2aa1a3511768bebe29bb8b59f29535ae_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2aa1a3511768bebe29bb8b59f29535ae_JaffaCakes118
Size

615KB
MD5

2aa1a3511768bebe29bb8b59f29535ae
SHA1

9ee705e2481f1578a097f5328f4b81aedcd43598
SHA256

39cbd6e1bb8ab21678504e2cc40db2af00bdf67b6f066c52b967aed9d6ea7b0d
SHA512

cb41ad6165571cbd35f588163d3f22e37e90dda6bd4ce536bc5405ecb863f084c6eedbf2515d70f756c2a3ff91587cfc859adeaf87787db199bdd85d94a491df
SSDEEP

12288:i94n6/85MQFLAj0ytwq2fmnvhmaAu4wOV8GB+lvQ:i94b5U0PeXAu4wO+GB+l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2aa1a3511768bebe29bb8b59f29535ae_JaffaCakes118

Files

2aa1a3511768bebe29bb8b59f29535ae_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

35710dd3f2da126a4b7a7b7fae83a2fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\101028_140528_build_Client_Build_PabstBlueRibbon_3.0.517.0\source\source_BrowserExtension\bin\ShopperReports_Release\Pltfrm.pdb

Imports

iphlpapi

GetAdaptersInfo

sensapi

IsNetworkAlive

version

GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetThreadLocale
CreateMutexW
WaitForSingleObject
ReleaseMutex
CloseHandle
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
WideCharToMultiByte
FlushInstructionCache
GetCurrentProcess
GetFileTime
CreateFileW
GetVersionExW
lstrlenA
HeapFree
HeapReAlloc
GetCurrentThreadId
SetLastError
SetFileTime
WriteFile
GetProcessTimes
SetEvent
CreateEventW
ResetEvent
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCurrentProcessId
lstrcpynW
WaitForMultipleObjects
SetEndOfFile
GetFileSize
SetFilePointer
FlushFileBuffers
ReadFile
lstrcmpW
FileTimeToSystemTime
LoadLibraryW
DeleteFileW
RemoveDirectoryW
ResumeThread
SetThreadPriority
TerminateThread
Sleep
CreateThread
DeleteFileA
CreateFileA
ReleaseSemaphore
CreateSemaphoreW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
SystemTimeToFileTime
GetSystemDefaultLangID
GetTickCount
SetUnhandledExceptionFilter
VirtualQuery
IsBadWritePtr
GetCurrentThread
OutputDebugStringW
lstrcpyW
GlobalFree
GlobalHandle
GetVolumeInformationW
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetModuleHandleA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
GetSystemInfo
VirtualProtect
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapDestroy
SetThreadLocale
LoadLibraryExW
FreeLibrary
InterlockedIncrement
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
FormatMessageW
lstrlenW
GetProcessHeap
HeapAlloc
MultiByteToWideChar
InterlockedDecrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource

user32

CallWindowProcW
GetWindowLongW
CreateWindowExW
RegisterClassExW
DefWindowProcW
DestroyWindow
LoadCursorW
GetClassInfoExW
IsWindow
KillTimer
SetTimer
SetWindowLongW
CharNextW
UnregisterClassA
LoadStringW
PostThreadMessageW
GetParent
GetMessageW
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
TranslateMessage
PeekMessageW
PostMessageW
SendMessageW
GetClassNameW
EnumChildWindows
GetWindowTextW
EnumWindows
MapDialogRect
SetWindowPos
SendDlgItemMessageW
GetWindow
SetWindowContextHelpId
SetCapture
GetSysColor
MoveWindow
GetClientRect
ClientToScreen
GetDC
DispatchMessageW
CreateDialogIndirectParamW
ReplyMessage
GetTopWindow
SetDlgItemTextW
ShowWindow
UpdateWindow
wsprintfW
RegisterWindowMessageW
GetWindowTextLengthW
SetWindowTextW
CreateAcceleratorTableW
GetFocus
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
FillRect
ReleaseCapture
GetDlgItem
IsChild
ScreenToClient

gdi32

SelectObject
DeleteObject
CreateFontIndirectW
GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC

advapi32

RegSetValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegEnumKeyW
RegEnumValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteKeyW

shell32

FindExecutableW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

OleUninitialize
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CreateStreamOnHGlobal
CoMarshalInterface
CoReleaseMarshalData
CoUnmarshalInterface
ProgIDFromCLSID
CoUninitialize
CoInitialize
CLSIDFromString
CoCreateGuid
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
OleInitialize

oleaut32

VariantChangeType
OleCreateFontIndirect
VariantInit
VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
CreateErrorInfo
SetErrorInfo
SafeArrayDestroy
VariantCopy
SafeArrayCopy
BstrFromVector
VectorFromBstr
SafeArrayGetVartype
SafeArrayUnlock
LoadRegTypeLi
VariantClear
VarBstrCmp
VarBstrCat
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString

ws2_32

getaddrinfo
WSASetLastError
WSASocketW
WSAStartup
WSACreateEvent
WSASetEvent
WSAEventSelect
WSARecv
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSAConnect
WSAGetLastError
WSAEnumNetworkEvents
WSACloseEvent
WSACleanup
freeaddrinfo
closesocket

