0ab87fa3987b8ad91271faed66d714b4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ab87fa3987b8ad91271faed66d714b4_JaffaCakes118
Size

911KB
MD5

0ab87fa3987b8ad91271faed66d714b4
SHA1

70723e20870d75f8d7ab18787882974c04152c9e
SHA256

1bfaa4b5e7928eb5205a4083ffc9612ca1a9c396e2aa57b4509558deefcefb66
SHA512

e01f75fedcb438e41222815893b53671bec25684f5b5b3fa261fe44ac80ff827337fe40245b02397d1972ef75b9980c6500778c2b2b932490411ad9073e3cb8b
SSDEEP

12288:O9HWklGt9GRLpnUBSyTlVXgWAC+uQtd+h:O9HWkwtET2SilBg/C+uQt4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ab87fa3987b8ad91271faed66d714b4_JaffaCakes118

Files

0ab87fa3987b8ad91271faed66d714b4_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

4c2639609f80cb1dab25f770553f4ce8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

shimgvw.pdb

Imports

msvcrt

_except_handler3
_ftol
sscanf
realloc
free
malloc

kernel32

LocalFileTimeToFileTime
SystemTimeToFileTime
FormatMessageW
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
GetProcessHeap
HeapAlloc
VirtualFree
VirtualAlloc
FileTimeToSystemTime
GetFileAttributesW
GetFileInformationByHandle
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetVersionExA
GetLocaleInfoW
GetModuleHandleA
lstrcmpA
WideCharToMultiByte
GetWindowsDirectoryW
DelayLoadFailureHook
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
LocalFree
MulDiv
SetEvent
InterlockedExchange
GetUserDefaultLCID
CloseHandle
WaitForSingleObject
GetTickCount
ResetEvent
lstrlenW
CreateEventA
SetFileAttributesW
GetTempFileNameW
GetTempPathW
GetLastError
GlobalFree
GlobalUnlock
DisableThreadLibraryCalls
GetModuleHandleW
GetShortPathNameW
GetModuleFileNameW
lstrcatW
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
GetLongPathNameW
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
lstrcpynA
lstrcmpiA
LoadLibraryW
GetProcAddress
FreeLibrary
LoadLibraryExA
DeleteFileW
lstrcpynW
GetFileAttributesExW
ReplaceFileW
CompareFileTime
SetFileTime
LocalAlloc
CreateFileW
GetFileSizeEx
GlobalAlloc
GlobalLock
ReadFile
lstrcpyA

user32

CallWindowProcW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetWindowPlacement
SetWindowPlacement
UpdateWindow
InvalidateRect
IsWindowVisible
SetTimer
KillTimer
EnableWindow
SetActiveWindow
MessageBoxW
IsRectEmpty
SetRectEmpty
InflateRect
OffsetRect
IntersectRect
UnionRect
EqualRect
PostQuitMessage
GetFocus
PtInRect
SetScrollInfo
DrawTextW
SystemParametersInfoW
SetRect
ScreenToClient
GetCursorPos
TrackMouseEvent
TranslateAcceleratorW
LoadAcceleratorsW
PeekMessageW
SendMessageTimeoutW
DefWindowProcW
MonitorFromWindow
AdjustWindowRectEx
LoadIconW
EndDialog
SetDlgItemInt
GetDlgItem
GetDlgItemInt
DestroyMenu
TrackPopupMenuEx
MapWindowPoints
ClientToScreen
InsertMenuItemW
CreatePopupMenu
ReleaseCapture
SetCapture
GetCapture
GetKeyState
RemoveMenu
GetMenuState
DestroyWindow
RegisterClipboardFormatW
FindWindowW
PostMessageW
GetSystemMetrics
GetWindowRect
GetWindowLongW
IsIconic
ShowWindow
SetForegroundWindow
SendMessageW
DestroyIcon
SetWindowLongW
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
SetFocus
GetClientRect
GetDCEx
SetScrollPos
CopyRect
FrameRect
GetSysColor
GetParent
DestroyAcceleratorTable
IsWindow
IsChild
BeginPaint
EndPaint
SetWindowRgn
CharNextW
GetDesktopWindow
AppendMenuW
GetScrollInfo
TrackPopupMenu
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
ReleaseDC
GetDC
wsprintfA
GetWindowLongA
CharNextA
GetMenuItemCount
DialogBoxParamW
CreateWindowExW
FillRect
GetSysColorBrush
MsgWaitForMultipleObjects
SetCursor
LoadCursorA
SetMenuDefaultItem
InsertMenuW
LoadStringW
LoadStringA
SetWindowPos
GetAsyncKeyState

