82793c3705edad9640cfd8c8c55c89db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

82793c3705edad9640cfd8c8c55c89db_JaffaCakes118
Size

276KB
MD5

82793c3705edad9640cfd8c8c55c89db
SHA1

bca0b59bd2f22e6750521faf86eb86c092575afd
SHA256

263c36d76e922c922526c31b082290bb481f37ea2416ca6ac4d7020a52adb376
SHA512

d9a1ea43f3e673aae94556451582143c18bde36c86a9b5515671ef9f04f736cb7629121dd00f96149031cca5adc0ea1a044c5085d54807d3542510f9e1659780
SSDEEP

6144:WFeaN7Eg/GhaIR4KDz21lp5AqkNfX3ajEWUVKEoNHs:WFeeFOhlR4KDi7p5RoHsUVms

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
82793c3705edad9640cfd8c8c55c89db_JaffaCakes118
unpack001///IEClose.dll
unpack001//bbtoo.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

82793c3705edad9640cfd8c8c55c89db_JaffaCakes118
.exe windows:4 windows x86 arch:x86

81c812ed76d4690c8678b3a4f0737a5f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Create
ord17
ImageList_AddMasked
ImageList_Destroy

kernel32

GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
CopyFileA
SetErrorMode
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
GetModuleHandleA
LoadLibraryA
CreateThread
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
ExitProcess

user32

CreateDialogParamA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
SetFocus
ScreenToClient
GetWindowRect
GetWindowLongA
SetClassLongA
IsWindowEnabled
SetWindowPos
LoadCursorA
SetCursor
GetDlgItemTextA
MapWindowPoints
GetMessagePos
LoadBitmapA
CallWindowProcA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
MessageBoxA
CharPrevA
DestroyWindow
SetTimer
SetForegroundWindow
ShowWindow
CharNextA
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
GetSysColor
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
PostQuitMessage
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
GetWindowTextA
DrawTextA
EndPaint
InvalidateRect

gdi32

SetBkColor
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateSolidBrush
CreateFontA
SetBkMode
SetTextColor
CreateBrushIndirect
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
//IEClose.dll
.dll windows:4 windows x86 arch:x86

03484a6bc016d64c2911bbb00d3e5527

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
Module32Next
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
OpenProcess
TerminateProcess
WaitForSingleObject
Sleep
WideCharToMultiByte
FreeEnvironmentStringsW
RtlUnwind
GetStringTypeW
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
CloseHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
LoadLibraryA
VirtualAlloc
HeapReAlloc
GetProcAddress
GetStringTypeA

user32

FindWindowA
EnumWindows
GetWindowThreadProcessId
SendMessageTimeoutA
GetClassNameA
PostMessageA

ole32

CoFreeUnusedLibraries

Exports

Exports

closeIE
refreshProcesses

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/BBTOOICO.bmp
/basis.xml
.xml
/bbtoo.crc
/bbtoo.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d4eca28bfb652c7989c9e9bda10c19ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA

shlwapi

PathFileExistsA

wininet

DeleteUrlCacheEntry
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile
FindCloseUrlCache
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

setupapi

SetupIterateCabinetA

kernel32

RemoveDirectoryA
DeleteFileA
InterlockedIncrement
lstrlenA
GetVersionExA
WideCharToMultiByte
WriteFile
CreateFileA
GetTempPathA
MoveFileExA
lstrlenW
CloseHandle
GetModuleFileNameA
Sleep
GetCurrentProcessId
SetLastError
OutputDebugStringA
LoadLibraryW
GetModuleFileNameW
GetProcAddress
GetModuleHandleA
GetModuleHandleW
LoadLibraryA
GlobalUnlock
GlobalLock
WritePrivateProfileStringA
EnterCriticalSection
MultiByteToWideChar
InterlockedDecrement
lstrcpyA
lstrcatA
GetCurrentThreadId
GetVersion
DebugBreak
FindFirstFileA
FindNextFileA
FindClose
GetTempFileNameA
FlushInstructionCache
GetCurrentProcess
lstrcmpA
GetCurrentThread
HeapFree
HeapAlloc
GetProcessHeap
DisableThreadLibraryCalls
GetShortPathNameA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
GetLastError
FreeLibrary
SetEndOfFile
CompareStringA
CompareStringW
GlobalAlloc
TerminateThread
LeaveCriticalSection
ReadFile
GetOEMCP
LCMapStringA
GetDriveTypeA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
SetUnhandledExceptionFilter
HeapSize
TerminateProcess
ExitProcess
TlsGetValue
TlsFree
TlsAlloc
GetCommandLineA
HeapReAlloc
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
CreateDirectoryA
GetFullPathNameA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
ExitThread
TlsSetValue
CreateThread
ResumeThread
RtlUnwind
RaiseException
LocalAlloc
InterlockedExchange
LocalFree
GetStringTypeW
GetACP
GetStringTypeA
GetCPInfo
LCMapStringW
SetHandleCount
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle

