0e8d43a64947bc0300413494751a7226_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e8d43a64947bc0300413494751a7226_JaffaCakes118
Size

1.4MB
MD5

0e8d43a64947bc0300413494751a7226
SHA1

94983226c0924746198044343b8cd719d2cae616
SHA256

1812f982b2f605899de00d521880d35e1004373dc1d6288a9b1c9840e9f47663
SHA512

de761b560d5c4f35b93f50a2cd7c38c05b923edc3d32da1db853291d83edeb671d26b6e3fcbf6d08808fc7488ba1a2a64773e3079264d838c924acbe75f871ba
SSDEEP

24576:HV+WW1lOzTEdiqUE9yeqdAo/KHNF/4u8abCaw1IjNVdgu5:1+FSTEdiqb0eqOoSb/4u88CzIjNVdg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e8d43a64947bc0300413494751a7226_JaffaCakes118

Files

0e8d43a64947bc0300413494751a7226_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

be7add6560b15c5bc3f7a0b1f583a08e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Work\.Current\Freecause\Trunk\SVN.Trunk\package\Toolbar.pdb

Imports

urlmon

ObtainUserAgentString
IsValidURL
URLDownloadToFileW

wininet

InternetConnectA
InternetOpenA
InternetCrackUrlA
InternetCrackUrlW
InternetGetConnectedState
InternetSetCookieW
InternetGetCookieW
FindCloseUrlCache
FindNextUrlCacheEntryW
InternetQueryOptionW
FindFirstUrlCacheEntryW
InternetCloseHandle
InternetErrorDlg
HttpQueryInfoA
HttpSendRequestW
HttpOpenRequestA
InternetConnectW
InternetOpenW
InternetSetOptionW
HttpAddRequestHeadersA
DeleteUrlCacheEntryW
InternetReadFile

shlwapi

PathIsRelativeW
PathFindFileNameW
UrlUnescapeW
SHDeleteKeyW
SHCopyKeyW
PathIsDirectoryW
PathStripPathW
UrlIsW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW

rpcrt4

UuidFromStringW
UuidToStringW
UuidCreate
RpcStringFreeW

setupapi

SetupIterateCabinetW

dbghelp

SymGetSymFromAddr
SymCleanup
SymLoadModule
SymInitialize
SymSetOptions
SymFunctionTableAccess
StackWalk
SymGetLineFromAddr
SymGetModuleBase
SymGetOptions

winmm

PlaySoundW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

RtlUnwind
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
WideCharToMultiByte
lstrlenW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetLastError
lstrcmpiW
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
Sleep
lstrcpyW
HeapFree
GetProcessHeap
GlobalAlloc
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
lstrlenA
DeleteFileW
CopyFileW
GlobalFree
GlobalHandle
GetCurrentProcessId
LocalFree
FindNextFileW
FindClose
WaitForSingleObject
IsDebuggerPresent
CreateMutexA
CloseHandle
GetFullPathNameW
FindFirstFileW
GetFileAttributesExW
GetVersionExW
GetCurrentThread
CreateDirectoryW
RemoveDirectoryW
MoveFileW
CreateMutexW
WriteFile
CreateFileW
LoadLibraryA
DisableThreadLibraryCalls
lstrcatW
GlobalDeleteAtom
GlobalAddAtomW
GlobalGetAtomNameW
ResumeThread
SetThreadPriority
CreateThread
LocalAlloc
GetFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetEvent
CreateEventW
OutputDebugStringW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Module32NextW
Module32FirstW
TerminateProcess
GetShortPathNameW
GlobalGetAtomNameA
GetTickCount
ReadFile
GetFileSize
QueueUserWorkItem
SetUnhandledExceptionFilter
HeapAlloc
IsBadWritePtr
ReadProcessMemory
lstrcpynW
IsBadCodePtr
IsBadReadPtr
WinExec
TerminateThread
OpenThread
SetFileAttributesW
CreateProcessW
MoveFileExW
DebugBreak
SetCurrentDirectoryW
UnhandledExceptionFilter
GlobalAddAtomA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedExchange
HeapDestroy
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo
VirtualQuery
ExitThread
GetCommandLineA
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapReAlloc
HeapSize
ReleaseMutex
InterlockedCompareExchange

