32a920003b5afb260f86473d9d550457_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

32a920003b5afb260f86473d9d550457_JaffaCakes118
Size

2.0MB
MD5

32a920003b5afb260f86473d9d550457
SHA1

f11176067b356563de245b1c4b841e3c784901cb
SHA256

39757c10a18ec8d92529a7d0a862cc4f30a5146ed7a7425e63cfc69d834b97a6
SHA512

bab8b116d945971b75add8422392b0330c94d4e3ba47fa2d6a9905539c82e511bae54e8bb2257e42352cfe7814b0d2487c4d4bb9add85ded30d04f0c2e4675a9
SSDEEP

49152:wW0Sp1PkzE8j5zujPEkEdRTXQ9oQ9f3V:w+pQsjMk2RTkVf3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32a920003b5afb260f86473d9d550457_JaffaCakes118

Files

32a920003b5afb260f86473d9d550457_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

2b11b2341df1ef7a40d19843e8ff84df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mstscax.pdb

Imports

msvcrt

_stricmp
_wcsnicmp
_wcsicmp
wcsncmp
bsearch
_resetstkoflw
??_U@YAPAXI@Z
memset
realloc
malloc
strtok
memcpy
wcsstr
wcspbrk
iswalnum
strncmp
wcschr
wcsrchr
_CxxThrowException
fclose
ceil
floor
_wtoi
_strnicmp
_vsnwprintf
_errno
ungetc
??_V@YAXPAX@Z
_strlwr
_wcslwr
_vsnprintf
iswdigit
srand
_isatty
_write
_lseeki64
_fileno
_read
__pioinfo
__badioinfo
wcstombs
iswctype
ferror
wctomb
_itoa
_snprintf
_iob
localeconv
isxdigit
isleadbyte
__mb_cur_max
mbtowc
isdigit
calloc
_onexit
_lock
time
towlower
_wtol
toupper
strtoul
__dllonexit
_unlock
memmove
strchr
wcstok
printf
??1type_info@@UAE@XZ
free
_purecall
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter

oleaut32

BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
BSTR_UserFree
OleCreatePropertyFrame
SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
VariantClear
SafeArrayDestroy
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
VarUI4FromStr
VariantCopy
SysAllocStringLen
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen

ntdll

RtlEnumerateGenericTable
RtlInitializeGenericTable
NtDeviceIoControlFile
RtlGetLastNtStatus
NtWriteFile
NtReadFile
RtlEnumerateGenericTableWithoutSplaying
RtlLookupElementGenericTable
RtlInsertElementGenericTable
RtlAcquireResourceShared
RtlClearBits
VerSetConditionMask
RtlUnwind
RtlInitUnicodeString
NtOpenFile
RtlInitializeCriticalSection
RtlAreBitsSet
RtlFindClearBitsAndSet
RtlInitializeBitMap
RtlReleaseResource
RtlAcquireResourceExclusive
RtlDeleteResource
RtlInitializeResource
RtlDeleteElementGenericTable

ws2_32

getservbyname
htonl
inet_ntoa
gethostbyname
inet_addr
htons
getaddrinfo
gethostbyaddr
getservbyport
ntohs
WSASetLastError
recv
setsockopt
WSAAsyncSelect
connect
socket
closesocket
WSACancelAsyncRequest
send
WSAIoctl
shutdown
freeaddrinfo
WSACleanup
WSALookupServiceEnd
WSALookupServiceNextW
WSAGetLastError
WSALookupServiceBeginW
WSAStartup
WSANSPIoctl
getsockname