gdi32

CreateDIBSection
GetDeviceCaps
BitBlt
SetLayout
SetTextColor
SetBkColor
ExtTextOutW
InvertRgn
CombineRgn
CreateRectRgnIndirect
CreateRectRgn
CreateFontIndirectW
LineTo
MoveToEx
CreatePen
CloseMetaFile
RestoreDC
SetWindowOrgEx
SaveDC
CreateMetaFileW
SelectPalette
CreateCompatibleDC
GetPaletteEntries
RealizePalette
StretchDIBits
CreateSolidBrush
SetStretchBltMode
SelectClipRgn
CreatePatternBrush
CreateBitmap
PatBlt
GetClipBox
SetRectRgn
SetROP2
SetBkMode
UnrealizeObject
SetMetaFileBitsEx
SelectObject
Rectangle
SetViewportOrgEx
PlayMetaFile
DeleteMetaFile
DeleteObject
DeleteDC
SetMapMode
SetWindowExtEx
SetViewportExtEx
LPtoDP
GetStockObject
Polyline
ModifyWorldTransform
DPtoLP
SetWorldTransform
SetGraphicsMode
CreateCompatibleBitmap

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExA
RegOpenKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExA

shlwapi

ord270
StrRetToBufW
ord302
ord425
ord476
ord157
StrChrW
ord41
SHStrDupA
ord217
StrToIntExW
SHGetInverseCMAP
StrDupW
PathMatchSpecW
ord219
ord16
SHCreateShellPalette
SHStrDupW
StrCmpIW
PathFindExtensionW
ord294
ord193
ord60
ord116
ord75
SHRegGetUSValueW
StrCpyNW
ord346
PathFindFileNameW
ord215
ord199
PathRemoveFileSpecW
SHCreateStreamOnFileEx
PathIsURLW
ord496
StrStrIW
ord176
SHReleaseThreadRef
ord191
ord168
AssocQueryStringW
ord477
ord197
StrCatBuffW
wnsprintfW
ord497
ord165
PathRemoveExtensionW
ord174
PathRenameExtensionW
SHGetValueW
SHDeleteEmptyKeyW
SHDeleteKeyW
SHSetValueW
SHSetValueA
SHGetValueA
SHDeleteKeyA
wnsprintfA
ord24
SHRegSetPathW
ord158

shell32

ord17
ord750
DragQueryFileW
ord182
ord155
SHAddToRecentDocs
ord2
ord4
SHGetFileInfoW
ord28
ShellExecuteExW
ord645
ord644
SHFileOperationW
ord749
ord16
SHBindToParent
ord18
SHGetDesktopFolder
SHChangeNotify

ole32

CreateOleAdviseHolder
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
StringFromCLSID
CoTaskMemRealloc
RevokeDragDrop
CoUnmarshalInterface
OleInitialize
OleUninitialize
ReleaseStgMedium
CoTaskMemAlloc
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CLSIDFromProgID
CreateBindCtx
CoTaskMemFree
CoCreateInstance
StgOpenStorage
PropVariantClear
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
RegisterDragDrop

oleaut32

SysFreeString
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantChangeType
VariantClear
SysStringLen
LoadRegTypeLi
SysAllocStringLen
SysAllocString
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
OleCreatePropertyFrame
SafeArrayGetUBound
SafeArrayDestroy
SystemTimeToVariantTime
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayCreateVector
SafeArrayGetElemsize

gdiplus

GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreateHalftonePalette
GdipDrawImageRectI
GdipReleaseDC
GdipGetImageDecoders
GdipGetImageDecodersSize
GdipCreateBitmapFromHBITMAP
GdipGetImageThumbnail
GdipCloneImage
GdipAlloc
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipSetPageUnit
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipFree
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapSetResolution
GdipCreateBitmapFromScan0
GdipSetPropertyItem
GdipRemovePropertyItem
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertyIdList
GdipGetPropertyCount
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetImageRawFormat
GdipGetImageFlags
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageBounds
GdipSaveAddImage
GdipSaveImageToStream
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipGetImagePixelFormat

Exports

Exports

ConvertDIBSECTIONToThumbnail
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
ImageView_COMServer
ImageView_Fullscreen
ImageView_FullscreenA
ImageView_FullscreenW
ImageView_PrintTo
ImageView_PrintToA
ImageView_PrintToW
imageview_fullscreenW

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 725KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c2639609f80cb1dab25f770553f4ce8

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

gdi32

advapi32

shlwapi

shell32

ole32

oleaut32

gdiplus

Exports

Exports

Sections

.text Size: 170KB - Virtual size: 170KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 725KB - Virtual size: 724KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 170KB - Virtual size: 170KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 725KB - Virtual size: 724KB

.reloc
Size: 12KB - Virtual size: 12KB