2dd7d67a49d294f907c8d92ddc314b08_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2dd7d67a49d294f907c8d92ddc314b08_JaffaCakes118
Size

328KB
MD5

2dd7d67a49d294f907c8d92ddc314b08
SHA1

ca097b420d7102599de2ea0558fc382cb153ab95
SHA256

2f4776faf950ded7840eab4c36f6bdde1dcf6b923ec8f8bc66cf5fab96c8078f
SHA512

c362363dcb7555e42bb920f724590065351946b535c8f81cdeeabee9938a2e16e5611221b964acaaee1273f4165dc16278f1c09d2c04f544a448f028d53c473d
SSDEEP

6144:z1Caq/7wj474eP3lN9gC26Wh5+fXlqIg2bT+Ib0kr:zA/73zP3XY6CshbyIbH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2dd7d67a49d294f907c8d92ddc314b08_JaffaCakes118

Files

2dd7d67a49d294f907c8d92ddc314b08_JaffaCakes118
.dll windows:4 windows x86 arch:x86

022e6a5329afd249141b76a6403de52a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

s:\sdcore\Toolbox\Plugins\ConfigToolboxPlugin\Release\hpqtbc01.pdb

Imports

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInterfaceRegKey
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA

kernel32

WritePrivateProfileStringA
SetFilePointer
FlushFileBuffers
GetCurrentProcess
ExitProcess
RtlUnwind
HeapAlloc
HeapFree
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
TerminateProcess
HeapSize
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetOEMCP
GetCPInfo
GlobalFlags
InterlockedIncrement
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
InterlockedDecrement
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
SetLastError
MulDiv
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
VirtualProtect
RaiseException
LocalFree
LocalAlloc
LoadLibraryA
FreeLibrary
GetTickCount
WriteFile
ReadFile
CreateFileA
DeviceIoControl
GetModuleFileNameA
GetCurrentProcessId
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
Sleep
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
LoadLibraryExA
CreateProcessA
CloseHandle
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapReAlloc

user32

EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
wsprintfA
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
RegisterWindowMessageA
WinHelpA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
PeekMessageA
MapWindowPoints
MessageBoxA
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
GetMenu
GetSysColor
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
EnableWindow
SendMessageA
IsWindowEnabled
GetDlgItem
GetParent
GetWindowLongA
PostMessageA
GetWindowRect
SetFocus
GetFocus
SetActiveWindow
GetActiveWindow
GetCapture
ShowWindow
SetWindowPos
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
CopyRect
PtInRect
GetWindow
GetWindowTextA
GetSysColorBrush
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
DestroyMenu
LoadCursorA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
SendDlgItemMessageA
IsDialogMessageA

gdi32

DeleteDC
GetStockObject
OffsetViewportOrgEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetTextColor
GetClipBox
GetDeviceCaps
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetObjectA
SetBkColor
SetViewportExtEx

winspool.drv

EndDocPrinter
ClosePrinter
GetPrinterDataA
OpenPrinterA
SetPrinterDataA
GetPrinterA
GetPrinterDriverA
EnumMonitorsA
EnumPrintersA
EnumPortsA
StartDocPrinterA
StartPagePrinter
WritePrinter
EndPagePrinter
DocumentPropertiesA

advapi32

RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegCloseKey
RegOpenKeyA
RegSetValueExA
RegCreateKeyA

comctl32

CreatePropertySheetPageA
ord17

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

??0Address@@QAE@ABV0@@Z
??0Address@@QAE@XZ
??0Snmp@@QAE@ABV0@@Z
??0SnmpSyntax@@QAE@ABV0@@Z
??0SnmpSyntax@@QAE@XZ
??0SnmpTarget@@QAE@ABV0@@Z
??0SnmpTarget@@QAE@XZ
??1Counter32@@UAE@XZ
??1SnmpSyntax@@UAE@XZ
??4Address@@QAEAAV0@AAV0@@Z
??4Snmp@@QAEAAV0@ABV0@@Z
??4SnmpSyntax@@UAEAAV0@AAV0@@Z
??4SnmpTarget@@QAEAAV0@ABV0@@Z
??_7Address@@6B@
??_7Snmp@@6B@
??_7SnmpSyntax@@6B@
??_7SnmpTarget@@6B@
?hashFunction@Address@@UBEIXZ
InitializeConfigPagePlugin
TerminateConfigPagePlugin

Sections

.text
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

022e6a5329afd249141b76a6403de52a

Headers

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 154KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 20KB - Virtual size: 18KB

.reloc Size: 24KB - Virtual size: 22KB

.text Size: 76KB - Virtual size: 76KB

.text
Size: 156KB - Virtual size: 154KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 20KB - Virtual size: 18KB

.reloc
Size: 24KB - Virtual size: 22KB

.text
Size: 76KB - Virtual size: 76KB