kernel32

TlsSetValue
TlsGetValue
OpenThread
WaitForMultipleObjects
GetTimeZoneInformation
OutputDebugStringW
DebugBreak
Beep
GetComputerNameW
TlsAlloc
TlsFree
FreeLibraryAndExitThread
DeviceIoControl
LockResource
FormatMessageW
QueueUserWorkItem
GetCommMask
GetCommTimeouts
SetCommTimeouts
WaitCommEvent
PurgeComm
SetCommMask
SetupComm
GetCommState
SetCommState
EscapeCommFunction
WaitForMultipleObjectsEx
GetComputerNameA
ResumeThread
UnlockFile
LockFile
LockFileEx
SetFilePointer
SetEndOfFile
DeleteFileW
RemoveDirectoryW
MoveFileW
SetFileAttributesW
SetFileTime
GetFileInformationByHandle
GetFileAttributesExW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
FindFirstFileW
GetDiskFreeSpaceW
GetVolumeInformationW
GetProfileStringW
QueryDosDeviceW
GetDriveTypeW
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
UnmapViewOfFile
GetLocaleInfoW
CreateFileMappingW
MapViewOfFile
FindResourceExW
WaitForSingleObject
ResetEvent
SetEvent
CreateEventW
DuplicateHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
VirtualFree
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
FindResourceW
LoadResource
GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibrary
lstrcatW
LoadLibraryExW
HeapDestroy
lstrcpynW
OutputDebugStringA
SetLastError
LoadLibraryW
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentThreadId
lstrcmpiW
RaiseException
GetCurrentProcess
FlushInstructionCache
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetVersionExW
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
CreateProcessW
GetTempPathW
CreateFileW
WriteFile
CloseHandle
GetVersion
GetSystemDirectoryW
GetVersionExA
InitializeCriticalSection
LocalAlloc
LocalFree
DeleteCriticalSection
lstrlenA
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
FindNextFileW
GetModuleFileNameW
lstrlenW
GetLastError
lstrcpyW
GetCommModemStatus
ClearCommError
GetCommProperties
GetCommConfig
GetDefaultCommConfigW
CreateDirectoryW
SetErrorMode
ReadFile
GetOverlappedResult
FlushFileBuffers
TransmitCommChar
FindClose
ExpandEnvironmentStringsW
lstrcmpW
MulDiv
GlobalAddAtomW
GlobalDeleteAtom
GlobalFree
GlobalHandle
FreeResource
GetACP
CreateMutexW
lstrcmpiA
VerifyVersionInfoW
GetFileSize
GetTempFileNameW
GlobalSize
SystemTimeToFileTime
GetSystemTime
lstrcmpA
GetSystemDirectoryA
GetSystemDefaultLangID
GetFullPathNameW
ReleaseSemaphore
CreateSemaphoreW
SizeofResource
CreateThread
CancelIo
BindIoCompletionCallback

