8c5885ed76c0801965bc89b584ca4122_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8c5885ed76c0801965bc89b584ca4122_JaffaCakes118
Size

1.0MB
MD5

8c5885ed76c0801965bc89b584ca4122
SHA1

01dd7a029d8b50c02a37db215451668bfa172da1
SHA256

fd0c24def19246fa0a13fd64f70dd492266b831b124ea1a5c4f60d467b604761
SHA512

ee3006bc36695a363936c9222b66aad34f2674e257f53f50b11424c25e178f8d501a38015416fd4768ad8e4dabfd61425d67a5d790f5448b25318917d17759d2
SSDEEP

24576:jluFRYJ2VK+M2aVKASuwSZH2wrORbmIhR2K:jULY2bMhVKAsQWwrOhma2K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c5885ed76c0801965bc89b584ca4122_JaffaCakes118

Files

8c5885ed76c0801965bc89b584ca4122_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

6e664ef248e485561d1fd55135ca36b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
LocalAlloc
GetModuleHandleA
InterlockedExchange
DeleteCriticalSection
SetLastError
GetLastError
CompareStringA
LoadLibraryA
GetCurrentProcessId
GetThreadLocale
SetThreadLocale
GetTickCount
GetProcessHeap
HeapAlloc
LoadResource
SizeofResource
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
LocalFree
RaiseException
SetEnvironmentVariableA
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
LCMapStringA
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
HeapCreate
GetModuleFileNameA
GetStdHandle
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemInfo
VirtualProtect
RtlUnwind
GetSystemTimeAsFileTime
HeapSize
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapReAlloc
GetCurrentThread
IsBadWritePtr
VirtualQuery
SetUnhandledExceptionFilter
ReleaseSemaphore
GlobalHandle
GlobalFree
WriteFile
ReadFile
FlushFileBuffers
SetFilePointer
GetFileSize
SetEndOfFile
CreateThread
TerminateThread
SetThreadPriority
ResumeThread
GetFileTime
SystemTimeToFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
SetFileTime
lstrlenA
Sleep
LockResource
HeapFree
CloseHandle
WaitForSingleObject
ReleaseMutex
SetEvent
ResetEvent
UnmapViewOfFile
MapViewOfFile
WaitForMultipleObjects
GetExitCodeProcess
FileTimeToSystemTime

advapi32

GetTokenInformation
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenProcessToken
RegCloseKey

user32

EqualRect
CopyRect
InflateRect
SetWindowRgn
GetSysColorBrush
MoveWindow
GetParent
IsWindow
DestroyWindow
KillTimer
SetTimer
ShowWindow
SetRectEmpty
GetWindowRect
IsIconic
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
GetSysColor
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
IsWindowVisible
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetDlgItem
ReleaseCapture
FillRect
EndPaint
BeginPaint
GetDesktopWindow
DestroyAcceleratorTable
SetFocus
GetFocus
TranslateMessage
UpdateWindow
GetTopWindow
ReplyMessage
GetKeyState
BringWindowToTop
MapWindowPoints
EnumChildWindows
OffsetRect
AnimateWindow
GetWindowThreadProcessId
SetRect
GetSystemMetrics
UnhookWindowsHookEx
EnumWindows
UnregisterClassA
InvalidateRect

gdi32

SetDIBColorTable
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
FillRgn
OffsetRgn
CreateRoundRectRgn
CreatePolygonRgn
CombineRgn
CreateRectRgn
GetStockObject
SelectObject
DeleteDC
DeleteObject
CreateDIBSection

pltfrm

?GetSnoozeDone@InstlrUtl@@YAKXZ
?GetSnoozeLast@InstlrUtl@@YAKXZ
?GetCheckBoxLastSnooze@InstlrUtl@@YAKXZ
?SetSnoozeLast@InstlrUtl@@YAXK@Z
?SetSnoozeDone@InstlrUtl@@YAXK@Z
?SetGuru@XUrlFormat@@QAEXPAUIGuru@@@Z
?getUsrAgnt@UsrAgnt@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@_N@Z
?GetUsrInf@InstlrUtl@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@ABV23@PAUIGuru@@@Z
?GetUrl@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?SetUrl@XUrlFormat@@QAEXPAUIXMLDOMNode@MSXML2@@@Z
?BstrFromClsid@PlatformUtils@@YA?AVCComBSTR@ATL@@ABU_GUID@@@Z
?SetUrl@XUrlFormat@@QAEXPAG@Z
??0XUrlFormat@@QAE@PAUIXMLDOMNode@MSXML2@@@Z
?GetUrlWithoutFormat@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
??1XUrlFormat@@UAE@XZ
?SetCheckBoxLastSnooze@InstlrUtl@@YAXK@Z
?GetFrmtdDateTime@PlatformUtils@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@_J@Z
?ExtractParam@InstlrUtl@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@V23@0_N@Z
?GetIeUserAgent@UsrAgnt@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@_N@Z
?GetCid@InstlrUtl@@YA?AVCComBSTR@ATL@@XZ
?GetParams@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetPath@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetServer@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
??0XUrlFormat@@QAE@XZ

iphlpapi

GetAdaptersInfo

comctl32

_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_GetImageCount

ole32

CreateItemMoniker
GetRunningObjectTable
OleRun
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromCLSID
StringFromGUID2
CoCreateGuid
ProgIDFromCLSID
CoTaskMemAlloc
OleLockRunning

oleaut32

VarBstrCat
RegisterTypeLi
VariantChangeType
SetErrorInfo
CreateErrorInfo
OleCreateFontIndirect
VariantCopy
VarBstrCmp
SafeArrayGetElement
SafeArrayGetUBound
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
VariantInit
VariantClear
DispCallFunc
SafeArrayGetLBound
SafeArrayGetDim
VectorFromBstr
SafeArrayDestroy
BstrFromVector
SafeArrayCreate
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayAccessData
UnRegisterTypeLi
SafeArrayCreateVector
SysStringByteLen
SysAllocStringByteLen

shlwapi

PathFileExistsW

ws2_32

WSARecv
WSASetLastError
WSASocketW
closesocket
WSAStartup
WSACreateEvent
WSASetEvent
WSAEventSelect
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSAConnect
WSAGetLastError
WSAEnumNetworkEvents
WSACloseEvent
WSACleanup
getaddrinfo
freeaddrinfo

gdiplus

GdipDrawImageI
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipGetImageGraphicsContext

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW

sensapi

IsNetworkAlive

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CryptQueryObject

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllSendIdsRequestAbort
DllSendIdsRequestAlreadyInstalled
DllSendIdsRequestCancel
DllSendIdsRequestInstalledOnVista
DllSendIdsRequestOk
DllSendUninstallReport
DllUnregisterServer

Sections

.text
Size: 608KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e664ef248e485561d1fd55135ca36b6

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

pltfrm

iphlpapi

comctl32

ole32

oleaut32

shlwapi

ws2_32

gdiplus

shell32

sensapi

crypt32

version

Exports

Exports

Sections

.text Size: 608KB - Virtual size: 608KB

.rdata Size: 218KB - Virtual size: 217KB

.data Size: 39KB - Virtual size: 53KB

.rsrc Size: 103KB - Virtual size: 102KB

.reloc Size: 68KB - Virtual size: 67KB

.text
Size: 608KB - Virtual size: 608KB

.rdata
Size: 218KB - Virtual size: 217KB

.data
Size: 39KB - Virtual size: 53KB

.rsrc
Size: 103KB - Virtual size: 102KB

.reloc
Size: 68KB - Virtual size: 67KB