3be714bf185f714fe7705a47c5099d01_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3be714bf185f714fe7705a47c5099d01_JaffaCakes118
Size

1.3MB
MD5

3be714bf185f714fe7705a47c5099d01
SHA1

37191cf072959d5402012da1ef07b07c3c7e3fe5
SHA256

2db3824f0fdfc6cd9fe8498aa4d894a161058accbdb659465426ef29ae634af6
SHA512

5dce4051027a6dbc196cb176a1e2cc0c4ed6cb06ff87831b1b457dae0d54e8a29316952ad6f75a4c86c9ec371ca035a342db7ed0e0404974a64f9e2c324ba8a1
SSDEEP

24576:/VB5fy+qeb0bbbybbbDbnbvb0b0bbyd7m/F5://c+qeb0bbbybbbDbnbvb0b0bbyd7E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3be714bf185f714fe7705a47c5099d01_JaffaCakes118

Files

3be714bf185f714fe7705a47c5099d01_JaffaCakes118
.dll windows:6 windows x86 arch:x86

40040dd61c1e752dca0d1e6d02a79ca9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ActiveContentWizard.pdb

Imports

secur32

GetUserNameExW

wintrust

CryptCATEnumerateMember
CryptCATOpen
WinVerifyTrust
CryptCATClose
CryptCATAdminCalcHashFromFileHandle

kernel32

OpenProcess
HeapFree
GetProcessHeap
HeapAlloc
WideCharToMultiByte
MulDiv
WaitForSingleObject
SetEvent
CreateEventW
CreateMutexW
GetCurrentThreadId
WaitForMultipleObjects
GlobalDeleteAtom
Beep
GlobalAddAtomW
GetVersionExA
lstrcmpW
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
Sleep
GetTickCount
MultiByteToWideChar
ResetEvent
GetCurrentProcessId
TerminateProcess
SetThreadPriority
GetCurrentThread
ResumeThread
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetExitCodeThread
CreateThread
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapReAlloc
HeapSize
VirtualFree
VirtualAlloc
GetCommandLineA
ExitThread
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo
VirtualQuery
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
SearchPathW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
EnumResourceNamesW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileA
FlushFileBuffers
OutputDebugStringW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CreateActCtxW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
UnmapViewOfFile
GetVersionExW
CreateFileMappingW
MapViewOfFile
DelayLoadFailureHook
LoadLibraryExW
OutputDebugStringA
GetModuleFileNameW
LoadLibraryW
GetVersion
GetFileAttributesW
GetModuleHandleW
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedExchangeAdd
SetLastError
GetCurrentProcess
FlushInstructionCache
RaiseException
lstrlenW
InterlockedExchange
CompareStringW
LoadLibraryA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
InterlockedDecrement
ExpandEnvironmentStringsW
CreateFileW
WriteFile
InterlockedIncrement
CloseHandle
GetLastError
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
TlsFree

user32

BlockInput
WaitForInputIdle
CloseDesktop
OpenInputDesktop
UnhookWinEvent
DispatchMessageW
TranslateMessage
GetMessageW
SetWinEventHook
PostThreadMessageW
SwitchToThisWindow
PtInRect
GetDoubleClickTime
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
GetKeyboardState
GetKeyState
UnregisterClassA
GetClassLongW
GetWindowRgn
GetProcessDefaultLayout
IsDialogMessageW
MsgWaitForMultipleObjectsEx
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
CreateWindowExW
ShowWindow
SetWindowLongW
GetWindowLongW
SendMessageTimeoutW
EnumThreadWindows
EnumWindows
GetWindowPlacement
SetWindowPlacement
MapVirtualKeyW
SendInput
MonitorFromRect
GetScrollRange
GetScrollPos
SetScrollPos
ClientToScreen
ScreenToClient
IsRectEmpty
GetAsyncKeyState
LogicalToPhysicalPoint
GetGUIThreadInfo
GetClassNameW
FindWindowW
GetAncestor
GetSysColor
InflateRect
UpdateLayeredWindow
DestroyIcon
LoadImageW
DrawIconEx
RegisterClassExW
InvalidateRect
LoadIconW
SetForegroundWindow
LoadCursorW
RegisterHotKey
SetLayeredWindowAttributes
SetWindowRgn
BeginDeferWindowPos
EndDeferWindowPos
UnregisterHotKey
GetWindowInfo
OffsetRect
IntersectRect
SetWindowTextW
FillRect
DrawEdge
GetSysColorBrush
IsWindowEnabled
GetFocus
FlashWindowEx
MessageBeep
EqualRect
CreateDialogIndirectParamW
IsWindow
DestroyWindow
CallWindowProcW
DefWindowProcW
EnableWindow
SetParent
MoveWindow
SendMessageW
GetClassInfoExW
LoadStringW
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemCount
DestroyMenu
LoadMenuW
GetDC
ReleaseDC
GetWindowTextW
GetSystemMetrics
LoadBitmapW
CopyRect
DrawTextW
SystemParametersInfoW
SetTimer
PeekMessageW
GetWindowThreadProcessId
RegisterWindowMessageW
PostMessageW
KillTimer
UnregisterClassW
RegisterClassW
RedrawWindow
IsWindowVisible
UpdateWindow
EndPaint
BeginPaint
MapWindowPoints
GetClientRect
GetWindowRect
DeferWindowPos
GetDesktopWindow
GetWindow
SetWindowPos
GetForegroundWindow
PostQuitMessage

