3cb1a1f63cb5d883a08437ace68b58db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3cb1a1f63cb5d883a08437ace68b58db_JaffaCakes118
Size

604KB
MD5

3cb1a1f63cb5d883a08437ace68b58db
SHA1

a109d1b5eec2f1d68018e76d3b51755c06ad1f90
SHA256

b14236a10b213183ddc8a15baf858855580b8c116f5be748f1538c11aca9114a
SHA512

9a10f580b3b83539fed537dc3460b902a0beca9c5eb5d4bef83ec26fc8ec970fa39d0efc9568ce0220f7df0c2f9966bb06fa69de3369eb84fa0c2a9ac062a086
SSDEEP

12288:BLRmpQPtUzbEzOPJDxsK6HIGxcDTZoA5ClooZyFqX7nq3/8Wt:OImIK6HIGx6ZoA5eoqnq3UWt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cb1a1f63cb5d883a08437ace68b58db_JaffaCakes118

Files

3cb1a1f63cb5d883a08437ace68b58db_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

682777ae3d0c780657f4f6fa3b83aa9b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\100722_092313_build_Client_Build_PabstBlueRibbon_3.0.489.0\source\source_BrowserExtension\bin\ShopperReports_Release\mozillaps.pdb

Imports

pltfrm

??0XUrlFormat@@QAE@XZ
??1XUrlFormat@@UAE@XZ
?SetGuru@XUrlFormat@@QAEXPAUIGuru@@@Z
?GetServer@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetPath@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetParams@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetCid@InstlrUtl@@YA?AVCComBSTR@ATL@@XZ
?SetUrl@XUrlFormat@@QAEXPAUIXMLDOMNode@MSXML2@@@Z

kernel32

FormatMessageW
GetCurrentThreadId
SetLastError
WideCharToMultiByte
CloseHandle
CreateMutexW
WaitForSingleObject
ReleaseMutex
CreateEventW
SetEvent
ResetEvent
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCurrentProcessId
lstrcpynW
WaitForMultipleObjects
Sleep
CreateFileW
lstrlenA
GetVersionExW
LoadLibraryW
DeleteFileW
ResumeThread
TerminateThread
CreateThread
SetEndOfFile
SetFilePointer
FlushFileBuffers
ReadFile
WriteFile
GetTickCount
ReleaseSemaphore
CreateSemaphoreW
SetUnhandledExceptionFilter
VirtualQuery
IsBadWritePtr
GetCurrentThread
OutputDebugStringW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetDriveTypeA
GetProcessHeap
GetCurrentDirectoryA
CreateFileA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetFullPathNameW
GetCommandLineA
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapFree
InterlockedCompareExchange
lstrlenW
RaiseException
EnterCriticalSection
HeapAlloc
GetCurrentProcess
FlushInstructionCache
FindResourceExW
LockResource
GetThreadLocale
LeaveCriticalSection
SetThreadLocale
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
DeleteCriticalSection
InitializeCriticalSection

user32

LoadCursorW
DefWindowProcW
RegisterClassExW
KillTimer
SetTimer
SetWindowLongW
GetClassInfoExW
UnregisterClassA
CharNextW
DestroyWindow
CreateWindowExW
GetWindowLongW
CallWindowProcW
IsWindow
GetAncestor

gdi32

DeleteDC

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHCreateDirectoryExW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CLSIDFromProgID
CreateItemMoniker
GetRunningObjectTable
CoInitialize
CoUninitialize
CoCreateGuid
StringFromCLSID

oleaut32

VariantChangeType
LoadRegTypeLi
SysAllocStringLen
VarBstrCat
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysFreeString
VarBstrCmp

gdiplus

GdiplusShutdown

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 171KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

682777ae3d0c780657f4f6fa3b83aa9b

Headers

File Characteristics

PDB Paths

Imports

pltfrm

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

Exports

Exports

Sections

.text Size: 278KB - Virtual size: 277KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 18KB - Virtual size: 27KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 40KB - Virtual size: 39KB

.text Size: 171KB - Virtual size: 172KB

.text
Size: 278KB - Virtual size: 277KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 18KB - Virtual size: 27KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 40KB - Virtual size: 39KB

.text
Size: 171KB - Virtual size: 172KB