0fd0023347fcef8ac888d4a0e3c61fe1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0fd0023347fcef8ac888d4a0e3c61fe1_JaffaCakes118
Size

1.4MB
MD5

0fd0023347fcef8ac888d4a0e3c61fe1
SHA1

0df57d0312499b5ec7c8c4c58d97dd424b7ef417
SHA256

493e8ffa6dd24941faedd2a72e119f09f85835c7743191fa036b609886071d21
SHA512

22724c420f76bfdfef65a42019792cc0cb5fced5ab00d7c0b46a3f12b20891d6120dbe88499623734370e2efe564e87787f356a8668fadf55f5dbbe42bdf0d5a
SSDEEP

24576:HWjwgi3xjA2eCJHU3qZTMQ3N1BhRn7hc3xkwh7iDg8QWcd:HWxiy2eRqKuU38U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fd0023347fcef8ac888d4a0e3c61fe1_JaffaCakes118

Files

0fd0023347fcef8ac888d4a0e3c61fe1_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

e60bbbfbc6b1c1b60090e8425bed75e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

quartz.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryValueExA
RegQueryValueW
RegFlushKey
RegCreateKeyExW
RegQueryInfoKeyW
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegOpenKeyExW

gdi32

CreateRectRgn
SetDIBColorTable
SetTextCharacterExtra
EnumFontFamiliesExW
SetDIBitsToDevice
StretchDIBits
GetObjectW
CreateDCW
SetStretchBltMode
StretchBlt
CreateDIBSection
BitBlt
SetBkMode
SetTextColor
GetTextExtentPoint32W
SelectPalette
CreateRectRgnIndirect
CombineRgn
FillRgn
GetStockObject
CreatePalette
SetBkColor
ExtTextOutW
GetPixel
SetPixel
GdiFlush
GetClipBox
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
CreateSolidBrush
PatBlt
GetDIBits
GetSystemPaletteEntries
CreateFontIndirectW
ExtCreateRegion
EqualRgn
GetDCOrgEx
DeleteObject
GetDeviceCaps
RealizePalette

kernel32

GetProfileIntW
GetProfileStringA
GetPrivateProfileStringA
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
LocalAlloc
LocalFree
HeapAlloc
GetProcessHeap
HeapFree
WriteProfileStringW
SetErrorMode
GetDiskFreeSpaceW
GetDriveTypeW
GetFileSize
LocalUnlock
LocalLock
LocalReAlloc
CompareStringA
lstrcmpA
lstrcpynA
IsBadWritePtr
IsBadReadPtr
GetShortPathNameA
GetACP
lstrcmpiA
CreateFileMappingW
MapViewOfFile
CreateSemaphoreW
UnmapViewOfFile
OpenProcess
GetExitCodeProcess
lstrcpyA
CompareStringW
GetTempPathW
GetFileInformationByHandle
GetFullPathNameW
WriteFile
QueryPerformanceFrequency
ReleaseMutex
CreateMutexW
HeapDestroy
WideCharToMultiByte
FreeLibraryAndExitThread
Sleep
CreateFileW
lstrcatW
SetFilePointer
ReadFile
FormatMessageA
GetModuleHandleA
FormatMessageW
CreateThread
GetCurrentThread
GetThreadPriority
SetThreadPriority
InterlockedExchange
lstrcpyW
LoadLibraryW
GetLastError
lstrlenA
GetModuleHandleW
GetModuleFileNameW
DisableThreadLibraryCalls
GetVersionExW
lstrcmpW
VirtualFree
GetSystemInfo
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
ResetEvent
SetEvent
CreateEventW
CloseHandle
InterlockedDecrement
InterlockedIncrement
lstrlenW
lstrcpynW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DelayLoadFailureHook
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LoadLibraryA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
GetModuleFileNameA
MultiByteToWideChar
lstrcmpiW
DeviceIoControl
MapViewOfFileEx
VirtualAlloc
MulDiv
RaiseException

msvcrt

??3@YAXPAX@Z
wcsrchr
_ftol
free
_initterm
malloc
??2@YAPAXI@Z
_adjust_fdiv
__dllonexit
_onexit
_ltow
towupper
atoi
memmove
getenv
sscanf
_local_unwind2
sprintf
wcscpy
_strdup
_except_handler3
_wtoi
wcslen