ole32

CreateStreamOnHGlobal
CoGetInterfaceAndReleaseStream
CoInitializeEx
CoUninitialize
StringFromGUID2
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoMarshalInterThreadInterfaceInStream

oleacc

AccessibleObjectFromEvent
AccessibleObjectFromWindow
AccessibleChildren
AccessibleObjectFromPoint
WindowFromAccessibleObject

oleaut32

VarBstrCmp
VarCmp
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
SysFreeString
SysStringLen
SysAllocStringLen
VariantChangeType
VariantInit

gdi32

CreateRectRgn
RectInRegion
OffsetRgn
EqualRgn
SetBkColor
CreateRoundRectRgn
GetLayout
SetLayout
CombineRgn
GetRgnBox
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
SelectObject
DeleteDC
BitBlt
DeleteObject
GetTextExtentPoint32W
SetTextColor
GetTextMetricsW
GetObjectW
GetDeviceCaps
GetStockObject
SetBkMode
GetRandomRgn
GetRegionData
CreateRectRgnIndirect
PtInRegion

gdiplus

GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateMatrix
GdipTranslateMatrix
GdipScaleMatrix
GdipRotateMatrix
GdipDrawRectangleI
GdipDeleteMatrix
GdipDrawImagePointsI
GdipCreatePen1
GdipDeletePen
GdipAlloc
GdipFree
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusStartup
GdipCreateBitmapFromGraphics
GdipDrawImageRectRectI
GdipCloneImage
GdipCreateMatrix2
GdipSetPenWidth
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetWorldTransform
GdipTransformMatrixPointsI
GdipGetImageWidth
GdipDisposeImage

psapi

GetModuleBaseNameW
EnumProcessModules
GetProcessImageFileNameW
GetModuleFileNameExW

advapi32

RegisterTraceGuidsW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
TraceEvent
RegOpenKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegCloseKey
RegQueryValueExW

shlwapi

PathGetArgsW
ord29
PathRemoveExtensionW
StrCmpNW
PathRemoveFileSpecW
PathAppendW
ord2
PathStripPathW
SHCreateStreamOnFileW
PathFileExistsW
PathIsFileSpecW
PathFindFileNameW
ord215

shell32

SHGetFolderPathW
ShellExecuteExW
SHAppBarMessage
ord165
SHGetSpecialFolderPathW

uxtheme

OpenThemeData
GetThemeFont
GetThemeColor
GetThemeBackgroundContentRect
GetThemeTextExtent
GetThemeBackgroundExtent
GetWindowTheme
GetThemePartSize
CloseThemeData

winmm

timeGetTime

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

AcwInit
AcwUninit
CreateFactory
DllMain

Sections

.text
Size: 405KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 918KB - Virtual size: 918KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40040dd61c1e752dca0d1e6d02a79ca9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

secur32

wintrust

kernel32

user32

ole32

oleacc

oleaut32

gdi32

gdiplus

psapi

advapi32

shlwapi

shell32

uxtheme

winmm

dbghelp

version

Exports

Exports

Sections

.text Size: 405KB - Virtual size: 404KB

.data Size: 19KB - Virtual size: 28KB

.rsrc Size: 918KB - Virtual size: 918KB

.reloc Size: 29KB - Virtual size: 28KB

.text
Size: 405KB - Virtual size: 404KB

.data
Size: 19KB - Virtual size: 28KB

.rsrc
Size: 918KB - Virtual size: 918KB

.reloc
Size: 29KB - Virtual size: 28KB