5d66b083763e0e1f15410992c9403b44_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5d66b083763e0e1f15410992c9403b44_JaffaCakes118
Size

322KB
MD5

5d66b083763e0e1f15410992c9403b44
SHA1

8cb5b65242a04ba8a62f7cf8f06ca2f9a9dd2191
SHA256

9b59f24ae84ae960572f57d5f387458694616e3d1ef38803db7c0bc1b533b32c
SHA512

694829c66830fcae4912f7190e0e6923851ec077641c1fc683e855df350bea5729748dcd27f7118ff76088b1142aa1ea515fd2ae83c04e9ed67f44fd87973e30
SSDEEP

6144:ntAdR/24/tMAKby0aBXjjYZ09pjzGkDyLnW79yE:tA//2Etuby/Wyhrj9y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d66b083763e0e1f15410992c9403b44_JaffaCakes118

Files

5d66b083763e0e1f15410992c9403b44_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

c451bab60b2a196596fa607ae9e78a80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ieaksie.pdb

Imports

msvcrt

_wcsnicmp
wcsrchr
memcpy
??3@YAXPAX@Z
_wcsicmp
_vsnwprintf
memset
??2@YAPAXI@Z
wcsncmp
??1type_info@@UAE@XZ
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
_CxxThrowException
bsearch
qsort
_errno

urlmon

ord108

kernel32

LoadLibraryA
GetProcAddress
LocalFree
lstrcmpW
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationW
lstrlenA
InterlockedExchange
Sleep
InterlockedCompareExchange
OutputDebugStringA
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
UnmapViewOfFile
GetLocaleInfoW
CreateFileMappingW
MapViewOfFile
FindResourceExW
LoadResource
SetLastError
CopyFileW
CreateFileW
GetPrivateProfileStringW
CompareStringW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
DisableThreadLibraryCalls
InitializeCriticalSection
GetTempPathW
DeleteCriticalSection
GetVersionExW
GetModuleFileNameW
LocalAlloc
GetWindowsDirectoryW
lstrlenW
DeleteFileW
WritePrivateProfileStringW
CreateMutexW
GetLastError
CloseHandle
InterlockedIncrement
InterlockedDecrement
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindResourceW
SearchPathW
MultiByteToWideChar
GetPrivateProfileSectionW
GetFileAttributesW
IsDBCSLeadByte
FindClose
FindNextFileW
FindFirstFileW
CreateDirectoryW
WriteFile
WideCharToMultiByte
ReadFile
GetFileSize
GetExitCodeProcess
GetPrivateProfileStringA
LocalReAlloc
FreeLibrary
SetFileAttributesW
CreateProcessW

user32

EnumChildWindows
CharNextW
FindWindowExW
GetDC
ReleaseDC
GetSysColor
DestroyWindow
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
PeekMessageW
SystemParametersInfoA
KillTimer
SetTimer
GetWindowRect
MapWindowPoints
GetSystemMetrics
LoadCursorW
SetCursor
CheckRadioButton
GetParent
CheckDlgButton
GetWindowLongW
IsDlgButtonChecked
SetWindowLongW
SetWindowTextW
PostMessageW
SendMessageW
EndDialog
SetFocus
ShowWindow
EnableWindow
GetDlgItem
IsWindowEnabled
MessageBoxW
GetDlgItemTextW
SetDlgItemTextW
GetFocus
GetWindowThreadProcessId
LoadBitmapW
DestroyIcon
LoadImageW
LoadIconW
SendDlgItemMessageW
RegisterClipboardFormatW
DialogBoxParamW
LoadStringW

gdi32

DeleteObject
GetStockObject
GetObjectW
CreateFontIndirectW
GetDeviceCaps
GetTextMetricsW

advapi32

RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW

shlwapi

ord487
StrCmpIW
PathGetDriveNumberW
PathGetCharTypeW
SHDeleteKeyW
StrChrW
PathSkipRootW
PathIsRootW
PathIsUNCServerW
StrPBrkW
StrCSpnW
StrCmpNIW
StrSpnW
ord215
PathFindExtensionW
StrRStrIW
SHQueryValueExW
StrCmpW
StrToIntW
StrStrW
StrRChrW
wnsprintfW
PathIsURLW
SHSetValueW
PathIsDirectoryEmptyW
SHGetValueW
StrStrIW
PathCombineW
SHDeleteValueW
PathRemoveFileSpecW
PathFindNextComponentW
PathFindFileNameW
PathAddBackslashW
PathAppendW
PathFileExistsW
ord346
ord217

shell32

ExtractIconExA
ExtractIconExW
ExtractAssociatedIconW

comctl32

ImageList_GetImageCount
ImageList_Create
ImageList_ReplaceIcon
PropertySheetW
ImageList_AddMasked
ImageList_Destroy
CreatePropertySheetPageW
ord8
ImageList_Add
InitCommonControlsEx

comdlg32

GetSaveFileNameW

ole32

CoGetMalloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal
StringFromGUID2

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SysAllocStringByteLen
SysStringLen
VariantClear
VariantChangeType
VariantInit
SysAllocString
SysFreeString

imm32

ImmAssociateContext

cryptui

CryptUIWizDigitalSign

ieakeng

ImportFavorites
ImportQuickLinks
ExportFavorites
ExportQuickLinks
MigrateToOldFavorites
ShowInetcpl
ImportPrograms
BToolbar_Remove
GetAdmFileList
GenerateNewVersionStr
GetBaseFileName
SetOrClearVersionInfo
CheckField
BrowseForFile
ModifyRatings
ProcessFavSelChange
GetFavoritesInfoTip
MigrateFavorites
ImportFavoritesCmd
TestURL
GetFavoriteUrl
DeleteFavorite
ModifyFavorite
NewFolder
NewUrl
ErrorMessageBox
GetFavoritesMaxNumber
GetFavoritesNumber
GetURLLinkType
MoveDownFavorite
MoveUpFavorite
SetProxyDlg
ImportConnectSet
GetProxyDlg
DisplayADMItem
SelectADMItem
DestroyADMWindow
DeleteADMItems
AddADMItem
CreateADMWindow
CopyAnimBmp
CopyLogoBmp
IsAnimBitmapFileValid
ImportRatings
ImportZones
ModifyZones
IsBitmapFileValid
ImportAuthCode
ModifyAuthCode

advpack

DelNodeW

mlang

ord112
ord113

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c451bab60b2a196596fa607ae9e78a80

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

urlmon

kernel32

user32

gdi32

advapi32

shlwapi

shell32

comctl32

comdlg32

ole32

oleaut32

imm32

cryptui

ieakeng

advpack

mlang

Exports

Exports

Sections

.text Size: 149KB - Virtual size: 148KB

.data Size: 5KB - Virtual size: 18KB

.rsrc Size: 158KB - Virtual size: 157KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 149KB - Virtual size: 148KB

.data
Size: 5KB - Virtual size: 18KB

.rsrc
Size: 158KB - Virtual size: 157KB

.reloc
Size: 8KB - Virtual size: 8KB