3cbab354e9d0a4e926178483a0a77bcd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3cbab354e9d0a4e926178483a0a77bcd_JaffaCakes118
Size

10.5MB
MD5

3cbab354e9d0a4e926178483a0a77bcd
SHA1

15399f23a74263d859ee1e5f43517812ea6d04ab
SHA256

774538adced8835f8b26bf285f8bb51977e8ffccc1f06863a36f80fc4ee60455
SHA512

0d7a9e3cdb17ea0d1673961e54f2318090257e5e63e17a34048a5b7cb854508a0c178d80d3c22b59aa22166500d5d81afac187829c75fe5160d95c2948fa2c27
SSDEEP

98304:NRvtND0f6i9GqHZW28LsqDyav0ypGX2PAGyfo4VP4rXdDKn28+2muR:/26iUqHZWjLLv2mCfoOP47d0283muR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cbab354e9d0a4e926178483a0a77bcd_JaffaCakes118

Files

3cbab354e9d0a4e926178483a0a77bcd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

54e9d3ee712be0aa48271629324dc369

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\branches_messenger_release_9_7\client\messenger\paltalk7\Release\paltalk6.pdb

Imports

wsock32

setsockopt
inet_addr
sendto
ntohl
connect
ioctlsocket
gethostbyname
recvfrom
send
recv
ntohs
shutdown
WSAGetLastError
WSACleanup
closesocket
WSAStartup
htonl
bind
htons
socket

winmm

timeGetDevCaps
timeSetEvent
timeKillEvent
sndPlaySoundA
mixerGetNumDevs
timeEndPeriod
PlaySoundA
timeBeginPeriod

shfolder

SHGetFolderPathA

wininet

InternetSetStatusCallback
DeleteUrlCacheEntry
InternetCanonicalizeUrlA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
HttpQueryInfoA
InternetReadFileExA
InternetOpenA
InternetConnectA
InternetAttemptConnect
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ijl11

ord2
ord5
ord3

userenv

GetProfilesDirectoryA

ctrlkey

ord5
ord2
ord3
ord1
ord8
ord6

kernel32

HeapAlloc
GetProcessHeap
WaitForSingleObject
CreateDirectoryA
CreateProcessA
FindClose
FindNextFileA
FindFirstFileA
LoadLibraryExA
GetProcAddress
SetCurrentDirectoryA
GetTempFileNameA
VirtualProtect
SetUnhandledExceptionFilter
FindResourceExA
GetExitCodeProcess
Process32Next
Module32Next
Module32First
Process32First
CreateToolhelp32Snapshot
VerLanguageNameA
SystemTimeToFileTime
GetSystemTime
GetSystemTimeAsFileTime
CreateMutexA
IsDBCSLeadByte
SetProcessAffinityMask
GetVolumeInformationA
GetDriveTypeA
UnmapViewOfFile
SetThreadPriority
SetPriorityClass
CreateThread
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
OpenEventA
OpenMutexA
GetUserDefaultLangID
HeapFree
GetExitCodeThread
WaitForMultipleObjects
GetVersion
GetSystemInfo
GetLogicalDrives
lstrcatA
OpenProcess
FormatMessageA
lstrcmpW
OutputDebugStringW
GetStringTypeExA
SetEnvironmentVariableA
CreateFileW
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
InterlockedExchange
InterlockedCompareExchange
IsProcessorFeaturePresent
HeapDestroy
HeapReAlloc
HeapSize
GetLocaleInfoA
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetModuleHandleW
VirtualQuery
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
SetHandleCount
GetFileType
SetStdHandle
GetTimeZoneInformation
GetCurrentDirectoryA
GetFullPathNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThread
GetTempPathA
SetErrorMode
GetFileAttributesA
GetCurrentProcessId
lstrcpynW
FreeLibrary
GlobalHandle
GlobalFree
LoadLibraryA
DeleteFileA
MoveFileA
GetVersionExA
OutputDebugStringA
SetFilePointer
GetTickCount
WriteFile
FlushFileBuffers
lstrcmpiA
CompareStringA
lstrcpyA
GetModuleFileNameA
WideCharToMultiByte
lstrcmpA
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
MultiByteToWideChar
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalSize
GlobalLock
GlobalAlloc
GlobalUnlock
MulDiv
lstrcpynA
SetLastError
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
RaiseException
VirtualAlloc
GetCurrentProcess
FlushInstructionCache
VirtualFree
LocalAlloc
ReadFile
CreateFileA
GetFileSize
InterlockedIncrement
Sleep
lstrlenA
InterlockedDecrement
SetEvent
LocalFree
GetLastError
ResetEvent
CloseHandle
CreateEventA
ExitThread
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitProcess
TlsFree
SetFileTime
LocalFileTimeToFileTime
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
GetTimeFormatA
GetDateFormatA
CompareStringW
GetStringTypeW
HeapCreate
FatalAppExitA
TlsGetValue
TlsAlloc
GetModuleFileNameW
TlsSetValue
GetStringTypeExW

