86d2d9f864816a26a639387788ac61d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

86d2d9f864816a26a639387788ac61d1_JaffaCakes118
Size

1.1MB
MD5

86d2d9f864816a26a639387788ac61d1
SHA1

60bb33168b2eae7b843ed405352578d22f1d563c
SHA256

8ff4711abd11abd65e6382afad15f1f7afff96d15d50a69e157716066bb2e8aa
SHA512

37afa07e2ca26154dbb3c8a78bc25f01f70b8ab73459773a0589b0552de4d5a8342f8b238a24c34bbd0c49a68ccbbeaea79476876e047b871333e4f4d3aab6c4
SSDEEP

12288:5d97LbOXLxkpluL03Rlpj+1Sat5hNcqDYmmndl6/slJ+zt+81MCA3qif/0Miln:/97LbILxkpd3WSa0YY1ndl6E3I+fTs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86d2d9f864816a26a639387788ac61d1_JaffaCakes118

Files

86d2d9f864816a26a639387788ac61d1_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

13f96f04974f2ecb2c3ee65a15639d51

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

browseui.pdb

Imports

advapi32

RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

gdi32

SetBkColor
SetTextColor
SelectObject
CreateFontIndirectA
DeleteDC
BitBlt
GetPixel
CreateBitmap
CreateCompatibleDC
GetDeviceCaps
CreateRectRgn
CreateRectRgnIndirect
SetRectRgn
CombineRgn
EqualRgn
CreateCompatibleBitmap
PatBlt
StretchBlt
CreateSolidBrush
SetStretchBltMode
CreateDIBSection
GetPaletteEntries
RealizePalette
SelectPalette
GetStockObject
LineTo
MoveToEx
CreatePen
CreatePolygonRgn
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
GetTextExtentPointW
SetTextAlign
GetTextAlign
OffsetWindowOrgEx
GetDCOrgEx
GetClipBox
SetBkMode
RestoreDC
SaveDC
TextOutA
GetTextExtentPoint32A
DeleteObject

kernel32

UnhandledExceptionFilter
ResumeThread
CreateThread
OpenMutexA
DuplicateHandle
GetCurrentProcess
GetSystemTime
FormatMessageA
LocalReAlloc
ReleaseSemaphore
FindClose
LocalSize
InterlockedCompareExchange
HeapDestroy
GetCurrentThread
Sleep
GetThreadPriority
ResetEvent
ReleaseMutex
SystemTimeToFileTime
MulDiv
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
GetVersionExW
CreateEventA
GetLocaleInfoW
GetModuleHandleW
SetThreadPriority
GetCurrentThreadId
WaitForSingleObject
GetTickCount
LoadLibraryExA
GetCommandLineW
OpenProcess
GetStartupInfoW
lstrcmpA
GetLastError
GetSystemTimeAsFileTime
CompareFileTime
GetCurrentProcessId
InterlockedExchange
OpenEventA
SetEvent
lstrlenW
GlobalAlloc
GlobalFree
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GlobalUnlock
GlobalLock
lstrcpynA
LoadLibraryA
GlobalMemoryStatus
GetSystemInfo
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
InitializeCriticalSection
EnterCriticalSection
CloseHandle
FreeLibrary
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleA
GetProcAddress
lstrcmpiA
LocalFree
LocalAlloc
LoadLibraryW
TerminateProcess
SetUnhandledExceptionFilter
RaiseException
GetVersionExA
lstrcpynW

msvcrt

memmove
_except_handler3
free
_initterm
malloc
_adjust_fdiv
_vsnwprintf

ole32

OleUninitialize
CoFreeUnusedLibraries
CoMarshalInterface
OleInitialize
CoTaskMemFree
ReleaseStgMedium
CoUninitialize
CreateBindCtx
CoInitializeEx
CoCreateInstance
StringFromGUID2
CoGetInterfaceAndReleaseStream
CoFileTimeNow
CoTaskMemAlloc
OleLoadFromStream
OleSaveToStream
CreateStreamOnHGlobal