user32

EnableWindow
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
SetParent
EnumWindows
SetRect
SubtractRect
GetLayeredWindowAttributes
AnimateWindow
SendMessageTimeoutW
SetLastErrorEx
DialogBoxParamW
wsprintfW
GetActiveWindow
LoadBitmapW
SetActiveWindow
AppendMenuW
ValidateRect
GetWindowRgnBox
RemoveMenu
GetMenuItemCount
CreatePopupMenu
IsMenu
LoadCursorFromFileW
DestroyCursor
UpdateWindow
LoadImageW
OffsetRect
FrameRect
GetWindowDC
CopyRect
MapWindowPoints
GetMessagePos
GetSystemMetrics
GetIconInfo
SetCursor
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetWindowThreadProcessId
MessageBoxW
GetKeyState
CreateAcceleratorTableW
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
DrawTextW
ReleaseCapture
GetDlgItem
IsChild
SetCapture
InvalidateRgn
ScreenToClient
MoveWindow
GetSysColor
DialogBoxIndirectParamW
IsRectEmpty
CharUpperBuffW
SetWindowsHookExW
SetDlgItemTextW
SetWindowContextHelpId
MapDialogRect
EndDialog
GetMessageW
EnumChildWindows
CallNextHookEx
UnhookWindowsHookEx
SetLayeredWindowAttributes
PeekMessageW
TranslateMessage
UpdateLayeredWindow
GetAncestor
ClientToScreen
EnumThreadWindows
GetParent
GetClassNameW
PostMessageW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
LoadCursorW
IsWindow
GetWindow
SetFocus
KillTimer
SetTimer
RedrawWindow
IsWindowVisible
ShowWindow
InvalidateRect
ReleaseDC
GetDC
GetClientRect
GetWindowRect
SetWindowPos
SendMessageW
GetWindowLongW
SetWindowLongW
DestroyWindow
CharLowerBuffW
CharNextW
CreateDialogParamW
MonitorFromWindow
GetMonitorInfoW
SystemParametersInfoW
AdjustWindowRectEx
GetDlgCtrlID
IsWindowEnabled
GetMenu
PtInRect
GetMenuItemInfoW
GetCapture
GetAsyncKeyState
TrackPopupMenu
GetCursorPos
DestroyMenu
DrawEdge
DestroyIcon
FillRect
SetWindowRgn
UnregisterClassA
FindWindowW
DispatchMessageW

gdi32

SetBkMode
SelectObject
DeleteObject
GetTextExtentPointW
MoveToEx
LineTo
CreateRectRgnIndirect
RestoreDC
SaveDC
CombineRgn
GetPixel
TextOutW
CreateBrushIndirect
StretchBlt
SetBkColor
SetTextColor
SetViewportOrgEx
CreatePatternBrush
GetTextMetricsW
CreateRectRgn
SelectClipRgn
CreateSolidBrush
CreatePen
GetObjectW
ExcludeClipRect
CreateFontIndirectW
ExtTextOutW
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
GetDeviceCaps
CreateDIBSection
CreateFontW
GetTextExtentPoint32W

shell32

SHFileOperationW
ShellExecuteW
DragQueryFileW
DoEnvironmentSubstW

ole32

OleDraw
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoCreateGuid
OleInitialize
OleUninitialize
CoInitialize
ReleaseStgMedium
CoUninitialize
RegisterDragDrop

oleaut32

SysStringLen
SysFreeString
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
VarBstrCmp
VariantInit
VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantCopy
VariantChangeType
OleCreateFontIndirect
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
CreateDispTypeInfo
DispCallFunc
DispGetIDsOfNames
DispInvoke
SafeArrayDestroy
SafeArrayCreateVector
UnRegisterTypeLi
RegisterTypeLi
VarBstrCat

Exports

Exports

AttachProxyInstance
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FixTypeLib
TBCOM_GetComponent
ToolbarUpdateProc
raw_CheckRedirection
raw_IsWellFormedXML
raw_ParseIndependentVars
raw_ReportError

Sections

.text
Size: 957KB - Virtual size: 956KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be7add6560b15c5bc3f7a0b1f583a08e

Headers

File Characteristics

PDB Paths

Imports

urlmon

wininet

shlwapi

rpcrt4

setupapi

dbghelp

winmm

version

kernel32

user32

gdi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 957KB - Virtual size: 956KB

.rdata Size: 313KB - Virtual size: 312KB

.data Size: 43KB - Virtual size: 60KB

.SHARED Size: 7KB - Virtual size: 7KB

.rsrc Size: 59KB - Virtual size: 59KB

.reloc Size: 98KB - Virtual size: 98KB

.text
Size: 957KB - Virtual size: 956KB

.rdata
Size: 313KB - Virtual size: 312KB

.data
Size: 43KB - Virtual size: 60KB

.SHARED
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 59KB - Virtual size: 59KB

.reloc
Size: 98KB - Virtual size: 98KB