user32

DdeDisconnect
DdeClientTransaction
DdeConnect
DdeCreateStringHandleA
DdeInitializeA
EnableScrollBar
WindowFromDC
SetWindowLongW
GetWindowLongW
SendMessageW
DefWindowProcW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
CallWindowProcW
CharNextW
GetClassNameW
CreateWindowExW
CreateAcceleratorTableW
PostMessageW
GetMessageTime
CallNextHookEx
CharLowerA
UnhookWindowsHookEx
WindowFromPoint
GetSysColorBrush
FrameRect
DrawFrameControl
GetWindowThreadProcessId
GetKeyState
SetMenuItemInfoA
ModifyMenuA
MessageBeep
RemoveMenu
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
MonitorFromPoint
LoadStringW
PostQuitMessage
CreateDialogIndirectParamA
InsertMenuA
CreateDialogParamA
DialogBoxParamA
GetWindowDC
LoadImageA
CheckMenuItem
DestroyMenu
TranslateAcceleratorA
EnableMenuItem
GetMenuItemInfoA
FlashWindow
IsWindowVisible
IsZoomed
IsIconic
SetMenu
wvsprintfA
LoadBitmapA
GetActiveWindow
PostMessageA
SetDlgItemTextA
LoadMenuA
GetSubMenu
GetMessagePos
DdeFreeStringHandle
TrackPopupMenu
SetParent
EnableWindow
IsDialogMessageA
GetCursorPos
SetCursor
GetWindowTextLengthA
GetWindowTextA
CreateAcceleratorTableA
GetDesktopWindow
SetFocus
GetFocus
DestroyAcceleratorTable
FillRect
GetClassNameA
IsChild
RedrawWindow
CharNextA
GetSysColor
SetWindowContextHelpId
MapDialogRect
MessageBoxA
SendDlgItemMessageA
InvalidateRgn
DrawTextA
SetRectEmpty
ReleaseDC
GetDC
ScreenToClient
EndPaint
BeginPaint
PtInRect
AdjustWindowRectEx
KillTimer
GetMenu
DestroyWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
GetSystemMetrics
InflateRect
ReleaseCapture
GetCapture
SystemParametersInfoA
DrawEdge
DrawFocusRect
CallWindowProcA
OffsetRect
SetRect
CopyRect
LoadCursorA
GetClassInfoExA
DdeAccessData
DdeUnaccessData
DdeUninitialize
EnumWindows
AdjustWindowRect
IntersectRect
GetAsyncKeyState
ScrollWindow
SetPropA
RemovePropA
GetPropA
EnumChildWindows
ClipCursor
IsWindow
GetDlgCtrlID
SetCapture
IsWindowEnabled
SetTimer
InvalidateRect
UpdateWindow
ClientToScreen
MoveWindow
RegisterWindowMessageA
ShowWindow
BringWindowToTop
SendMessageA
UpdateLayeredWindow
TrackMouseEvent
keybd_event
GetDlgItemTextA
SetDlgItemInt
LoadStringA
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageA
DispatchMessageA
GetDlgItemInt
FindWindowA
AllowSetForegroundWindow
GetMessageA
wsprintfA
UnregisterClassA
CopyImage
SubtractRect
IsRectEmpty
MessageBoxIndirectA
SetForegroundWindow
IsDlgButtonChecked
GetScrollPos
GetTopWindow
DestroyCursor
SetWindowRgn
SetActiveWindow
SetLayeredWindowAttributes
LoadAcceleratorsA
SetMenuDefaultItem
GetScrollInfo
SetScrollPos
ScrollWindowEx
GetClipboardData
EmptyClipboard
SetClipboardData
CloseClipboard
SetScrollInfo
OpenClipboard
ShowScrollBar
GetUpdateRect
DialogBoxIndirectParamA
FindWindowExA
GetForegroundWindow
DeleteMenu
IsMenu
SetWindowLongA
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
SetWindowPos
GetDlgItem
GetParent
GetClientRect
SetWindowTextA
GetWindowLongA
EndDialog
SetWindowsHookExA
GetMenuItemCount
LoadIconA