comctl32

ord17

Exports

Exports

??0HbPthMngr@@QAE@VCComBSTR@ATL@@@Z
??0XUrlFormat@@QAE@PAUIXMLDOMNode@MSXML2@@@Z
??0XUrlFormat@@QAE@XZ
??1HbPthMngr@@UAE@XZ
??1XUrlFormat@@UAE@XZ
?BstrFromClsid@PlatformUtils@@YA?AVCComBSTR@ATL@@ABU_GUID@@@Z
?ExtractParam@InstlrUtl@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@V23@0_N@Z
?GetAffltid@InstlrUtl@@YA?AVCComBSTR@ATL@@XZ
?GetBnnrid@InstlrUtl@@YA?AVCComBSTR@ATL@@XZ
?GetCheckBoxLastSnooze@InstlrUtl@@YAKXZ
?GetCid@InstlrUtl@@YA?AVCComBSTR@ATL@@XZ
?GetDesignId@InstlrUtl@@YA?AVCComBSTR@ATL@@XZ
?GetFrmtdDateTime@PlatformUtils@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@_J@Z
?GetGuruSysTime@PlatformUtils@@YA_JXZ
?GetIeUserAgent@UsrAgnt@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@_N@Z
?GetIid@InstlrUtl@@YA?AVCComBSTR@ATL@@XZ
?GetIndCid@InstlrUtl@@YA?AVCComBSTR@ATL@@XZ
?GetInstPartner@InstlrUtl@@YA?AVCComBSTR@ATL@@XZ
?GetInstllVrsn@UsrAgnt@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?GetMachineStorage@PlatformUtils@@YA?AV?$_com_ptr_t@V?$_com_IIID@UICsPersistStorage@@$1?_GUID_9fd12d23_738c_4564_8a9a_17a29b95513d@@3U__s_GUID@@B@@@@XZ
?GetMachineVariable@PlatformUtils@@YA?AVCComBSTR@ATL@@PA_W@Z
?GetParams@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetPath@HbPthMngr@@QAE?AVCComBSTR@ATL@@W4ePathID@1@@Z
?GetPath@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetRqstrid@InstlrUtl@@YA?AVCComBSTR@ATL@@XZ
?GetSampleGroup@InstlrUtl@@YA?AVCComBSTR@ATL@@PAUICsPersistStorage@@@Z
?GetServer@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetSnoozeDone@InstlrUtl@@YAKXZ
?GetSnoozeLast@InstlrUtl@@YAKXZ
?GetUid@InstlrUtl@@YA?AVCComBSTR@ATL@@XZ
?GetUrl@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetUrlWithoutFormat@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetUserCreateDate@InstlrUtl@@YA?AVCComBSTR@ATL@@XZ
?GetUserStorage@PlatformUtils@@YA?AV?$_com_ptr_t@V?$_com_IIID@UICsPersistStorage@@$1?_GUID_9fd12d23_738c_4564_8a9a_17a29b95513d@@3U__s_GUID@@B@@@@XZ
?GetUserVariable@PlatformUtils@@YA?AVCComBSTR@ATL@@PA_W@Z
?GetUsrInf@InstlrUtl@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@ABV23@PAUIGuru@@@Z
?GetVer@InstlrUtl@@YA?AVCComBSTR@ATL@@XZ
?IsNodeVerValid@PlatformUtils@@YA_NPAUIXMLDOMNode@MSXML2@@@Z
?LoadDecriptFile@PlatformUtils@@YAJAAVCComBSTR@ATL@@ABV23@_N@Z
?SetCheckBoxLastSnooze@InstlrUtl@@YAXK@Z
?SetGuru@XUrlFormat@@QAEXPAUIGuru@@@Z
?SetSnoozeDone@InstlrUtl@@YAXK@Z
?SetSnoozeLast@InstlrUtl@@YAXK@Z
?SetUrl@XUrlFormat@@QAEXPAUIXMLDOMNode@MSXML2@@@Z
?SetUrl@XUrlFormat@@QAEXPA_W@Z
?SetUserVariable@PlatformUtils@@YAJPA_W0@Z
?SetUsrInf@InstlrUtl@@YAXABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@0@Z
?getUsrAgnt@UsrAgnt@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@_N@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllSendIdsRequestAbort
DllSendIdsRequestAlreadyInstalled
DllSendIdsRequestCancel
DllSendIdsRequestInstalledOnVista
DllSendIdsRequestOk
DllSendUninstallReport
DllUnregisterServer

Sections

.text
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35710dd3f2da126a4b7a7b7fae83a2fa

Headers

File Characteristics

PDB Paths

Imports

iphlpapi

sensapi

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

comctl32

Exports

Exports

Sections

.text Size: 392KB - Virtual size: 392KB

.rdata Size: 122KB - Virtual size: 121KB

.data Size: 26KB - Virtual size: 35KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 392KB - Virtual size: 392KB

.rdata
Size: 122KB - Virtual size: 121KB

.data
Size: 26KB - Virtual size: 35KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 39KB - Virtual size: 39KB