575b7bf06bbd006fd12844a50049e03b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

575b7bf06bbd006fd12844a50049e03b_JaffaCakes118
Size

1.5MB
MD5

575b7bf06bbd006fd12844a50049e03b
SHA1

65f95023cc5dd4cfe15ddbafc8bfcf679331593b
SHA256

6f3d014f24a405fc4adbea235001d1046430f7f84dc47c41670cac49c5aa46fa
SHA512

bf3b14f9fc19b446323fabb8579b3cb08295ab8624c1e46515b8a05086ae3b2f1a9c0927ae434ae1a392c369c5937cf58ab60770540c4e4337048be64a20c437
SSDEEP

12288:NIv4NZFJ2thN4wbd1F1mqFhIi4nV9nNgQp4wPZ0iNexQK:M4tEhN4wZrYrHT6QOxf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
575b7bf06bbd006fd12844a50049e03b_JaffaCakes118

Files

575b7bf06bbd006fd12844a50049e03b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

01d7d0dad5767bde3f6802ad482261bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\NPS_VSS_ROOT\NPS2\bin\release\program files\NPSLimoGSMBinaryUpgrade.pdb

Imports

npscomnctrl

?LoadBitmapFromResource@NPSGdiPlusUtil@@YAPAVBitmap@Gdiplus@@PAUHINSTANCE__@@PB_W1@Z
?NPSSkinApplyWindow@@YAXPAUHWND__@@@Z
?Initialize@NPSGdiPlusUtil@@YAXXZ
?Initialize@CWndShadow@@SA_NPAUHINSTANCE__@@@Z
?NPSMessageBox@@YAHPAUHWND__@@PB_W1I@Z
?Uninitialize@NPSGdiPlusUtil@@YAXXZ
?SetThreadLocaleEx@@YAHK@Z
?NPSSkinEnableRTL@@YAXH@Z
?InitNPSSkinManager@@YAXPB_W0@Z
?DrawStrechPNG@NPSGdiPlusUtil@@YAHPAVCDC@@PAVBitmap@Gdiplus@@HHHHHHHH@Z

mfc80u

ord5911
ord3296
ord2856
ord6721
ord1894
ord2708
ord1548
ord4301
ord3642
ord2829
ord2725
ord2531
ord5196
ord1590
ord1450
ord1646
ord1119
ord1647
ord2418
ord1135
ord1955
ord2419
ord1079
ord1353
ord2986
ord1148
ord4961
ord5352
ord3079
ord3339
ord940
ord5161
ord6275
ord4119
ord3796
ord6273
ord1513
ord2163
ord2169
ord3666
ord4585
ord4314
ord4267
ord5170
ord1351
ord3338
ord4276
ord5210
ord5067
ord5147
ord3940
ord3968
ord4854
ord4857
ord4373
ord4378
ord4375
ord4393
ord3561
ord4395
ord4380
ord4770
ord544
ord4175
ord732
ord4166
ord4974
ord4775
ord4198
ord4784
ord4437
ord4438
ord3734
ord3157
ord3281
ord5558
ord860
ord280
ord6086
ord3678
ord2651
ord2155
ord6063
ord4255
ord5171
ord1086
ord5148
ord2424
ord501
ord709
ord2255
ord5637
ord4117
ord3995
ord1248
ord3590
ord572
ord760
ord3990
ord5524
ord310
ord282
ord558
ord746
ord1002
ord6700
ord1479
ord774
ord4101
ord1472
ord5485
ord1220
ord2444
ord266
ord2261
ord386
ord631
ord2271
ord2260
ord4100
ord6161
ord265
ord4078
ord6015
ord4256
ord2077
ord1392
ord1536
ord5908
ord4226
ord6720
ord2985
ord1542
ord3435
ord1661
ord3158
ord1662
ord2011
ord4884
ord354
ord4729
ord605
ord4206
ord5178
ord587
ord1883
ord1785
ord3635
ord4574
ord6232
ord5199
ord2310
ord896
ord3249
ord899
ord777
ord1146
ord5083
ord313
ord2534
ord6284
ord1908
ord1430
ord384
ord629
ord421
ord383
ord655
ord2897
ord1000
ord723
ord5433
ord531
ord3290
ord6061
ord1003
ord5434
ord287
ord2265
ord5441
ord1105
ord4025
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord547
ord1007
ord3800
ord1058
ord5579
ord956
ord2054
ord4320
ord6274
ord3795
ord4028
ord1155
ord6272
ord4008
ord4032
ord3176
ord2239
ord4461
ord4463
ord3677
ord566
ord757
ord557
ord745
ord3824
ord3327
ord3842
ord4475
ord2832
ord1121
ord334
ord5562
ord1117
ord593
ord5209
ord1049
ord5226
ord5221
ord4562
ord3942
ord5222
ord5971
ord5220
ord2615
ord3444
ord2608
ord4560
ord3639
ord368
ord616
ord4699
ord4258
ord4476
ord6039
ord5930
ord2762
ord3034
ord4216
ord1913
ord4733
ord4846
ord4251
ord5491
ord2736
ord5408
ord1370
ord5588
ord5152
ord2042
ord2007
ord6234
ord2414
ord2413
ord3459
ord2282
ord741
ord2415
ord2412
ord2411
ord3641
ord5200
ord5910
ord6763
ord5609
ord4172
ord4165
ord4382
ord393
ord6764
ord6282
ord1172
ord5316
ord2086
ord1582
ord4234
ord1476
ord4581
ord5518
ord5327
ord4112
ord6293
ord3311
ord1547
ord5715
ord3570
ord4026
ord620
ord5091
ord5489
ord1021
ord2697
ord2696
ord1545
ord3195
ord1443
ord6306
ord4074
ord5398
ord1634
ord1572
ord2468
ord3286
ord380
ord744
ord556
ord715
ord3189
ord5711
ord5984
ord6087
ord2648
ord3155
ord4347
ord2121
ord3192
ord6747
ord5713
ord3508
ord3861
ord5444
ord564
ord755
ord6003
ord2348
ord2340
ord1571
ord5319
ord5484
ord1611
ord2640
ord5917
ord1608
ord2527
ord3103
ord3939
ord3712
ord1393
ord3713
ord4238
ord3703
ord5144
ord2638
ord3198
ord1899
ord3943
ord4480
ord5631
ord4259
ord3204
ord1271
ord776
ord6271
ord4179
ord2164
ord3395
ord1297
ord2713
ord3397
ord2311
ord4716
ord2366
ord4271
ord1591
ord293
ord5956
ord1416
ord5231
ord5229
ord2365
ord920
ord758
ord1118
ord577
ord925
ord567
ord929
ord762
ord1925
ord927
ord5630
ord1959
ord283
ord931
ord2384
ord2404
ord3756
ord4109
ord2388
ord2237
ord2394
ord1904
ord2392
ord6033
ord2609
ord2390
ord5727
ord5003
ord2407
ord5638
ord4293
ord5006
ord2402
ord2254
ord4303
ord2386
ord4129
ord2409
ord2933
ord2397
ord2379
ord2381
ord2399
ord1178
ord1182
ord1176
ord578
ord764
ord909
ord1198
ord1189

msvcr80

_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_purecall
wcsncpy_s
wcsftime
_localtime64_s
_vswprintf_c_l
_vswprintf
malloc
?terminate@@YAXXZ
calloc
_recalloc
_winmajor
_wtoi64
swprintf_s
free
swscanf_s
sprintf
wcstoul
_wcsdup
wcstol
_wcsicmp
_wcsnicmp
_time64
??0exception@std@@QAE@ABQBD@Z
wcsstr
_vsnwprintf
_invalid_parameter_noinfo
wcsncpy
wcschr
towupper
memmove_s
??0exception@std@@QAE@XZ
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
rand
srand
_wtoi
_wtol
_vsnwprintf_s
strstr
memcpy_s
memcpy
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
__CxxFrameHandler3
_CxxThrowException
memset
?_type_info_dtor_internal_method@type_info@@QAEXXZ

kernel32

GetModuleHandleW
GetTickCount
MultiByteToWideChar
GetCurrentProcessId
Sleep
CreateDirectoryW
InterlockedIncrement
InterlockedDecrement
OutputDebugStringW
GetVersionExW
GetSystemDefaultLCID
WriteFile
GetStartupInfoW
GetModuleFileNameW
CreateMutexW
HeapAlloc
GetProcessHeap
lstrlenW
FormatMessageW
SuspendThread
ResumeThread
SetEvent
UnmapViewOfFile
lstrlenA
WideCharToMultiByte
HeapFree
GetSystemInfo
SetFilePointer
GetFileSize
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
FindFirstFileW
LocalFree
FindClose
FindNextFileW
LoadLibraryExW
DeleteCriticalSection
FreeLibrary
RaiseException
SizeofResource
CreateFileMappingW
LoadResource
lstrcmpiW
FindResourceW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetExitCodeThread
CreateEventW
WaitForSingleObject
CreateThread
TerminateThread
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetEndOfFile
OpenFileMappingW
MapViewOfFile
InterlockedExchange
InterlockedCompareExchange
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
CreateFileW
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetLastError
ReadFile
CloseHandle

