8308b6b8119e4535ab35dfed141feb10_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8308b6b8119e4535ab35dfed141feb10_JaffaCakes118
Size

249KB
MD5

8308b6b8119e4535ab35dfed141feb10
SHA1

8cd039013fe47a741c920d295805dde341a71277
SHA256

ade54c11bb71ff475fd460ea3f4f2bc954cc8aebe8a8c3df5584a673e3250822
SHA512

cd0025cc3395c0f59d095524f687d1541a049679004e0571818df27bc4a197c3e59a38df19f4f7fb52a9ddd4df8da5f744ac28647047f0a9ed02e38c7e13e4a3
SSDEEP

6144:YCp4VMFIb3GFFDXDdHNcby8cMrLHIhT/bTts/yHvJN:bmiIb3GFXtcbRHGTS/w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8308b6b8119e4535ab35dfed141feb10_JaffaCakes118

Files

8308b6b8119e4535ab35dfed141feb10_JaffaCakes118
.dll windows:6 windows x86 arch:x86

bb375f0343662c2cc5446a6fd85543d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msrating.pdb

Imports

msvcrt

_wtoi
_onexit
_lock
memset
_unlock
iswdigit
memcpy
wcschr
wcsrchr
_vsnwprintf
__dllonexit
_wcsicmp
bsearch
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
wcsncmp
_wcsnicmp
wcsspn
memmove
wcsstr

kernel32

GetUserDefaultUILanguage
GetSystemDefaultUILanguage
UnmapViewOfFile
GetLocaleInfoW
CreateFileMappingW
MapViewOfFile
LoadLibraryExW
FindResourceExW
FindResourceW
InterlockedExchange
VirtualAlloc
VirtualFree
LoadLibraryA
OutputDebugStringW
DebugBreak
lstrlenA
GlobalAlloc
SearchPathW
GetModuleHandleW
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LoadResource
GlobalFree
lstrcmpW
HeapAlloc
GetProcessHeap
HeapFree
GetModuleFileNameW
GetVersionExW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
HeapDestroy
FreeLibrary
SetEvent
GetProcAddress
LoadLibraryW
CloseHandle
LocalFree
LocalReAlloc
LocalAlloc
WideCharToMultiByte
WaitForSingleObject
CreateThread
CreateEventW
MultiByteToWideChar
GetLastError
lstrlenW
GetVersion
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
RaiseException
GetCurrentThreadId
SetLastError
Sleep
GetWindowsDirectoryW
GetFileAttributesW
GetSystemTime

ole32

StringFromGUID2
CoUninitialize
CoInitialize
CoGetObject

wininet

InternetCrackUrlW

urlmon

IsValidURL

user32

DialogBoxParamW
CharNextW
SetPropW
RemovePropW
wvsprintfW
GetClientRect
SetWindowPos
SetDlgItemTextW
GetWindowTextLengthW
IsDlgButtonChecked
CheckDlgButton
SendDlgItemMessageW
LoadIconW
LoadImageW
MessageBoxW
LoadStringW
SetWindowLongW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
IsWindow
SendMessageW
GetPropW
SetFocus
GetDlgItem
EndDialog
GetDlgItemTextW
GetFocus
GetWindowTextW
SetForegroundWindow
ShowWindow
EnableWindow
GetSysColor
GetParent
SetWindowTextW
DestroyWindow
GetDC
ReleaseDC
DestroyIcon
GetSystemMetrics
GetWindowLongW
GetWindowRect
PostMessageW

advapi32

RegCloseKey
RegEnumValueW
RegQueryValueExW
RegSetValueExW
FreeSid
SetSecurityDescriptorDacl
GetAce
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
InitializeSecurityDescriptor
RegCreateKeyExW
RegDeleteValueW
RegFlushKey
RegUnLoadKeyW
RegLoadKeyW
RegSaveKeyW
RegEnumKeyW
RegCreateKeyW
RegOpenKeyExW

ws2_32

gethostbyname
inet_addr

shlwapi

ord2
StrDupW
ord437
UrlApplySchemeW
SHDeleteKeyW

shell32

ShellExecuteW

iertutil

ord110
ord9
ord30
ord111
ord44
ord309

Exports

Exports

ChangeSupervisorPassword
ClickedOnPRF
ClickedOnRAT
DllCanUnloadNow
DllGetClassObject
RatingAccessDeniedDialog
RatingAccessDeniedDialog2
RatingAccessDeniedDialog2W
RatingAccessDeniedDialogW
RatingAddPropertyPages
RatingAddToApprovedSites
RatingCheckUserAccess
RatingCheckUserAccessW
RatingClickedOnPRFInternal
RatingClickedOnRATInternal
RatingCustomAddRatingHelper
RatingCustomAddRatingSystem
RatingCustomCrackData
RatingCustomDeleteCrackedData
RatingCustomInit
RatingCustomRemoveRatingHelper
RatingCustomSetDefaultBureau
RatingCustomSetUserOptions
RatingEnable
RatingEnableW
RatingEnabledQuery
RatingFreeDetails
RatingInit
RatingObtainCancel
RatingObtainQuery
RatingObtainQueryW
RatingSetupUI
RatingSetupUIW
VerifySupervisorPassword

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb375f0343662c2cc5446a6fd85543d2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

ole32

wininet

urlmon

user32

advapi32

ws2_32

shlwapi

shell32

iertutil

Exports

Exports

Sections

.text Size: 133KB - Virtual size: 133KB

.data Size: 64KB - Virtual size: 68KB

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 133KB - Virtual size: 133KB

.data
Size: 64KB - Virtual size: 68KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 6KB - Virtual size: 6KB