shlwapi

ord175
ord136
ord141
ord94
ord132
ord516
ord223
ord222
StrDupW
ord439
ord276
ord496
SHSetValueW
StrCmpW
ord517
ord125
ord186
ord335
ord384
ord404
StrCmpNIW
ord302
SHRegGetUSValueW
ord309
ord102
ord67
ord71
ord484
ord299
ord61
ord91
PathIsURLW
ord312
PathCombineW
ord75
UrlCreateFromPathW
ord68
ord104
ord84
ord43
ord340
ord95
ord318
ord117
ord434
ord174
ord40
ord164
StrRChrW
ord334
SHQueryValueExW
ord130
ord128
UrlEscapeW
PathCreateFromUrlW
ord12
ord219
ord168
ord200
ord201
ord204
ord509
ord441
ord494
ord172
ord303
GetMenuPosFromID
ord427
ord366
ord460
UrlCanonicalizeW
ord9
ord8
ord10
ord7
ord317
ord41
ord56
ord237
ord79
SHCreateThreadRef
StrToIntW
SHRegGetValueW
ord73
PathStripToRootW
ord97
PathGetArgsW
ord179
ord181
ord192
ord425
ord106
ord36
ord391
ord394
ord163
ord535
ord506
ord499
ord508
ord184
ord171
ord206
ord198
ord199
StrChrW
ord88
ord446
ord332
ord116
ord479
ord165
ord245
ord251
ord290
PathIsUNCW
ord515
ord123
ord565
ord476
ord51
ord505
ord507
ord319
ord98
ord182
ord177
ord562
ord383
ord478
ord278
SHGetThreadRef
ord187
ord491
ord131
ord103
ord286
ord100
ord252
ord359
ord246
SHSetThreadRef
ord247
ord255
ord467
PathIsDirectoryW
ord78
ord244
ord250
SHDeleteKeyA
ord545
wnsprintfW
ord120
SHStrDupW
PathCompactPathW
ord138
ord99
ord355
ord143
ord16
ord280
ord538
ord269
ord564
SHIsLowMemoryMachine
ord428
ord101
ord344
ord409
AssocQueryStringByKeyW
SHCopyKeyW
AssocCreate
PathRemoveBlanksW
StrStrIW
ord558
AssocQueryKeyW
ord37
ord87
ord193
ord140
ord134
ord2
ord197
ord23
SHDeleteValueW
ord194
ord260
ord307
ord65
ord333
StrStrW
ord487
SHRegQueryUSValueW
ord337
SHRegCloseUSKey
SHRegEnumUSKeyW
SHRegOpenUSKeyW
ord537
StrRStrIW
SHRegOpenUSKeyA
ord167
ord208
ord267
ord146
ord166
ord210
ord481
ord209
ord268
PathUnquoteSpacesW
SHEnumValueW
ord96
ord142
StrChrIW
ord190
ord191
ord202
ord207
ord514
ord236
PathParseIconLocationW
AssocQueryStringW
ord108
PathIsUNCServerW
PathIsRootW
StrCmpNW
PathAddExtensionW
PathRemoveArgsW
PathIsContentTypeW
ord6
PathMakePrettyW
PathIsUNCServerShareW
ord462
ord118
ord119
ord240
PathIsRelativeW
PathCommonPrefixW
ord305
SHRegDuplicateHKey
PathFileExistsW
ord50
ord173
ord256
PathRemoveFileSpecW
PathRemoveBackslashW
ColorHLSToRGB
ColorRGBToHLS
ord300
ord93
ord145
ord211
ord212
ord225
ord221
ord220
ord74
ord279
SHOpenRegStream2W
ord195
ord314
ord315
ord158
ord157
StrPBrkW
ord534
ord521
ord523
ord533
ord522
ord524
ord289
ord217
PathCreateFromUrlA
UrlUnescapeA
ord426
ord418
ord218
PathFindFileNameA
PathRemoveExtensionA
ord313
StrCpyNW
PathRemoveExtensionW
ord346
StrCatBuffW
ord270
ord60
StrRetToBufW
PathFindExtensionW
ord176
ord83
SHRegGetBoolUSValueW
ord416
ord414
ord107
ord378
ord431
ord215
ord542
SHGetValueW
SHRegSetUSValueW
ord24
SHDeleteKeyW
ord549
ord133
ord376
ord437
ord241
SHCreateShellPalette
ord239
ord80
PathFindFileNameW
StrCmpIW
ord55
ord49
ord59
ord178
ord139
ord124