user32

UnregisterClassA
LoadIconW
EnableWindow
UnregisterDeviceNotification
PtInRect
IsWindow
SetTimer
CopyRect
GetClientRect
RedrawWindow
ClientToScreen
CharNextW
AdjustWindowRectEx
SetCapture
SetRect
GetSystemMenu
DeleteMenu
SetWindowRgn
SetLayeredWindowAttributes
SetMenu
GetWindowLongW
SetWindowLongW
GetWindowRect
OffsetRect
InvalidateRect
GetActiveWindow
KillTimer
LoadBitmapW
RegisterDeviceNotificationW
ReleaseCapture
DefWindowProcW
UpdateWindow
GetWindowThreadProcessId
PostMessageW
DestroyMenu
GetSystemMetrics
RegisterWindowMessageW
SendMessageW

gdi32

SelectObject
DeleteObject
CreatePen
CreateSolidBrush
CreateRectRgnIndirect
CreateFontW
CreateRectRgn

advapi32

RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegEnumKeyExW

shell32

SHGetFolderPathW

comctl32

InitCommonControlsEx

shlwapi

StrFormatByteSizeW
PathAppendW

ole32

CoCreateGuid
CoCreateInstance
CoTaskMemRealloc
CLSIDFromProgID
CoTaskMemFree
CoTaskMemAlloc
CoGetObject
StringFromGUID2
CoInitialize
OleRun

oleaut32

SafeArrayGetLBound
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
VarUdateFromDate
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
GetErrorInfo
SafeArrayUnlock
SafeArrayLock
SafeArrayGetUBound
SafeArrayGetVartype
SysFreeString
SysAllocString
SysStringLen
SafeArrayDestroy
SafeArrayCopy
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantInit

urlmon

FindMimeFromData

ws2_32

gethostname
gethostbyname
inet_ntoa
WSACleanup
WSAStartup

toolkitpro1331vc80u

??0CXTPWindowRect@@QAE@PBVCWnd@@@Z
?LoadFrame@?$CXTPFrameWndBase@VCFrameWnd@@@@UAEHIKPAVCWnd@@PAUCCreateContext@@@Z
??1CXTPFrameWnd@@UAE@XZ
?OnHookMessage@CXTPOffice2007FrameHook@@MAEHPAUHWND__@@IAAIAAJ2@Z
??1CXTPBufferDC@@UAE@XZ
?LoadCommandBars@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@UAEXPB_WH@Z
??0CXTPBufferDC@@QAE@PAUHDC__@@ABVCRect@@@Z
?OnWndMsg@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@MAEHIIJPAJ@Z
?SaveCommandBars@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@UAEXPB_W@Z
??0CXTPClientRect@@QAE@PBVCWnd@@@Z
?InitCommandBars@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@UAEHPAUCRuntimeClass@@@Z
??1CXTPOffice2007FrameHook@@UAE@XZ
??0CXTPOffice2007FrameHook@@QAE@XZ
?PreTranslateMessage@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@MAEHPAUtagMSG@@@Z
??0CXTPFrameWnd@@QAE@XZ
?OnSetPreviewMode@?$CXTPFrameWndBase@VCFrameWnd@@@@UAEXHPAUCPrintPreviewState@@@Z
?GetThisClass@CXTPFrameWnd@@SGPAUCRuntimeClass@@XZ
??0CXTPBufferDC@@QAE@AAVCPaintDC@@@Z

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipDrawImagePointRectI
GdipGetImageWidth
GdipDrawImageRectI
GdipSetPageScale
GdipSetPageUnit
GdipSetSmoothingMode

wininet

InternetReadFile
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetOpenW
InternetOpenUrlW
InternetCloseHandle
HttpSendRequestExW
InternetSetOptionW
HttpOpenRequestA
HttpAddRequestHeadersA
InternetWriteFile
HttpEndRequestW
InternetQueryDataAvailable
InternetSetFilePointer

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

dump

?RegisterCrashHandler@@YAHPB_W0@Z

Sections

.text
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.erdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

01d7d0dad5767bde3f6802ad482261bd

Headers

File Characteristics

PDB Paths

Imports

npscomnctrl

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

urlmon

ws2_32

toolkitpro1331vc80u

gdiplus

wininet

msvcp80

dump

Sections

.text Size: 216KB - Virtual size: 213KB

.rdata Size: 96KB - Virtual size: 94KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.erdata Size: 80KB - Virtual size: 80KB

.text
Size: 216KB - Virtual size: 213KB

.rdata
Size: 96KB - Virtual size: 94KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.erdata
Size: 80KB - Virtual size: 80KB