gdi32

CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
StretchBlt
TextOutA
GetTextExtentPoint32A
SaveDC
RestoreDC
CreateFontIndirectA
SetTextColor
IntersectClipRect
CreateCompatibleBitmap
GetBkMode
GetTextColor
DPtoLP
GetDeviceCaps
CreateSolidBrush
CreateFontA
StretchDIBits
SetStretchBltMode
GetDIBits
CreatePatternBrush
SetBrushOrgEx
RoundRect
ExcludeClipRect
CreatePen
MoveToEx
LineTo
PatBlt
CreateBitmap
CreateDIBSection
FillRgn
CreateRoundRectRgn
SelectPalette
GetObjectA
CreatePalette
CreateDIBitmap
SetViewportOrgEx
Rectangle
GetTextMetricsA
CreateRectRgnIndirect
GetBrushOrgEx
GetCurrentObject
SetDIBits
CreateRectRgn
CombineRgn
OffsetRgn
OffsetViewportOrgEx
Arc
Polyline
Ellipse
SetWindowOrgEx
GetClipBox
PtInRegion
LPtoDP
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetTextFaceA
SelectClipRgn
SetRectRgn
CreateDCA
UnrealizeObject
PlayEnhMetaFile
CreatePolygonRgn
GetObjectW
CloseEnhMetaFile
CreateEnhMetaFileA
Polygon
SetBkColor
ExtTextOutA
DeleteDC
RealizePalette
GetStockObject
SetBkMode

comdlg32

ChooseFontA
GetOpenFileNameA
GetSaveFileNameA
ChooseColorA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyA
RegQueryValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExA

shell32

ShellExecuteExA
ord155
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
Shell_NotifyIconA
SHGetDesktopFolder
ord189
DragQueryFileA
SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoTaskMemAlloc
CoTaskMemFree
OleLockRunning
CreateStreamOnHGlobal
StringFromGUID2
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleInitialize
OleUninitialize
DoDragDrop
OleRun
CoCreateGuid
CoInitializeEx
CoTaskMemRealloc
CoInitialize
CoUninitialize
RegisterDragDrop
ReleaseStgMedium
CoLockObjectExternal
RevokeDragDrop

oleaut32

OleCreateFontIndirect
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantInit
SysAllocString
GetActiveObject
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VarUI4FromStr
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
OleLoadPicture
OleSavePictureFile
VariantCopyInd
VariantChangeType
DispCallFunc
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
SysAllocStringLen

shlwapi

PathFileExistsA
ord437
PathRemoveFileSpecA
GetMenuPosFromID
PathAppendA
PathAddBackslashA
PathIsDirectoryA
UrlEscapeA
SHDeleteKeyA
StrRetToBufA

comctl32

ImageList_DragMove
ImageList_EndDrag
ImageList_GetImageInfo
CreatePropertySheetPageA
ord17
ImageList_Create
ImageList_Destroy
ImageList_Add
ImageList_Remove
ImageList_Draw
_TrackMouseEvent
ImageList_GetIconSize
ord6
InitCommonControlsEx
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_AddMasked
ImageList_DragShowNolock
DestroyPropertySheetPage
ImageList_BeginDrag
ImageList_DragEnter