user32

GetDlgItem
GetSysColor
GetParent
CharNextA
GetMenuItemCount
SetCursor
IsWindow
FillRect
GetSysColorBrush
SystemParametersInfoA
GetWindowRect
SetRect
CopyRect
SendMessageTimeoutA
EnumWindows
GetMenuItemID
CheckMenuItem
CreatePopupMenu
GetShellWindow
GetWindowLongA
SetWindowLongA
DestroyWindow
WaitForInputIdle
GetWindowThreadProcessId
GetWindowPlacement
IsWindowVisible
ShowWindow
IntersectRect
OffsetRect
EqualRect
GetAsyncKeyState
ReleaseCapture
GetCapture
PtInRect
MsgWaitForMultipleObjectsEx
SetCapture
MapWindowPoints
SetTimer
KillTimer
GetDoubleClickTime
DestroyIcon
SetWindowPos
InflateRect
GetClassWord
GetMenuState
EnableMenuItem
IsMenu
SetWindowPlacement
SetForegroundWindow
MessageBeep
SetFocus
IsChild
GetFocus
WaitMessage
CreateMenu
IsIconic
LockWindowUpdate
GetForegroundWindow
EnableWindow
IsWindowEnabled
InvalidateRect
RedrawWindow
GetCursorPos
CreateIconIndirect
DrawIconEx
GetIconInfo
MsgWaitForMultipleObjects
GetDlgCtrlID
SetParent
MoveWindow
SetWindowRgn
IsRectEmpty
SetRectEmpty
GetActiveWindow
GetMessagePos
GetSystemMenu
GetWindow
AdjustWindowRectEx
DestroyAcceleratorTable
CopyIcon
UpdateWindow
SetKeyboardState
GetKeyboardState
GetCaretPos
ShowScrollBar
SetScrollInfo
GetScrollInfo
CallNextHookEx
EndPaint
BeginPaint
UnhookWindowsHookEx
SetScrollPos
RegisterWindowMessageA
IsWindowUnicode
WindowFromPoint
ScreenToClient
CloseClipboard
GetClipboardData
OpenClipboard
EnumChildWindows
GetProcessWindowStation
GetUpdateRect
GetSystemMetrics
GetDesktopWindow
LoadCursorA
SendMessageA
GetCursor
ClientToScreen
HideCaret
ShowCaret
SetMenuDefaultItem
DrawEdge
GetWindowDC
SetMenu
SetActiveWindow
EndDialog
ChildWindowFromPoint
CharNextW
PostMessageW
RegisterWindowMessageW
GetClientRect
ReleaseDC
GetSubMenu
RemoveMenu
InsertMenuW
InsertMenuA
LoadMenuW
LoadMenuA
GetKeyState
TranslateMessage
LoadStringA
InSendMessage
GetDC

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 530KB - Virtual size: 529KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 527KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13f96f04974f2ecb2c3ee65a15639d51

Headers

File Characteristics

PDB Paths

Imports

advapi32

gdi32

kernel32

msvcrt

ole32

shlwapi

user32

Exports

Exports

Sections

.text Size: 530KB - Virtual size: 529KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 527KB - Virtual size: 526KB

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 530KB - Virtual size: 529KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 527KB - Virtual size: 526KB

.reloc
Size: 30KB - Virtual size: 29KB