6a0fa9560cddad37d3a2746e3ebd0173_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a0fa9560cddad37d3a2746e3ebd0173_JaffaCakes118
Size

343KB
MD5

6a0fa9560cddad37d3a2746e3ebd0173
SHA1

0518d2787845ecdce62ed993a10e6c1df1e8ca25
SHA256

d8180b7e5c4436af6436d1ef93675cbb68457f73faa44ef7d396fd11551bd4ee
SHA512

f45fc5c061a39e71e489051484c284c7e884e2885d9c405e14d689fbea6c67e7a5529df642ee0fbbfbc6fc6c43d76bac215c41aab7176a6bf8739deddb754760
SSDEEP

3072:RmEX3xvlS/0mYk2pNDI59CQnAG5vSGqjTopdZNQaIKb6BwX+WCp96mIToX+km3is:8iJxlxELPIU2p9/IW0Od9Ogj4Ug

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a0fa9560cddad37d3a2746e3ebd0173_JaffaCakes118

Files

6a0fa9560cddad37d3a2746e3ebd0173_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

83b9e0d3a307f1038857f2ebaa372404

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\savxp\build\symbols\Release\DesktopMessaging.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

FindClose
FindFirstFileW
InterlockedExchange
GlobalFree
DeleteFileW
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
LocalAlloc
GetSystemTimeAsFileTime
LockResource
LoadLibraryW
OutputDebugStringA
LoadResource
HeapFree
CloseHandle
GetProcessHeap
FindResourceExW
GetModuleFileNameW
EnterCriticalSection
GetUserDefaultLangID
DeleteCriticalSection
LeaveCriticalSection
CreateThread
WaitForSingleObject
TerminateThread
GetProcAddress
GetVersion
FormatMessageW
OpenEventW
InterlockedIncrement
GetFileAttributesW
InitializeCriticalSection
Sleep
InterlockedDecrement
FatalAppExitW
SetLastError
GetModuleHandleA
lstrlenW
CreateEventW
GetModuleHandleW
SetEvent
MultiByteToWideChar
FindResourceW
GetLastError
WaitForMultipleObjects
RaiseException
SizeofResource
LocalFree
HeapAlloc
MulDiv
GetCurrentProcess
FlushInstructionCache
DuplicateHandle
GetTickCount
CreateProcessW
ResetEvent
GetExitCodeThread
FreeLibrary
LoadLibraryExW
LoadLibraryA
lstrcpyW
GetVersionExW
lstrcpynW
GlobalUnlock
GetCurrentThreadId
GlobalAlloc
WideCharToMultiByte
lstrcmpiW
GlobalLock

user32

GetClassInfoExW
RegisterClassExW
LoadCursorW
ClientToScreen
GetDesktopWindow
IntersectRect
DrawFrameControl
GetScrollPos
GetMonitorInfoW
MonitorFromPoint
EnableMenuItem
UnregisterClassA
LoadBitmapW
DestroyCursor
IsWindowVisible
SetWindowsHookExW
GetSystemMenu
DestroyMenu
GetTopWindow
GetWindowPlacement
SetForegroundWindow
GetFocus
GetWindowDC
GetTabbedTextExtentW
IsWindowEnabled
SetWindowPlacement
GetDlgCtrlID
GetSystemMetrics
GetKeyState
EndDialog
DialogBoxParamW
GetCapture
ScreenToClient
LoadImageW
RedrawWindow
IsRectEmpty
GetNextDlgTabItem
OffsetRect
DrawTextW
MessageBoxW
IsCharAlphaNumericW
OpenClipboard
SetWindowPos
CopyRect
UnhookWindowsHookEx
DrawIconEx
CreateDialogParamW
SetCapture
ReleaseDC
EmptyClipboard
GetActiveWindow
CallNextHookEx
SetClipboardData
PtInRect
SetDlgItemTextW
CloseClipboard
MapDialogRect
ReleaseCapture
SetRectEmpty
GetCursorPos
InvalidateRect
InflateRect
GetDlgItem
TabbedTextOutW
MoveWindow
GetWindowTextLengthW
PostMessageW
SetFocus
GetWindowTextW
DestroyIcon
SetCursor
DrawStateW
DrawFocusRect
MsgWaitForMultipleObjects
GetMessageW
GetSysColor
DispatchMessageW
TranslateMessage
GetClassNameW
PeekMessageW
CreateWindowExW
CopyIcon
GetWindowLongW
SystemParametersInfoW
SetWindowTextW
SetSystemCursor
EndPaint
SendMessageW
SetWindowLongW
DestroyWindow
BeginPaint
DefWindowProcW
KillTimer
PostQuitMessage
IsWindow
SetTimer
ShowWindow
GetWindow
GetParent
GetWindowRect
GetClientRect
MapWindowPoints
CallWindowProcW
GetDC

gdi32

SetROP2
GetTextExtentPoint32W
RoundRect
GetTextMetricsW
SetBkColor
SetTextColor
CombineRgn
CreateRectRgnIndirect
SetTextAlign
TextOutW
SelectClipRgn
CreatePen
GetClipRgn
GetObjectW
CreateCompatibleDC
DeleteObject
GetStockObject
SetBkMode
DeleteDC
GetDeviceCaps
CreateFontIndirectW
BitBlt
SelectObject
ExtTextOutW
CreateCompatibleBitmap
CreateSolidBrush
Polygon
ExtCreatePen
GetTextExtentExPointW
GetObjectType
GetBkColor
SetViewportOrgEx
MoveToEx
LineTo
CreateRectRgn
PtInRegion

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegSetValueExW
RegCloseKey

shell32

ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
CoDisconnectObject
CoGetInterfaceAndReleaseStream
CreateStreamOnHGlobal
CoMarshalInterThreadInterfaceInStream
CoInitializeEx

oleaut32

VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysAllocString
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysFreeString
DispCallFunc

atl80

ord43
ord44
ord30
ord32
ord58
ord31
ord23
ord48
ord40
ord47
ord11
ord10
ord49
ord22
ord18
ord15
ord64
ord42
ord61

shlwapi

StrRStrIW
StrChrW
PathCompactPathW
ColorAdjustLuma

msimg32

GradientFill

msvcp80

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

??3@YAXPAX@Z
swprintf_s
??0exception@std@@QAE@ABV01@@Z
iswspace
malloc
wcsstr
memcpy_s
memmove_s
?what@exception@std@@UBEPBDXZ
calloc
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
wcsncmp
_purecall
wcschr
??0exception@std@@QAE@ABQBD@Z
_wcsnicmp
_wcslwr_s
memcpy
wcstol
iswdigit
free
_vscwprintf
??2@YAPAXI@Z
_recalloc
vswprintf_s
??_V@YAXPAX@Z
_wcsicmp
swscanf_s
wcsrchr
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_wcsupr_s
iswalnum
iswalpha
wcspbrk
_CxxThrowException
memset
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
__CxxFrameHandler3
_vsnprintf_s

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Initialise
Notify
Terminate

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83b9e0d3a307f1038857f2ebaa372404

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

atl80

shlwapi

msimg32

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 255KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 1KB - Virtual size: 5KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 256KB - Virtual size: 255KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 1KB - Virtual size: 5KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 26KB - Virtual size: 26KB