476e8b643b71afaa821083309bf31b5a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

476e8b643b71afaa821083309bf31b5a_JaffaCakes118
Size

700KB
MD5

476e8b643b71afaa821083309bf31b5a
SHA1

76ee2bced0ad60e2bf71a2b190a755e1f3310c25
SHA256

c0ccdcffd934b88a6aadc8dfb4009c134d74928d2c52ac79aecf79faadb9e8aa
SHA512

fab0dd67bdecaac1a8340f85e05a7c42e29b51094f0f2ca1fea58605d10c95b3eda0461a6b7f3851baa71ba35f2c7ccb79017d88f741a4799e77a60c2648e6d9
SSDEEP

6144:d9i8V9Vm5+uZKFPLkatiighzcWRHo8PR8E+3yqzhjpxKqRq3eBri:dYNZKRLkr9cWRHo8SE+3rzV2Om

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
476e8b643b71afaa821083309bf31b5a_JaffaCakes118

Files

476e8b643b71afaa821083309bf31b5a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

568b2e00513d3148fd83311e77b47ada

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\bwa\QuickTimeWin-493.21\srcroot\BuildResults\NoSym\QTOControl.pdb

Imports

wininet

InternetCombineUrlA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

winmm

timeGetTime

kernel32

lstrlenA
GetLastError
HeapFree
GetVersion
lstrcmpiA
lstrcmpiW
FreeResource
LockResource
LoadResource
FindResourceA
GlobalAlloc
MulDiv
CompareStringA
CompareStringW
lstrcpyA
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
GetCurrentDirectoryA
SetLastError
GlobalUnlock
GlobalLock
lstrcmpA
GetModuleFileNameA
GlobalFree
GlobalHandle
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
Sleep
WaitForSingleObjectEx
CreateMutexA
ReleaseMutex
FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
lstrcpynA
lstrcatA
IsDBCSLeadByte
SizeofResource
LoadLibraryExA
OpenFile
GetCurrentProcessId
SleepEx
GetProcessHeap
UnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
HeapSize
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
FatalAppExitA
ExitProcess
GetCommandLineA
GetFileAttributesW
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
RtlUnwind
GetFileAttributesA
CreateThread
ExitThread
LocalFree
HeapAlloc
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
CreateProcessA
CreateEventA
SetThreadPriority
GetCurrentThread
GetCurrentThreadId
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetOEMCP
GetCPInfo
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
QueryPerformanceCounter
GetLocaleInfoA
GetTickCount
GetSystemTimeAsFileTime
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
GetACP
InterlockedExchange
SetFilePointer
SetConsoleCtrlHandler
GetTimeZoneInformation
SetStdHandle
GetLocaleInfoW
FlushFileBuffers
SetEnvironmentVariableA
LCMapStringA
IsValidLocale
IsValidCodePage
LCMapStringW

user32

TranslateMessage
DispatchMessageA
SetPropA
RemovePropA
DialogBoxParamA
EnumWindows
GetWindowThreadProcessId
GetPropA
WinHelpA
GetDialogBaseUnits
IsDialogMessageA
EqualRect
OffsetRect
SetWindowRgn
UnionRect
PtInRect
GetMessagePos
GetMessageTime
ScreenToClient
SetParent
MoveWindow
FrameRect
RegisterClassA
SetTimer
GetSystemMetrics
MonitorFromWindow
IntersectRect
EnumDisplayMonitors
PeekMessageA
KillTimer
PostMessageA
SetWindowContextHelpId
GetMessageA
SetWindowTextA
RegisterClassExA
GetClassInfoExA
LoadCursorA
wsprintfA
CreateWindowExA
CreateAcceleratorTableA
CharNextA
GetClassNameA
RedrawWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
GetDesktopWindow
InvalidateRgn
FillRect
GetSysColor
EndDialog
GetFocus
IsChild
SendMessageA
ReleaseCapture
DefWindowProcA
ShowWindow
DestroyWindow
GetDC
ReleaseDC
SetCapture
InvalidateRect
GetKeyState
RegisterWindowMessageA
DialogBoxIndirectParamA
CharUpperW
CharUpperA
CharLowerW
CharLowerA
CreateDialogParamA
LoadStringA
GetWindowTextLengthA
GetWindowTextA
GetActiveWindow
SetFocus
IsWindow
GetDlgItem
SendDlgItemMessageA
SetWindowLongA
SetRect
DrawEdge
LoadBitmapA
UnregisterClassA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
SetDlgItemTextA
GetWindowLongA
MapDialogRect

gdi32

CreateFontIndirectA
GetTextMetricsA
GetTextExtentPointA
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
DeleteObject
GetObjectA
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
GetDeviceCaps
CreateSolidBrush
CreateCompatibleBitmap
GetStockObject
TextOutA
SetTextAlign
CreateRectRgnIndirect

comdlg32

GetOpenFileNameA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA

ole32

OleUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoTaskMemRealloc
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
ProgIDFromCLSID
CoTaskMemFree
CoCreateInstance
OleRegGetUserType
OleRegEnumVerbs
CreateDataAdviseHolder
OleRegGetMiscStatus
CreateOleAdviseHolder
OleLoadFromStream
WriteClassStm
OleSaveToStream
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString
VarBstrCat
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VarBstrCmp
VariantInit
VariantClear
VariantChangeType
SetErrorInfo
CreateErrorInfo
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
OleTranslateColor
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
OleCreatePropertyFrame
GetErrorInfo

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 448KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

568b2e00513d3148fd83311e77b47ada

Headers

File Characteristics

PDB Paths

Imports

wininet

version

winmm

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 448KB - Virtual size: 444KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 152KB - Virtual size: 150KB

.reloc Size: 36KB - Virtual size: 35KB

.text Size: 108KB - Virtual size: 108KB

.text
Size: 448KB - Virtual size: 444KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 152KB - Virtual size: 150KB

.reloc
Size: 36KB - Virtual size: 35KB

.text
Size: 108KB - Virtual size: 108KB