23dc998d2bc0b4f174219a8d5fc39845_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

23dc998d2bc0b4f174219a8d5fc39845_JaffaCakes118
Size

179KB
MD5

23dc998d2bc0b4f174219a8d5fc39845
SHA1

aae3c702f7020dc1f825e20017087d953151d310
SHA256

519fee6d1ef995a05d2984c897bc156a314f6589db74b3215202eb8d0494d45b
SHA512

4a208196a4802e65f273d108ca9f8b4fc64e897ba8b44d682d94edc9131e435d8a855e1094cc832c485448f9f0bcd2edff54b1e5e12a4a7ac3d528bde3f59caa
SSDEEP

3072:BxTDuPbum3GoVqFsraf/4O0MsWAhxBj1bqzKFD/Vv+A+kiB:VYGoVwX1oxBj1bGILVGF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23dc998d2bc0b4f174219a8d5fc39845_JaffaCakes118

Files

23dc998d2bc0b4f174219a8d5fc39845_JaffaCakes118
.dll windows:5 windows x86 arch:x86

9259dd719c64f785011471ea22ca8a9b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msoert2.pdb

Imports

kernel32

LocalFree
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsFree
GetVersionExA
TlsAlloc
lstrcmpiA
DeleteFileA
GetTempFileNameA
GetTempPathA
RemoveDirectoryA
GetFileAttributesA
IsDBCSLeadByte
ExpandEnvironmentStringsA
MultiByteToWideChar
GetDriveTypeA
GetDriveTypeW
LocalAlloc
RtlMoveMemory
SystemTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
FlushFileBuffers
TlsSetValue
TlsGetValue
IsDBCSLeadByteEx
GetStringTypeExA
GetStringTypeExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetCurrentProcessId
GetTempFileNameW
GetTempPathW
CreateFileW
QueryPerformanceCounter
lstrcmpA
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
ExitProcess
GetModuleHandleA
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
RtlUnwind
InterlockedExchange
VirtualQuery
VirtualProtect
GetSystemInfo
GetWindowsDirectoryA
WideCharToMultiByte
SetLastError
GetACP
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrcpynA
CreateMutexA
CreateFileA
GetLastError
GetFileSize
SetFilePointer
SetEndOfFile
GetModuleFileNameA
WriteFile
GetLocalTime
ReleaseMutex
DeleteCriticalSection
lstrlenA
CreateThread
WaitForSingleObject
CloseHandle
InterlockedDecrement
GetCurrentThreadId
GetTickCount
InterlockedIncrement

ole32

CoTaskMemRealloc
CreateStreamOnHGlobal
CoGetMalloc
CoCreateInstance
CoUninitialize
CoInitialize

user32

TrackMouseEvent
GetSysColor
GetSysColorBrush
GetClientRect
InvalidateRect
SetWindowPos
GetDC
GetSystemMetrics
SendMessageA
DrawTextA
ReleaseDC
GetParent
CharLowerA
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
CreateWindowExA
EndPaint
FrameRect
SetWindowLongW
GetWindowThreadProcessId
SendMessageTimeoutA
PostMessageA
LoadStringA
MessageBoxA
IsRectEmpty
SystemParametersInfoA
GetWindowRect
OffsetRect
IsWindow
CharPrevA
CharNextA
CreatePopupMenu
AppendMenuA
CheckMenuRadioItem
GetMenuItemCount
GetMenuStringA
LoadCursorA
GetClassInfoA
RegisterClassA
SetWindowTextA
SetWindowLongA
GetWindowLongA
DefWindowProcA
BeginPaint
DestroyWindow
FillRect

advapi32

RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
CryptAcquireContextA
RegCreateKeyA

gdi32

SelectObject
SetTextColor
DeleteDC
DeleteObject
RestoreDC
BitBlt
CreateCompatibleBitmap
SaveDC
CreateCompatibleDC
GetStockObject
GetTextExtentPoint32A
ExtTextOutA
GetObjectA
GetDeviceCaps
SetBkColor

shlwapi

ord153
UrlCanonicalizeW
PathCreateFromUrlW
UrlCanonicalizeA
PathCreateFromUrlA
StrChrW
StrChrA
StrStrIA
SHRegGetUSValueA
PathFileExistsA
StrCmpIW
PathFindFileNameW
PathFindExtensionW
StrCatBuffW
PathFileExistsW
wnsprintfW
PathFindFileNameA
StrCpyNW
StrCmpNIA
wvnsprintfA
PathFindExtensionA
StrCatBuffA
wnsprintfA