user32

UpdateWindow
GetClientRect
DrawTextW
CharNextW
CharPrevW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
PostThreadMessageW
InvalidateRect
IsWindow
SetWindowTextW
SetFocus
SetWindowLongW
GetWindowLongW
PostMessageW
MessageBeep
UnregisterClassW
CreateDialogParamW
DialogBoxParamW
LoadStringW
SendMessageW
RegisterClassW
DestroyWindow
IsChild
GetFocus
ShowWindow
DestroyAcceleratorTable
DefWindowProcW
GetParent
CharLowerW
CallWindowProcW
ReleaseDC
GetDC
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
GetKeyboardLayoutNameA
GetKeyboardLayout
EndPaint
BeginPaint
UnregisterDeviceNotification
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetMessageW
PostQuitMessage
GetLastInputInfo
GetCursorPos
ClientToScreen
GetClassNameW
GetWindowThreadProcessId
IsWindowVisible
GetWindow
GetWindowRect
GetCapture
GetActiveWindow
EndDeferWindowPos
DeferWindowPos
GetGUIThreadInfo
PtInRect
FindWindowExW
RedrawWindow
MapWindowPoints
CopyRect
IsIconic
SetCursor
IsWindowEnabled
GetLastActivePopup
SendInput
ReleaseCapture
GetAsyncKeyState
SetCursorPos
SetRectEmpty
FindWindowW
SetCapture
SystemParametersInfoW
ScreenToClient
SetActiveWindow
SetWindowPlacement
GetDesktopWindow
GetForegroundWindow
IsZoomed
EnableWindow
SetForegroundWindow
RegisterHotKey
UnregisterHotKey
MapVirtualKeyW
SetRect
GetSystemMetrics
DestroyIcon
GetWindowDC
CopyIcon
CreateIconIndirect
SetClipboardViewer
GetClipboardViewer
ChangeClipboardChain
CloseClipboard
EnumClipboardFormats
CountClipboardFormats
OpenClipboard
RegisterClipboardFormatW
SetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
GetClipboardData
MoveWindow
CloseWindow
SetParent
EnableMenuItem
GetSystemMenu
LoadIconW
GetClassInfoW
GetWindowPlacement
SystemParametersInfoA
AdjustWindowRect
SetScrollInfo
ShowScrollBar
LockWindowUpdate
SetScrollPos
GetSysColor
RegisterWindowMessageW
FillRect
GetSysColorBrush
GetMonitorInfoW
MonitorFromWindow
InflateRect
BringWindowToTop
GetDlgItem
IsDlgButtonChecked
SetDlgItemTextW
EndDialog
CheckDlgButton
GetWindowTextW
LoadImageW
DefDlgProcW
DrawIconEx
GetClipboardFormatNameW
GetKeyboardType
keybd_event
GetKeyboardState
GetRawInputData
CallNextHookEx
ShowCursor
RegisterRawInputDevices
FlashWindow
GetMessageExtraInfo
SetWindowsHookExW
AttachThreadInput
UnhookWindowsHookEx
GetKeyboardLayoutNameW
DestroyCursor
CreateCursor
UnionRect
wsprintfW
LoadCursorW
BeginDeferWindowPos
RegisterDeviceNotificationW
GetKeyState

gdi32

SetTextAlign
GetBkMode
SetPolyFillMode
SetBitmapBits
CreateDIBSection
Polygon
FrameRgn
FillRgn
CreateDIBPatternBrushPt
GetDIBColorTable
CreatePalette
GetPaletteEntries
SetMetaFileBitsEx
GetTextAlign
GetMetaFileBitsEx
CreatePatternBrush
CreateFontIndirectW
GetTextExtentPointW
DPtoLP
CreateBitmap
GetMapMode
GetObjectW
CreatePolygonRgn
SetBkColor
SetBkMode
SetTextColor
CreatePen
MoveToEx
SetDCBrushColor
SetROP2
PlayMetaFile
Ellipse
GetNearestColor
GdiDrawStream
GetClipBox
CreateDIBitmap
GetRgnBox
CreateBrushIndirect
GetBrushOrgEx
SelectPalette
RealizePalette
OffsetClipRgn
ExtSelectClipRgn
BitBlt
SelectClipRgn
DeleteObject
CreateRectRgn
SetRectRgn
GdiFlush
SetDIBColorTable
CombineRgn
OffsetRgn
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
CreateDCW
GetDeviceCaps
Rectangle
GetStockObject
SelectObject
LineTo
CreateCompatibleBitmap
CreateCompatibleDC
StretchDIBits
GetCurrentObject
SetStretchBltMode
SetBrushOrgEx
StretchBlt
UpdateColors
PatBlt
CreateSolidBrush
GetNearestPaletteIndex

advapi32

RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
GetUserNameW
RegConnectRegistryW
GetSecurityDescriptorLength
GetFileSecurityW
SetFileSecurityW
CredFree
RegCreateKeyW
RegOpenKeyW
RegFlushKey
RegOpenKeyA
TraceMessage
CredWriteDomainCredentialsW
CredReadDomainCredentialsW
CredUnmarshalCredentialW
GetUserNameA
CredGetSessionTypes
CredWriteW
CredDeleteW
CredReadW

shlwapi

PathRemoveFileSpecW
ord388

ole32

OleRegGetUserType
WriteClassStm
OleSaveToStream
CreateOleAdviseHolder
StringFromCLSID
CLSIDFromString
CreateDataAdviseHolder
CoTaskMemRealloc
CoTaskMemAlloc
OleRegGetMiscStatus
OleLoadFromStream
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
OleUninitialize
OleInitialize
OleIsCurrentClipboard
OleSetClipboard
CoInitializeEx
ReleaseStgMedium
CoGetMalloc
OleRegEnumVerbs
OleGetClipboard

crypt32

CryptSignMessage
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgClose
CertVerifyCertificateChainPolicy
CertDuplicateCertificateContext
CertOpenStore
CertAddCertificateContextToStore
CertCloseStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CryptVerifyDetachedMessageSignature
CryptDecodeObject
CertFindExtension
CertFindCertificateInStore
CertCompareCertificate
CertGetEnhancedKeyUsage
CertGetNameStringW
CertGetCertificateChain
CryptBinaryToStringW
CryptStringToBinaryW
CertVerifySubjectCertificateContext
CertDuplicateCertificateChain
CertFreeCertificateChain
CryptProtectData
CertCreateCertificateContext

wininet

InternetGetCookieW

setupapi

SetupDiOpenClassRegKeyExW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiOpenDeviceInfoW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

winspool.drv

EndDocPrinter
GetPrinterDriverW
GetPrinterW
GetPrinterDataW
ClosePrinter
OpenPrinterW
PrinterProperties
DeviceCapabilitiesW
StartPagePrinter
EnumPrintersW
WritePrinter
GetJobW
SetJobW
GetJobA
SetJobA
SetPrinterW
GetPrinterA
EndPagePrinter
DocumentPropertiesW
StartDocPrinterW

winmm

waveOutReset
waveOutUnprepareHeader
waveOutWrite
waveOutClose
waveOutOpen
waveOutSetVolume
waveOutGetPitch
waveOutGetVolume
waveOutPrepareHeader

rpcrt4

CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
NdrMesTypeFree2
NdrMesTypeDecode2
NdrMesTypeEncode2
MesEncodeDynBufferHandleCreate
MesDecodeBufferHandleCreate
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
MesHandleFree
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate

shell32

SHFileOperationW
ExtractIconW
Shell_NotifyIconW
SHAppBarMessage
ord100
DragQueryFileW

urlmon

CopyStgMedium

cryptui

CryptUIDlgViewCertificateW

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

credui

CredUIPromptForCredentialsW
CredUIParseUserNameW

secur32

InitializeSecurityContextW
AcquireCredentialsHandleW
GetUserNameExW
QueryContextAttributesW
DeleteSecurityContext
DecryptMessage
EncryptMessage
FreeCredentialsHandle
FreeContextBuffer
QuerySecurityPackageInfoW

iphlpapi

GetBestInterfaceEx

msimg32

GradientFill

netapi32

NetApiBufferFree
NetGetJoinInformation

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetTscCtlVer
DllRegisterServer
DllUnregisterServer
RegisterTransportExtDll

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 555B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b11b2341df1ef7a40d19843e8ff84df

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

ntdll

ws2_32

kernel32

user32

gdi32

advapi32

shlwapi

ole32

crypt32

wininet

setupapi

winspool.drv

winmm

rpcrt4

shell32

urlmon

cryptui

wtsapi32

credui

secur32

iphlpapi

msimg32

netapi32

version

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.orpc Size: 1024B - Virtual size: 555B

.data Size: 19KB - Virtual size: 35KB

.rsrc Size: 384KB - Virtual size: 384KB

.reloc Size: 100KB - Virtual size: 100KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.orpc
Size: 1024B - Virtual size: 555B

.data
Size: 19KB - Virtual size: 35KB

.rsrc
Size: 384KB - Virtual size: 384KB

.reloc
Size: 100KB - Virtual size: 100KB