user32

SendMessageA
wsprintfA
LoadCursorA
GetParent
CharLowerA
CallWindowProcA
DefWindowProcA
IsWindowVisible
CloseClipboard
GetClipboardData
OpenClipboard
GetSysColor
SetWindowTextA
GetSystemMetrics
DestroyCursor
EnableMenuItem
PostMessageA
UnregisterClassA
TranslateMessage
DispatchMessageA
SetActiveWindow
MoveWindow
GetWindowRect
EmptyClipboard
LoadCursorFromFileA
CreateWindowExA
GetDlgItem
InvalidateRgn
ReleaseCapture
DestroyAcceleratorTable
CreateAcceleratorTableA
GetDesktopWindow
RedrawWindow
SetWindowPos
BeginPaint
GetClientRect
EndPaint
IsChild
IsWindow
GetDC
ReleaseDC
FillRect
GetMenuItemInfoA
CopyRect
DestroyWindow
SetFocus
ShowWindow
LoadMenuA
GetSubMenu
InsertMenuA
LoadImageA
LoadStringA
wvsprintfA
MapWindowPoints
GetMessagePos
GetCursorPos
GetFocus
SetWindowsHookExA
WindowFromPoint
SetCursor
ScreenToClient
PtInRect
GetKeyState
GetClassNameA
CallNextHookEx
InvalidateRect
TrackPopupMenu
SetTimer
CreatePopupMenu
AppendMenuA
CheckMenuItem
DestroyMenu
CharNextA
MessageBoxA
KillTimer
UnhookWindowsHookEx
GetWindowLongA
GetWindowTextLengthA
GetWindowTextA
SetWindowLongA
GetWindow
GetClassInfoExA
RegisterClassExA
RegisterWindowMessageA
OffsetRect
DrawEdge
SetCapture

gdi32

GetObjectA
GetTextExtentPointA
GetStockObject
GetDeviceCaps
CreateSolidBrush
DeleteObject
ExtTextOutA
GetTextExtentPoint32A
GetTextMetricsA
SetTextColor
SetBkColor
SetBkMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateBrushIndirect
DeleteDC
CreateFontA
BitBlt

shell32

SHAddToRecentDocs
DragQueryFileA
ShellExecuteA

ole32

OleInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
OleLockRunning
CoTaskMemRealloc
OleRun
CreateStreamOnHGlobal
CoInitialize

oleaut32

VariantClear
VariantInit
SysStringByteLen
VariantChangeType
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
LoadTypeLi
VariantCopy
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayCreate
LoadRegTypeLi
DispCallFunc
GetErrorInfo
VarUI4FromStr
SysAllocString
RegisterTypeLi
OleCreateFontIndirect

rpcrt4

UuidFromStringA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
TBStudioReg

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/bbtoologo.bmp
/favicon.ico
/favorite_offline.xml
/maintool.xml
.xml
/pm_check.xml
/search_xml.xml
.xml
/tools1.xml
/version.txt
/website_xml.xml

Sharing

General

Malware Config

Signatures

Files

81c812ed76d4690c8678b3a4f0737a5f

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 8KB

03484a6bc016d64c2911bbb00d3e5527

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 2KB

d4eca28bfb652c7989c9e9bda10c19ca

Headers

File Characteristics

Imports

winmm

shlwapi

wininet

setupapi

kernel32

user32

gdi32

shell32

ole32

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 360KB - Virtual size: 359KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 32KB - Virtual size: 34KB

.SHARED Size: 4KB - Virtual size: 2KB

.rsrc Size: 16KB - Virtual size: 14KB

.reloc Size: 32KB - Virtual size: 29KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 360KB - Virtual size: 359KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 32KB - Virtual size: 34KB

.SHARED
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 32KB - Virtual size: 29KB