aa0fbfebb096d9efe890f6d4140e3a99_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aa0fbfebb096d9efe890f6d4140e3a99_JaffaCakes118
Size

122KB
MD5

aa0fbfebb096d9efe890f6d4140e3a99
SHA1

0e1c63ef36afae62bad9c0a597eb02c7f6ca5222
SHA256

1ade3d215bcb8d2cee4b8acbdfdb4453fa97d71570c09c11cca2d56619979eca
SHA512

4cf0a592c4f7857e642678874b6bb96c69c910dca33f2d4a8ac86581e14f81985901e305c33aab02f5ca356acb5a2c33ce22e444254254be593ca1b6815d9ee6
SSDEEP

3072:bCxhZ8+dymOBvxOXKpxn7Pf6hLQGjQSFoZQ/9di0:bWNHIOXKpxn7PeQiiWd3

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/UltraBar.dll
unpack001/ubinst.exe
unpack001/ubreg.exe

Files

aa0fbfebb096d9efe890f6d4140e3a99_JaffaCakes118
.cab
UltraBar.dll
.dll regsvr32 windows:4 windows x86 arch:x86

87d0b66f2e01695dd82a6ea4d0ca6aac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
lstrcmpiA
InterlockedIncrement
WideCharToMultiByte
GetLastError
FileTimeToSystemTime
DisableThreadLibraryCalls
ReleaseMutex
WaitForSingleObject
CreateProcessA
GetVersionExA
GetProcAddress
lstrcatA
GetShortPathNameA
GetModuleHandleA
SetFilePointer
LocalFree
lstrcmpA
LocalAlloc
CreateDirectoryA
GetFileAttributesA
FindClose
FlushInstructionCache
GetCurrentProcess
RemoveDirectoryA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LoadLibraryA
MultiByteToWideChar
GetTempFileNameA
DeleteFileA
CreateMutexA
SystemTimeToFileTime
CompareFileTime
OutputDebugStringA
DebugBreak
InterlockedDecrement
lstrlenA
WriteFile
CloseHandle
GetTempPathA
lstrcpyA
CreateFileA
GetLocalTime
GetDateFormatA
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GlobalLock
GlobalUnlock
GetModuleFileNameA
ExitProcess
FindNextFileA
FindFirstFileA
GetVersion
IsBadReadPtr
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStartupInfoA
GetFileType
FreeEnvironmentStringsA
SetHandleCount
IsBadWritePtr
GetStdHandle
VirtualFree
HeapCreate
VirtualAlloc
LCMapStringA
LCMapStringW
GetOEMCP
GetACP
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetCPInfo
TlsGetValue
SetUnhandledExceptionFilter
SetLastError
TlsFree
TlsAlloc
HeapSize
TerminateProcess
RaiseException
GetTimeFormatA
HeapReAlloc
HeapFree
HeapAlloc
TlsSetValue
CreateThread
ExitThread
RtlUnwind
InterlockedExchange
ResumeThread
FlushFileBuffers
ReadFile
SetStdHandle
Sleep
IsBadCodePtr
GetCommandLineA

user32

SetFocus
GetParent
GetWindowLongA
wvsprintfA
CharNextA
EndDialog
SendMessageA
GetDlgItem
ShowWindow
MessageBeep
SetDlgItemTextA
GetWindowTextA
GetWindowTextLengthA
PostMessageA
DefWindowProcA
DestroyWindow
IsWindow
DestroyMenu
MessageBoxA
SetCursor
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
LoadStringA
DialogBoxParamA
IsChild
GetIconInfo
GetMenuItemCount
GetSystemMetrics
AppendMenuA
EndPaint
BeginPaint
GetSysColor
GetKeyState
TranslateMessage
DispatchMessageA
GetSubMenu
LoadMenuA
TrackPopupMenu
FillRect
ClientToScreen
RedrawWindow
GetActiveWindow
CheckMenuRadioItem
DestroyIcon
LoadBitmapA
LoadImageA
SetWindowTextA
EnableWindow
GetMenuItemID
CreatePopupMenu
InsertMenuItemA
CallWindowProcA
InsertMenuA
CreateWindowExA
LoadCursorA
SetWindowLongA
GetClassInfoExA
GetFocus
wsprintfA
RegisterClassExA
GetSysColorBrush
DrawTextA

