor
SendMessageW
EnableWindow
LoadCursorW
PeekMessageW
GetSysColorBrush

gdi32

DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteDC
CreatePalette
Rectangle
CreateSolidBrush
RemoveFontResourceW
AddFontResourceW
GetObjectW
RealizePalette
SelectPalette
SelectObject
CreateCompatibleDC
CreateDIBitmap
DeleteObject
CreateFontIndirectW
GetTextExtentPoint32W

msvcp71

?_Nomemory@std@@YAXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z

mfc71u

ord3088
ord2740
ord2747
ord2744
ord2111
ord5621
ord5873
ord2897
ord4049
ord6206
ord911
ord2299
ord2465
ord3452
ord1178
ord1182
ord6284
ord5319
ord900
ord4459
ord5119
ord3249
ord577
ord593
ord283
ord334
ord5118
ord776
ord764
ord3635
ord5178
ord4206
ord4729
ord4884
ord4574
ord2011
ord1662
ord1661
ord1542
ord5908
ord1611
ord1608
ord3940
ord1392
ord4238
ord5148
ord1899
ord5067
ord6271
ord4179
ord5199
ord3397
ord4716
ord4276
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4256
ord3176
ord605
ord354
ord1883
ord774
ord6063
ord2651
ord2311
ord870
ord4026
ord293
ord6115
ord3435
ord1864
ord1784
ord2237
ord1904
ord2609
ord5003
ord5006
ord4303
ord4129
ord2933
ord4898
ord5352
ord2986
ord2419
ord2418
ord4013
ord1548
ord5911
ord3939
ord1393
ord5144
ord5201
ord2164
ord1297
ord4271
ord4259
ord1472
ord1079
ord1086
ord4119
ord1155
ord5161
ord2895
ord5558
ord3990
ord4100
ord2261
ord2424
ord6086
ord940
ord1315
ord3677
ord280
ord715
ord2239
ord6301
ord3103
ord630
ord2365
ord2366
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord2832
ord4475
ord4255
ord3327
ord1476
ord5221
ord3927
ord5113
ord2260
ord956
ord547
ord5971
ord1117
ord2012
ord3639
ord3444
ord4560
ord2608
ord2615
ord6234
ord2007
ord2042
ord5152
ord5588
ord1370
ord5408
ord2736
ord5491
ord4251
ord4846
ord4733
ord4699
ord1913
ord4216
ord3034
ord2762
ord5930
ord6039
ord4476
ord4258
ord368
ord616
ord2340
ord266
ord2860
ord1571
ord2121
ord1632
ord1562
ord4232
ord5210
ord3224
ord5327
ord6293
ord5316
ord6282
ord3869
ord3641
ord3459
ord732
ord3734
ord4438
ord4437
ord4784
ord4198
ord4775
ord4974
ord4165
ord4172
ord4770
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4857
ord4854
ord3968
ord5910
ord5147
ord5200
ord3338
ord1351
ord5170
ord1547
ord4267
ord591
ord620
ord651
ord6233
ord5485
ord4314
ord3204
ord1925
ord2361
ord1894
ord1922
ord1474
ord4092
ord2080
ord1538
ord4228
ord2985
ord3165
ord572
ord1545
ord3189
ord1299
ord2167
ord2413
ord2414
ord2415
ord2412
ord2411
ord416
ord393
ord5609
ord4929
ord5829
ord5867
ord1118
ord3995
ord4117
ord5637
ord502
ord6302
ord5524
ord3082
ord3104
ord5979
ord2151
ord4581
ord6232
ord3756
ord5803
ord896
ord899
ord1479
ord282
ord2926
ord860
ord5705
ord2444
ord897
ord4074
ord4101
ord6173
ord6167
ord6111
ord281
ord5484
ord1176
ord5712
ord745
ord557
ord5398
ord2460
ord2282
ord772
ord1430
ord5083
ord3842
ord3678
ord3157
ord1271
ord2255
ord1959
ord3645
ord658
ord2867
ord5636
ord5727
ord326
ord3789
ord3642
ord3460
ord395
ord635
ord4293
ord4244
ord3752
ord6033
ord5638
ord3824
ord2984
ord566
ord757
ord1906
ord284
ord2159
ord1634
ord1572
ord3286
ord287
ord1785
ord1386
ord3198
ord6061
ord709
ord501
ord3630
ord290
ord4966
ord4458
ord4578
ord4619
ord4904
ord4205
ord4728
ord4713
ord3194
ord3050
ord385
ord3783
ord1536
ord4226
ord3158
ord587
ord3155
ord1058
ord1921
ord1555
ord3983
ord2648
ord629
ord384
ord2461
ord6009
ord3383
ord4536
ord4488
ord1198

msvcr71

_controlfp
?terminate@@YAXXZ
_onexit
__CxxFrameHandler
_wcsnicmp
wcslen
wcsncmp
__dllonexit
__security_error_handler
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
memset
_callnewh
calloc
abort
realloc
wcstombs
strncpy
strcspn
_time64
_localtime64
_mktime64
wcsstr
swprintf
malloc
iswspace
_except_handler3
_wsplitpath
wcstok
wcscmp
wcsncpy
wcschr
_wtoi
_wcsicmp
wcscat
memmove
??0exception@@QAE@XZ
??1exception@@UAE@XZ
free
_wcsdup
wcsrchr
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_purecall
__RTDynamicCast
wcscpy

comctl32

ImageList_GetImageInfo
ImageList_AddMasked
ImageList_GetIcon

ole32

CoCreateInstance
CoInitialize

advapi32

RegSetValueExW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW
GetSidSubAuthority
InitializeSid
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthorityCount
FreeSid
EqualSid

shell32

SHFileOperationW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

-\�
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4c0cef5f6f3061d384f0c596c645e15a

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msvcp71

mfc71u

msvcr71

comctl32

ole32

advapi32

shell32

version

Sections

.text Size: 436KB - Virtual size: 435KB

.rdata Size: 116KB - Virtual size: 112KB

.data Size: 16KB - Virtual size: 23KB

.rsrc Size: 34KB - Virtual size: 34KB

-\� Size: 98KB - Virtual size: 98KB

.text
Size: 436KB - Virtual size: 435KB

.rdata
Size: 116KB - Virtual size: 112KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 34KB - Virtual size: 34KB

-\�
Size: 98KB - Virtual size: 98KB