44cc564406e7a48ef367957c8fda5f95_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44cc564406e7a48ef367957c8fda5f95_JaffaCakes118
Size

828KB
MD5

44cc564406e7a48ef367957c8fda5f95
SHA1

308ba2bc7ee0cbd46a8527fd11cdb161be436c39
SHA256

dbeb33bb8e4b120c5070886fafc1c59511c77cebdfb2597ae5f5d5d7bf6e65e6
SHA512

4eb7fbb297d7ba51ae60db550c39609fd08aca9dd8104083a99a8c25b33d30d64f940ba5cacd727d9886865212c846943277a98dad5e1c51bc01f103c1b79f47
SSDEEP

24576:eAKPW417GhyzQVW5/2RWB34iufouEOdshT0Po1MZhO:ejW4BGhy0g5ORc3FufouBdshwPo1MZk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44cc564406e7a48ef367957c8fda5f95_JaffaCakes118

Files

44cc564406e7a48ef367957c8fda5f95_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

233e35694b2ae9c59880f1925af98d2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\dvlp\Vs7.2003\Client\Hb4.0\4.0\HbToolbar\ReleaseMinDependency\HbToolbar.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

comctl32

ord17

kernel32

SetLastError
WriteFile
SetFilePointer
ReadFile
GetFileSize
GetCurrentProcessId
CreateSemaphoreA
WaitForMultipleObjects
ReleaseSemaphore
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
ResumeThread
SetThreadPriority
TerminateThread
CreateThread
MoveFileA
GetSystemTime
TlsSetValue
TlsGetValue
OutputDebugStringA
FindClose
FindNextFileA
FindFirstFileA
SetFileTime
FileTimeToSystemTime
GetFileTime
TlsAlloc
SetUnhandledExceptionFilter
VirtualQuery
IsBadWritePtr
CreateEventA
GetProcAddress
LoadLibraryA
CreateDirectoryA
ReleaseMutex
CreateMutexA
GetUserDefaultLangID
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
QueryPerformanceCounter
UnhandledExceptionFilter
WaitForSingleObject
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
HeapSize
TlsFree
TerminateProcess
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetLocalTime
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
GetSystemInfo
VirtualAlloc
VirtualProtect
LocalFree
CreateFileA
CloseHandle
SetEvent
GetTickCount
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
HeapAlloc
FormatMessageA
LocalAlloc
GetModuleHandleA
MulDiv
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
lstrcatA
GetModuleFileNameA
lstrcpyA
lstrcpynA
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
lstrcmpiA
lstrlenA
GetProcessHeap
HeapFree
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
DeleteFileA
lstrcmpA
GetEnvironmentStringsW
ResetEvent
SetEndOfFile
GetCurrentThread

user32

LoadImageA
LoadStringA
SetPropA
MsgWaitForMultipleObjects
PostThreadMessageA
PeekMessageA
CharLowerBuffA
GetCursorPos
SetForegroundWindow
EnumChildWindows
LoadBitmapA
CreateAcceleratorTableA
RemovePropA
CharNextA
UnregisterClassA
DestroyWindow
PtInRect
UnionRect
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
ReleaseDC
GetDC
SetWindowLongA
DefWindowProcA
GetWindowLongA
CallWindowProcA
GetKeyState
IsWindow
InvalidateRect
ShowWindow
SetFocus
IsChild
GetFocus
GetParent
wsprintfA
GetClassNameA
DestroyAcceleratorTable
InvalidateRgn
RegisterWindowMessageA
GetWindowTextLengthA
SetWindowTextA
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetMessageA
SetParent
GetWindowTextA
ShowWindowAsync
PostQuitMessage
SetCursor
GetSystemMetrics
GetWindowRgn
ReleaseCapture
GetDesktopWindow
SetCapture
GetPropA
GetDlgItem
GetTopWindow
RedrawWindow
GetSysColorBrush
GetWindowThreadProcessId
ReplyMessage
SendMessageTimeoutA
GetForegroundWindow
UnhookWindowsHookEx
IsWindowVisible
MessageBoxA
GetWindowRect
GetWindow
ClientToScreen
SetTimer
SendMessageA
KillTimer
PostMessageA
LoadAcceleratorsA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetSysColor
FillRect
MoveWindow
RegisterClassExA
GetClassInfoExA
LoadCursorA
CreateWindowExA
BeginPaint
GetClientRect
EndPaint
DrawTextA

gdi32

SetStretchBltMode
StretchBlt
CreatePatternBrush
FrameRgn
FillRgn
LineTo
MoveToEx
GetObjectA
CreateRectRgnIndirect
RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
GetDeviceCaps
CreateDCA
DeleteObject
BitBlt
SetTextColor
SetBkColor
CreateBitmap
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
RealizePalette
SelectPalette
Polyline
CreatePen
TextOutA
SetBkMode
CreateSolidBrush
GetTextExtentPoint32A
CreateFontIndirectA
CombineRgn
CreateRoundRectRgn
CreatePolygonRgn
PtInRegion
CreateRectRgn
GetStockObject

advapi32

RegDeleteKeyA
RegEnumKeyA
RegEnumValueA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

ole32

OleUninitialize
OleInitialize
CreateStreamOnHGlobal
OleRun
CoInitialize
CoUninitialize
OleSaveToStream
WriteClassStm
OleLockRunning
CreateOleAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
CoCreateGuid
OleLoadFromStream

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SysStringLen
VariantInit
VariantClear
SysStringByteLen
VariantChangeType
SysAllocStringByteLen
OleCreatePropertyFrame
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantCopy
DispCallFunc
SafeArrayGetLBound
SysAllocStringLen
OleCreateFontIndirect
VarBstrCat
SafeArrayCopy
SafeArrayDestroy
SafeArrayPutElement
GetErrorInfo

shlwapi

PathFindExtensionA
StrRChrA
StrToIntA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 556KB - Virtual size: 554KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

233e35694b2ae9c59880f1925af98d2f

Headers

File Characteristics

PDB Paths

Imports

version

comctl32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 556KB - Virtual size: 554KB

.rdata Size: 156KB - Virtual size: 152KB

.data Size: 12KB - Virtual size: 21KB

.rsrc Size: 40KB - Virtual size: 39KB

.reloc Size: 60KB - Virtual size: 56KB

.text
Size: 556KB - Virtual size: 554KB

.rdata
Size: 156KB - Virtual size: 152KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 40KB - Virtual size: 39KB

.reloc
Size: 60KB - Virtual size: 56KB