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
SysAllocStringLen
SysFreeString

Exports

Exports

AppendTempFileList
AthwsprintfW
BrowseForFolder
BrowseForFolderW
BuildNotificationPackage
CchFileTimeToDateTimeSz
CchFileTimeToDateTimeW
CenterDialog
ChConvertFromHex
CleanupFileNameInPlaceA
CleanupFileNameInPlaceW
CleanupGlobalTempFiles
CopyRegistry
CrackNotificationPackage
CreateDataObject
CreateEnumFormatEtc
CreateInfoWindow
CreateLogFile
CreateNotify
CreateStreamOnHFile
CreateStreamOnHFileW
CreateSystemHandleName
CreateTempFile
CreateTempFileStream
CryptAllocFunc
CryptFreeFunc
DeleteTempFile
DeleteTempFileOnShutdown
DeleteTempFileOnShutdownEx
DoHotMailWizard
FBuildTempPath
FBuildTempPathW
FInitializeRichEdit
FIsEmptyA
FIsEmptyW
FIsHTMLFile
FIsHTMLFileW
FIsSpaceA
FIsSpaceW
FIsValidFileNameCharA
FIsValidFileNameCharW
FMissingCert
FreeTempFileList
GenerateUniqueFileName
GetDllMajorVersion
GetExePath
GetHtmlCharset
GetRichEdClassStringW
HrBSTRToLPSZ
HrByteToStream
HrCheckTridentMenu
HrCopyLockBytesToStream
HrCopyStream
HrCopyStreamCB
HrCopyStreamCBEndOnCRLF
HrCopyStreamToByte
HrCreatePhonebookEntry
HrCreateTridentMenu
HrDecodeObject
HrEditPhonebookEntry
HrFillRasCombo
HrFindInetTimeZone
HrGetBodyElement
HrGetCertKeyUsage
HrGetCertificateParam
HrGetElementImpl
HrGetMsgParam
HrGetStreamPos
HrGetStreamSize
HrGetStyleSheet
HrIStreamToBSTR
HrIStreamWToBSTR
HrIndexOfMonth
HrIndexOfWeek
HrIsStreamUnicode
HrLPSZCPToBSTR
HrLPSZToBSTR
HrRewindStream
HrSafeGetStreamSize
HrSetDirtyFlagImpl
HrStreamSeekBegin
HrStreamSeekCur
HrStreamSeekEnd
HrStreamSeekSet
HrStreamToByte
HrVerifyCertEnhKeyUsage
IDrawText
IUnknownList_CreateInstance
IVoidPtrList_CreateInstance
IsDigit
IsHttpUrlA
IsPlatformWinNT
IsPrint
IsUpper
IsValidFileIfFileUrl
IsValidFileIfFileUrlW
LoadMappedToolbarBitmap
MessageBoxInst
MessageBoxInstW
OpenFileStream
OpenFileStreamShare
OpenFileStreamShareW
OpenFileStreamW
OpenFileStreamWithFlags
OpenFileStreamWithFlagsW
PSTCreateTypeSubType_NoUI
PSTFreeHandle
PSTGetData
PSTSetNewData
PVDecodeObject
PVGetCertificateParam
PVGetMsgParam
PszAllocA
PszAllocW
PszDayFromIndex
PszDupA
PszDupLenA
PszDupW
PszEscapeMenuStringA
PszFromANSIStreamA
PszMonthFromIndex
PszScanToCharA
PszScanToWhiteA
PszSkipWhiteA
PszSkipWhiteW
PszToANSI
PszToUnicode
ReplaceChars
ReplaceCharsW
RicheditStreamIn
RicheditStreamOut
SetFontOnRichEd
SetIntlFont
SetWindowLongPtrAthW
ShellUtil_GetSpecialFolderPath
StrChrExA
StrToUintA
StrToUintW
StrTokEx
StreamSubStringMatch
StripCRLF
SzGetCertificateEmailAddress
UlStripWhitespace
UlStripWhitespaceW
UnlocStrEqNW
UpdateRebarBandColors
WriteStreamToFile
WriteStreamToFileHandle
WriteStreamToFileW
WszGenerateNameFromBlob
_MSG
fGetBrowserUrlEncoding
strtrim
strtrimW

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9259dd719c64f785011471ea22ca8a9b

Headers

File Characteristics

PDB Paths

Imports

kernel32

ole32

user32

advapi32

gdi32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: 87KB - Virtual size: 86KB

.data Size: 80KB - Virtual size: 100KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 87KB - Virtual size: 86KB

.data
Size: 80KB - Virtual size: 100KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB