535bf12f70db0e91a0ddcf6df23e96b2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

535bf12f70db0e91a0ddcf6df23e96b2_JaffaCakes118
Size

320KB
MD5

535bf12f70db0e91a0ddcf6df23e96b2
SHA1

25f0b7173065fc4bfc638081fac03a7ec16e82d3
SHA256

264f7d7afd8ca9258ad8de346aab4cbfe8735204d10faff7d9631865de5f36d5
SHA512

3239f9e9f738c3b26e46faed4470f7751a151be77fcba35dc132799a444a08cf52bbcfd7b3cef08e2ee03279909cca6a60340286a7c2e24785aed4255115f798
SSDEEP

6144:5/6EluW1PsvF6NzBY/uVbilDv9C/7z4g6fC2SDrf/Ri4X3UjU:xoWKFczBksbilZCD2Cl7Q4nUI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
535bf12f70db0e91a0ddcf6df23e96b2_JaffaCakes118

Files

535bf12f70db0e91a0ddcf6df23e96b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a64958cec582413ef6cc979ba8415beb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_AREA\jdk6\control\build\windows-i586\tmp\deploy\plugin\jusched\obj\jusched.pdb

Imports

advapi32

RegNotifyChangeKeyValue
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

gdi32

GetStockObject

wininet

InternetCloseHandle
HttpQueryInfoA
InternetErrorDlg
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetTimeToSystemTime
InternetTimeFromSystemTime
InternetReadFile

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
ExitProcess
GetStartupInfoA
DeleteFileA
GetCurrentProcessId
GetTickCount
SystemTimeToFileTime
CompareFileTime
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
lstrcatA
lstrcpyA
CreateEventA
WaitForSingleObject
WaitForMultipleObjects
lstrlenA
GetModuleFileNameA
CreateMutexA
GetCommandLineA
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GetProcAddress
LoadLibraryA
SetEvent
lstrcmpA
CreateThread
ReadFile
CreateProcessA
SetHandleInformation
CreatePipe
Sleep
ResetEvent
GetSystemTime
CreateFileA
GetCurrentProcess
GetSystemInfo
WriteFile
SetFilePointer
GetTempPathA
GetEnvironmentVariableA
LocalFree
SystemTimeToTzSpecificLocalTime

user32

wsprintfA
CharNextA
GetDesktopWindow
MessageBoxA
LoadStringA
LoadImageA
PostMessageA
SetForegroundWindow
RegisterClassA
CreateWindowExA
ShowWindow
SetWindowLongA
DestroyWindow
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
PeekMessageA
GetWindowLongA
DefWindowProcA
PostQuitMessage
CreatePopupMenu
AppendMenuA
GetCursorPos
TrackPopupMenu

ole32

StringFromCLSID
CLSIDFromString
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

shell32

Shell_NotifyIconA
ShellExecuteA

oleaut32

VarUI4FromStr

msvcr71

__security_error_handler
_controlfp
_stricmp
_strcmpi
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_strdup
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
memset
iswspace
isspace
rand
strtol
srand
strncat
sprintf
strncmp
sscanf
_purecall
??2@YAPAXI@Z
strncpy
strrchr
strstr
_CxxThrowException
realloc
??_U@YAPAXI@Z
_resetstkoflw
malloc
asctime
__CxxFrameHandler
time
localtime
mktime
??_V@YAXPAX@Z
_except_handler3
free
??3@YAXPAX@Z

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a64958cec582413ef6cc979ba8415beb

Headers

File Characteristics

PDB Paths

Imports

advapi32

gdi32

wininet

kernel32

user32

ole32

shell32

oleaut32

msvcr71

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 12KB - Virtual size: 9KB

.text Size: 244KB - Virtual size: 244KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 12KB - Virtual size: 9KB

.text
Size: 244KB - Virtual size: 244KB