3e25044d199d423d47c69b34b05e4a80_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e25044d199d423d47c69b34b05e4a80_JaffaCakes118
Size

250KB
MD5

3e25044d199d423d47c69b34b05e4a80
SHA1

03e1132bcbed25a6dcc4ef12a675eecd8c99be7f
SHA256

c5448aaf19d8b239557b9b6d30dfdce0c351c726a55f094204a9eecffc71946c
SHA512

5b2c9ab71820b0073366bc11598a7cf34adbab19b832dd11e07517ee2ee43fb48457423bbbb6d4f7c408f8ef8e799edcc5697041f6776d2aa502452a7bd47428
SSDEEP

6144:SEoLo0+YodgQx4edCEQjWNONnMSPKcY+KQ0CkkkkkkkkkkkFCkkkkkkkkkkkWCkq:TQv+xGjWNONnMavYskkkkkkkkkkkskkS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e25044d199d423d47c69b34b05e4a80_JaffaCakes118

Files

3e25044d199d423d47c69b34b05e4a80_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

99a6690758e1d6ccc6d17f261513c7c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Lesha\SearchToolbar\SVN2\Projects\IE\SearchToolbar\Release\SearchToolbar.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winhttp

WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen

kernel32

LoadLibraryW
SetLastError
OutputDebugStringA
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
MultiByteToWideChar
FlushInstructionCache
GetCurrentThreadId
SetThreadLocale
GetThreadLocale
LoadLibraryA
GetVersionExW
MulDiv
GetLocalTime
GetCurrentProcessId
lstrcmpW
CreateMutexW
CreateThread
HeapFree
GetProcessHeap
LCMapStringA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
WriteFile
HeapCreate
lstrcmpiW
GetTimeZoneInformation
WideCharToMultiByte
ExitProcess
Sleep
LCMapStringW
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
lstrlenW
GetCurrentProcess
CloseHandle
GetLastError
GetUserDefaultLangID
DisableThreadLibraryCalls
GetModuleFileNameW
GetStringTypeA
InterlockedDecrement
InterlockedIncrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStringTypeW

user32

FrameRect
IsWindowVisible
MapWindowPoints
ScreenToClient
PostMessageW
MonitorFromPoint
GetMonitorInfoW
DrawFrameControl
DrawTextW
SetMenuItemInfoW
GetMenuItemInfoW
ModifyMenuW
GetMenuItemID
MessageBeep
FillRect
GetWindowThreadProcessId
TrackPopupMenuEx
GetSysColor
PtInRect
GetSystemMetrics
InflateRect
EndPaint
BeginPaint
GetCapture
SystemParametersInfoW
DrawEdge
DrawFocusRect
AdjustWindowRectEx
GetDlgCtrlID
GetParent
GetSysColorBrush
WindowFromPoint
GetMessagePos
GetWindowDC
CharLowerW
RegisterWindowMessageW
SetRectEmpty
UnhookWindowsHookEx
CallNextHookEx
GetClassNameW
UnregisterClassA
SetWindowsHookExW
PeekMessageW
GetSubMenu
IsMenu
LoadMenuW
GetDesktopWindow
GetMenuItemCount
IsWindowEnabled
KillTimer
SetTimer
InvalidateRect
UpdateWindow
GetWindowRect
SetWindowPos
GetMenu
LoadIconW
DestroyIcon
LoadBitmapW
MoveWindow
GetDC
ReleaseDC
ReleaseCapture
SetCursor
SetCursorPos
SetFocus
SetCapture
RedrawWindow
ClientToScreen
GetWindowTextLengthW
GetWindowTextW
DestroyMenu
GetKeyState
TranslateMessage
DispatchMessageW
GetClientRect
CreateWindowExW
GetClassInfoExW
RegisterClassExW
LoadCursorW
ShowWindow
GetFocus
GetWindow
IsWindow
SendMessageW
GetDlgItem
CallWindowProcW
GetWindowLongW
SetWindowLongW
DefWindowProcW
CharNextW
DestroyWindow
GetActiveWindow
OffsetRect

gdi32

BitBlt
CreatePatternBrush
CreatePen
CreateBitmap
MoveToEx
Rectangle
PatBlt
CreateCompatibleBitmap
SetBkColor
SetBrushOrgEx
GetObjectW
SetTextColor
SetBkMode
CreateDIBSection
GetCurrentObject
DeleteDC
GetDeviceCaps
DPtoLP
SelectObject
DeleteObject
LineTo
CreateCompatibleDC
CreateFontIndirectW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleLoadFromStream
WriteClassStm
OleSaveToStream
StringFromCLSID

oleaut32

SysStringByteLen
SysFreeString
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantChangeType
SysAllocStringByteLen
VarUI4FromStr
VariantClear
SysAllocString
VariantInit

shlwapi

PathAppendW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99a6690758e1d6ccc6d17f261513c7c8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

winhttp

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 155KB - Virtual size: 155KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 9KB - Virtual size: 16KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 155KB - Virtual size: 155KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 9KB - Virtual size: 16KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 14KB - Virtual size: 13KB