2b68050247252a31dab54deb338e315a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b68050247252a31dab54deb338e315a_JaffaCakes118
Size

355KB
MD5

2b68050247252a31dab54deb338e315a
SHA1

9028e9ea287745517bd00e662500523a5e2473be
SHA256

adfcdb309a2b43d880dbf848f247972a282ea308ec64c6ec5b3ad8cf4c8519c8
SHA512

a421a730216e82fa2bf735da2bb80d4e18a94504299551372178460cd9d662602901541ec0b98b532eb16c1a33b044401cfae65406718f54a19bbc254731bfbf
SSDEEP

6144:juVRp5orjMT/nC3XiKNnCBAOEqVr24UqKlBYma014G:juTp+rUtKgaqV/U3HA011

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b68050247252a31dab54deb338e315a_JaffaCakes118

Files

2b68050247252a31dab54deb338e315a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2d3743287c2acca25d99cafbe5c25f32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\BuildAV10_EU8\avcontrol-oem\bin\Release\avgnt.pdb

Imports

mfc90u

ord4000
ord5008
ord321
ord1088
ord4741
ord5653
ord542
ord753
ord5661
ord3268
ord5152
ord5168
ord4632
ord4608
ord5277
ord5301
ord5047
ord5231
ord5508
ord5511
ord5509
ord5510
ord3674
ord2283
ord1719
ord4660
ord3654
ord3907
ord2593
ord524
ord744
ord1383
ord2372
ord4543
ord5194
ord1533
ord639
ord374
ord4477
ord905
ord699
ord447
ord6091
ord1353
ord265
ord636
ord367
ord613
ord337
ord1248
ord3622
ord1354
ord6109
ord2901
ord2597
ord4541
ord4410
ord6065
ord3741
ord4527
ord2592
ord6095
ord6094
ord5867
ord6187
ord3543
ord3488
ord333
ord2106
ord4044
ord2274
ord3286
ord3489
ord595
ord611
ord3768
ord5632
ord5324
ord1810
ord1809
ord1675
ord3353
ord6408
ord1492
ord4682
ord3515
ord4631
ord5167
ord6311
ord814
ord6760
ord2904
ord4131
ord1938
ord2057
ord5625
ord3226
ord6376
ord4702
ord5664
ord5602
ord4652
ord4345
ord1665
ord5572
ord617
ord341
ord5573
ord3589
ord2130
ord6666
ord2596
ord1357
ord1108
ord3577
ord2282
ord4512
ord4324
ord1603
ord2208
ord3531
ord400
ord2954
ord266
ord6659
ord293
ord4985
ord5354
ord2445
ord2079
ord2860
ord5447
ord5450
ord4730
ord4553
ord3232
ord5338
ord3229
ord6379
ord3230
ord6381
ord980
ord5803
ord3287
ord2651
ord2650
ord4429
ord1681
ord3355
ord6411
ord1754
ord1751
ord4344
ord1493
ord4664
ord5598
ord2074
ord5512
ord4603
ord2369
ord1380
ord3743
ord5154
ord4697
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6375
ord3225
ord1442
ord2139
ord1792
ord1791
ord1727
ord5650
ord3140
ord4910
ord1599
ord1137
ord4685
ord2069
ord5388
ord5655
ord1222
ord5615
ord5939
ord4519
ord4518
ord2479
ord6800
ord1064
ord6579
ord285
ord3220
ord1607
ord4720
ord670
ord415
ord4007
ord1100
ord3819
ord2537
ord935
ord296
ord813
ord2326
ord3185
ord811
ord280
ord1272
ord605
ord1274
ord1233
ord322
ord802
ord3953
ord797
ord1262
ord6636
ord1149
ord3537
ord3621
ord5322
ord6096
ord2097
ord6547
ord3486
ord6098
ord3637
ord2676
ord778
ord1250
ord1254
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord2771
ord2983
ord3112
ord4728
ord2966
ord3115
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4905
ord4681
ord3670
ord4347
ord5680
ord4996
ord5663
ord1145
ord2447
ord6604
ord5815
ord2695
ord4211
ord4043
ord5567
ord794
ord589
ord799
ord909
ord1183
ord2084
ord286
ord600
ord267
ord598
ord938
ord801

msvcr90

_waccess
_wcsupr_s
realloc
strchr
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
_wfopen
abort
_filelength
_read
_close
_lseek
_wsopen
memcpy
strtoul
calloc
_errno
wcscat
wcsncat
_snwprintf_s
strncpy_s
__CxxFrameHandler3
free
_CxxThrowException
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_wcsicmp
exit
_wcsdup
memcpy_s
memmove_s
wcslen
wcsnlen
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
_time64
_wtoi
wcsncpy
wcscmp
wcscpy_s
_snwprintf
_wsplitpath
_wcsupr
wcsrchr
_wgetcwd
wcsstr
_wchdir
wcscpy
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
printf
wcsncat_s
wcschr
wcsncpy_s
_wsplitpath_s
wcsncmp
iswalnum
iswspace
malloc
vswprintf_s
_wfopen_s
fclose
swscanf_s
srand
rand
swprintf_s
wcscat_s
memset