msimg32

AlphaBlend
GradientFill
TransparentBlt

urlmon

URLDownloadToFileA

snmpapi

SnmpUtilVarBindFree
SnmpUtilOidNCmp
SnmpUtilOidCpy

Exports

Exports

??0?$oserializer@Vtext_oarchive@archive@boost@@V?$list@PAVbuddy@@V?$allocator@PAVbuddy@@@std@@@std@@@detail@archive@boost@@AAE@XZ
??0?$oserializer@Vtext_oarchive@archive@boost@@V?$list@PAVbuddyGroup@@V?$allocator@PAVbuddyGroup@@@std@@@std@@@detail@archive@boost@@AAE@XZ
??0?$oserializer@Vtext_oarchive@archive@boost@@Vbuddy@@@detail@archive@boost@@AAE@XZ
??0?$oserializer@Vtext_oarchive@archive@boost@@VbuddyGroup@@@detail@archive@boost@@AAE@XZ
??0?$oserializer@Vtext_oarchive@archive@boost@@VbuddyGroupList@@@detail@archive@boost@@AAE@XZ
??0?$pointer_iserializer@Vtext_iarchive@archive@boost@@Vbuddy@@@detail@archive@boost@@AAE@XZ
??0?$pointer_iserializer@Vtext_iarchive@archive@boost@@VbuddyGroup@@@detail@archive@boost@@AAE@XZ
??0?$pointer_oserializer@Vtext_oarchive@archive@boost@@Vbuddy@@@detail@archive@boost@@AAE@XZ
??0?$pointer_oserializer@Vtext_oarchive@archive@boost@@VbuddyGroup@@@detail@archive@boost@@AAE@XZ
?get_instance@?$pointer_iserializer@Vtext_iarchive@archive@boost@@Vbuddy@@@detail@archive@boost@@SAABV1234@XZ
?get_instance@?$pointer_iserializer@Vtext_iarchive@archive@boost@@VbuddyGroup@@@detail@archive@boost@@SAABV1234@XZ
?get_instance@?$pointer_oserializer@Vtext_oarchive@archive@boost@@Vbuddy@@@detail@archive@boost@@SAABV1234@XZ
?get_instance@?$pointer_oserializer@Vtext_oarchive@archive@boost@@VbuddyGroup@@@detail@archive@boost@@SAABV1234@XZ
?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@V?$list@PAVbuddy@@V?$allocator@PAVbuddy@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@V?$list@PAVbuddyGroup@@V?$allocator@PAVbuddyGroup@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@Vbuddy@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@VbuddyGroup@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@VbuddyGroupList@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_ptr@?$pointer_iserializer@Vtext_iarchive@archive@boost@@Vbuddy@@@detail@archive@boost@@EBEXAAVbasic_iarchive@234@AAPAXI@Z
?load_object_ptr@?$pointer_iserializer@Vtext_iarchive@archive@boost@@VbuddyGroup@@@detail@archive@boost@@EBEXAAVbasic_iarchive@234@AAPAXI@Z
?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@V?$list@PAVbuddy@@V?$allocator@PAVbuddy@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@V?$list@PAVbuddyGroup@@V?$allocator@PAVbuddyGroup@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@Vbuddy@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@VbuddyGroup@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@VbuddyGroupList@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_ptr@?$pointer_oserializer@Vtext_oarchive@archive@boost@@Vbuddy@@@detail@archive@boost@@EBEXAAVbasic_oarchive@234@PBX@Z
?save_object_ptr@?$pointer_oserializer@Vtext_oarchive@archive@boost@@VbuddyGroup@@@detail@archive@boost@@EBEXAAVbasic_oarchive@234@PBX@Z

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 508KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Fun
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

54e9d3ee712be0aa48271629324dc369

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsock32

winmm

shfolder

wininet

version

ijl11

userenv

ctrlkey

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

urlmon

snmpapi

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 508KB - Virtual size: 508KB

.data Size: 115KB - Virtual size: 138KB

Shared Size: 512B - Virtual size: 4B

.rsrc Size: 6.4MB - Virtual size: 6.4MB

Fun Size: 4KB - Virtual size: 4KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 508KB - Virtual size: 508KB

.data
Size: 115KB - Virtual size: 138KB

Shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 6.4MB - Virtual size: 6.4MB

Fun
Size: 4KB - Virtual size: 4KB