gdi32

DeleteObject
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateBitmapIndirect
SetTextColor
SetBkColor
ExtTextOutA
GetStockObject
GetObjectA

advapi32

RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegEnumValueA

shfolder

SHGetFolderPathA

shell32

SHFileOperationA
ShellExecuteA

ole32

ReleaseStgMedium
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
CoCreateInstance
RegisterDragDrop
StringFromCLSID
CoTaskMemFree
CoInitializeEx

oleaut32

VariantClear
SysFreeString
VarUI4FromStr
SysStringLen
VariantCopy
SysAllocStringLen
VariantChangeType
SysAllocString
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi

shlwapi

PathAppendA
SHRegGetBoolUSValueA
PathAddBackslashA
SHDeleteKeyA
PathRemoveFileSpecA
PathRemoveBackslashA

wininet

InternetCrackUrlA

urlmon

URLDownloadToFileA

url

InetIsOffline

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_Create
ImageList_GetImageCount

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
acronym.ico
dictionary.ico
horoscope.ico
logo.bmp
logomask.bmp
mag.ico
mainicon.ico
mainmenu.xml
.xml
maps.ico
metasearch.ico
pr.ico
searchengines.xml
.xml
settings.xml
.xml
stock.ico
thesaurus.ico
ubinst.exe
.exe windows:4 windows x86 arch:x86

74fe8b28494ce30d8323dac049e09400

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
FindClose
FindNextFileA
FindFirstFileA
MoveFileA
DeleteFileA
GetTempFileNameA
GetVersion
CopyFileA
lstrcpyA
GetModuleFileNameA
GetLastError
CreateDirectoryA
GetFileAttributesA
CreateProcessA
GetSystemDirectoryA
GetLocalTime
CreateFileA
GetTempPathA
WriteFile
lstrlenA
lstrcatA
LoadLibraryA
GetProcAddress
HeapReAlloc
VirtualAlloc
HeapAlloc
HeapCreate
Sleep
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
WaitForSingleObject
GetOEMCP
LCMapStringA
MultiByteToWideChar
RtlUnwind
HeapFree
VirtualFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
GetCPInfo
GetACP
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy

user32

wsprintfA
FindWindowA
PostMessageA
wvsprintfA
MessageBoxA

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey

shfolder

SHGetFolderPathA

shell32

ShellExecuteExA

shlwapi

PathRenameExtensionA
PathQuoteSpacesA
PathRemoveFileSpecA
PathAppendA

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ubreg.exe
.exe windows:4 windows x86 arch:x86

de25ebe1a1bb48da8e9177f448d4520d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetProcAddress
LoadLibraryExA
SetCurrentDirectoryA
lstrcpyA
lstrcpynA
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetEnvironmentStrings
GetEnvironmentStringsW
LoadLibraryA
MultiByteToWideChar
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc

ole32

CoInitialize

shlwapi

PathUnquoteSpacesA
PathFileExistsA
PathRemoveFileSpecA

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ultrabar.inf
weather.ico
wp.ico
yp.ico

Sharing

General

Malware Config

Signatures

Files

87d0b66f2e01695dd82a6ea4d0ca6aac

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shfolder

shell32

ole32

oleaut32

shlwapi

wininet

urlmon

url

comctl32

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 118KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 15KB

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 11KB - Virtual size: 11KB

74fe8b28494ce30d8323dac049e09400

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shfolder

shell32

shlwapi

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 1000B

de25ebe1a1bb48da8e9177f448d4520d

Headers

File Characteristics

Imports

kernel32

ole32

shlwapi

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 944B

.text
Size: 118KB - Virtual size: 118KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 15KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 11KB - Virtual size: 11KB

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 1000B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 944B