kernel32

WideCharToMultiByte
MultiByteToWideChar
RaiseException
LoadLibraryA
DeviceIoControl
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateFileW
DeleteFileW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
MulDiv
ExpandEnvironmentStringsA
GetModuleHandleW
GetTickCount
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
GlobalFree
GlobalAlloc
LocalAlloc
FormatMessageW
LocalFree
GetVersionExW
GetLastError
LoadLibraryExW
WriteFile
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
VerSetConditionMask
VerifyVersionInfoW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
GetFileAttributesW
SetProcessWorkingSetSize
OpenProcess
CloseHandle
GetModuleFileNameW
OpenEventW
PulseEvent
Sleep
CreateEventW
SetEvent
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GlobalUnlock
TerminateProcess
GlobalLock
GetCurrentProcess
InterlockedIncrement
WaitForMultipleObjects
ResetEvent
InterlockedDecrement
FreeLibrary
LoadLibraryW
GetPriorityClass
GetProcAddress
GetPrivateProfileIntW
GetCurrentProcessId
OutputDebugStringW
SetFileAttributesW
SetErrorMode

user32

GetSystemMetrics
DestroyIcon
InvalidateRect
FillRect
DrawIconEx
CopyRect
UpdateWindow
PeekMessageW
RegisterWindowMessageW
SendMessageW
LoadImageW
LoadIconW
PostQuitMessage
SetForegroundWindow
LoadMenuW
GetCursorPos
RemoveMenu
GetSubMenu
AppendMenuW
PostMessageW
CreatePopupMenu
SetMenuDefaultItem
GetMenuItemCount
EnableWindow
InflateRect
DrawStateW
LoadStringW
SetTimer
GetWindowRect
ScreenToClient
GetDC
ReleaseDC
GetParent
IsWindow
GetFocus
TranslateAcceleratorW
MessageBoxW
GetClientRect
GetForegroundWindow
SetCapture
PtInRect
ReleaseCapture
GetDCEx
EqualRect
SetRectEmpty
SetWindowLongW
GetIconInfo
SetRect
LoadCursorW
SetCursor
GetActiveWindow
GetLastActivePopup

advapi32

RegQueryValueExW
RegOpenKeyExW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
RegDeleteValueW
SetEntriesInAclW
RegQueryValueExA
RegOpenKeyExA
GetUserNameW
RegCloseKey

shell32

Shell_NotifyIconW
ShellExecuteW

msvcp90

??1_Lockit@std@@QAE@XZ
?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?id@?$collate@_W@std@@2V0locale@2@A
?_Xmem@tr1@std@@YAXXZ
?_Getcat@?$collate@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?transform@?$collate@_W@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@PB_W0@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??1locale@std@@QAE@XZ
??0locale@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
??0_Lockit@std@@QAE@H@Z

gdi32

RealizePalette
CreateRectRgnIndirect
BitBlt
CreateFontIndirectW
SelectObject
GetDeviceCaps
CreateCompatibleBitmap
FillRgn
GetStockObject
CreatePatternBrush
DeleteObject
CreatePalette
GetDIBColorTable
CreateCompatibleDC
CreateHalftonePalette
GetObjectW
CreateSolidBrush
CreatePen
SetPixel
GetPixel
GetTextExtentPoint32W
RoundRect
CreatePolygonRgn

comctl32

_TrackMouseEvent

gdiplus

GdipGetImageWidth
GdipDrawImageRectRect
GdipSetPixelOffsetMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipGetImageHeight
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipDrawImageRect
GdipCreateBitmapFromResource
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipBitmapSetPixel
GdipCreateBitmapFromStreamICM
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipBitmapGetPixel
GdipCloneBitmapAreaI

ole32

CreateStreamOnHGlobal

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2d3743287c2acca25d99cafbe5c25f32

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90u

msvcr90

kernel32

user32

advapi32

shell32

msvcp90

gdi32

comctl32

gdiplus

ole32

Sections

.text Size: 166KB - Virtual size: 165KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 7KB - Virtual size: 9KB

.rsrc Size: 28KB - Virtual size: 27KB

.trdata Size: 80KB - Virtual size: 80KB

.text
Size: 166KB - Virtual size: 165KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 7KB - Virtual size: 9KB

.rsrc
Size: 28KB - Virtual size: 27KB

.trdata
Size: 80KB - Virtual size: 80KB