ole32

CoUninitialize
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree
CLSIDFromString
CreateBindCtx
CoCreateFreeThreadedMarshaler
MkParseDisplayName
CreateStreamOnHGlobal
StringFromCLSID
StgOpenStorage
StgIsStorageFile
IIDFromString
CoTaskMemRealloc

oleaut32

RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
SysReAllocString
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayDestroy
SafeArrayCreate
SysStringLen
SysAllocStringLen
VariantInit
VariantCopy
VariantChangeType
LoadRegTypeLi
SetErrorInfo

rpcrt4

NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrClientCall2
NdrDllCanUnloadNow

shell32

SHGetFolderPathW

user32

GetWindowLongW
GetParent
GetWindowPlacement
MonitorFromRect
ChangeDisplaySettingsExA
IntersectRect
ScreenToClient
MapWindowPoints
SetRectEmpty
GetClientRect
ClientToScreen
EnumDisplayMonitors
EnumDisplayDevicesW
SetWindowsHookExW
InvalidateRect
UnhookWindowsHookEx
GetWindowRect
EnableWindow
GetDesktopWindow
SystemParametersInfoW
MessageBoxW
GetDlgItem
DialogBoxParamW
EndDialog
SendDlgItemMessageW
IsRectEmpty
IsWindowVisible
GetSystemMetrics
EqualRect
SetRect
wsprintfA
MonitorFromWindow
GetMonitorInfoW
InSendMessage
IsWindow
KillTimer
SetTimer
EndPaint
SetCursor
BeginPaint
DestroyCursor
LoadImageW
SetKeyboardState
DestroyWindow
CreateDialogParamW
SetDlgItemTextW
SetParent
IsZoomed
SetWindowLongW
FillRect
OffsetRect
ChangeDisplaySettingsExW
GetWindowTextW
SetWindowTextW
MoveWindow
SetForegroundWindow
ShowWindow
GetForegroundWindow
SetWindowPos
UpdateWindow
GetDlgItemInt
GetKeyboardState
SendMessageW
GetWindowThreadProcessId
LoadStringW
GetDC
ReleaseDC
GetMessageW
TranslateMessage
PostMessageW
CharNextW
DispatchMessageW
GetQueueStatus
RegisterWindowMessageW
PostThreadMessageW
wvsprintfW
MsgWaitForMultipleObjects
PeekMessageW
wsprintfW
AdjustWindowRectEx
DefWindowProcW
CreateWindowExW
RegisterClassW
LoadCursorW
GetClassInfoW
ReplyMessage
IsIconic

winmm

timeGetTime
timeSetEvent
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
timeKillEvent
midiStreamClose
midiOutGetErrorTextW
midiStreamPosition
midiStreamPause
midiOutPrepareHeader
midiStreamRestart
midiOutUnprepareHeader
midiStreamOut
mixerGetControlDetailsW
mixerSetControlDetails
mixerGetLineControlsW
mixerGetDevCapsW
mixerGetLineInfoW
mixerGetNumDevs
midiOutGetNumDevs
midiStreamProperty
midiStreamOpen
midiOutReset
waveOutGetNumDevs
waveOutClose
waveOutGetDevCapsW
waveOutGetErrorTextW
waveOutGetPosition
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutUnprepareHeader
waveOutWrite
waveOutSetVolume
waveOutGetVolume

Exports

Exports

AMGetErrorTextA
AMGetErrorTextW
AmpFactorToDB
DBToAmpFactor
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 571B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 157KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e60bbbfbc6b1c1b60090e8425bed75e1

Headers

File Characteristics

PDB Paths

Imports

advapi32

gdi32

kernel32

msvcrt

ole32

oleaut32

rpcrt4

shell32

user32

winmm

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.orpc Size: 1024B - Virtual size: 571B

.data Size: 36KB - Virtual size: 221KB

.rsrc Size: 72KB - Virtual size: 72KB

.reloc Size: 54KB - Virtual size: 54KB

.text Size: 157KB - Virtual size: 160KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.orpc
Size: 1024B - Virtual size: 571B

.data
Size: 36KB - Virtual size: 221KB

.rsrc
Size: 72KB - Virtual size: 72KB

.reloc
Size: 54KB - Virtual size: 54KB

.text
Size: 157KB - Virtual size: 160KB