b096956c4efeb177048ac0140e95d1de_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b096956c4efeb177048ac0140e95d1de_JaffaCakes118
Size

1.2MB
MD5

b096956c4efeb177048ac0140e95d1de
SHA1

5d09a52d4b7e307f15ecb6aeb7589b30800050ce
SHA256

90a32df5c25e520b3381f2e401f826bafc8805b50519b6dffcca69b2a32ced42
SHA512

67e31f2cb6697731f64efd122e504bd0d38abea7ead2669f81b4052c379304ab9706c0348aea3b63361eb74a624b6da5ae08daf37a86bd3402263d89e7b4af15
SSDEEP

24576:4pvDML1AsiQXL+e7h1jv1JJJJloFEYMU7KbwxwKc3Uror:4pQLeQye7hlLOjV7K1lUr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b096956c4efeb177048ac0140e95d1de_JaffaCakes118

Files

b096956c4efeb177048ac0140e95d1de_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

9ac1b41bb1b61e03e150a68132c48ca1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\101028_140528_build_Client_Build_PabstBlueRibbon_3.0.517.0\source\source_BrowserExtension\bin\ShopperReports_Release\ShopperReports.pdb

Imports

kernel32

GetProcAddress
CompareStringA
LoadLibraryA
GetCurrentProcessId
GetThreadLocale
GetModuleHandleA
GetTickCount
GetProcessHeap
HeapAlloc
LoadResource
SizeofResource
FreeLibrary
InterlockedDecrement
SetThreadLocale
InterlockedIncrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
SetEnvironmentVariableA
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
HeapCreate
GetModuleFileNameA
GetStdHandle
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
LCMapStringA
GetCommandLineA
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemInfo
VirtualProtect
RtlUnwind
GetSystemTimeAsFileTime
HeapSize
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapReAlloc
GetCurrentThread
IsBadWritePtr
VirtualQuery
SetUnhandledExceptionFilter
ReleaseSemaphore
GlobalHandle
GlobalFree
WriteFile
ReadFile
FlushFileBuffers
SetFilePointer
GetFileSize
SetEndOfFile
CreateThread
TerminateThread
SetThreadPriority
ResumeThread
GetFileTime
SystemTimeToFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
lstrlenA
SetFileTime
Sleep
LockResource
FileTimeToSystemTime
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
ResetEvent
SetEvent
ReleaseMutex
WaitForSingleObject
CloseHandle
HeapFree

advapi32

GetTokenInformation
OpenProcessToken
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey

user32

MoveWindow
GetWindowRect
IsIconic
IsWindowVisible
EqualRect
UnregisterClassA
EnumWindows
UnhookWindowsHookEx
GetSystemMetrics
SetRect
GetWindowThreadProcessId
AnimateWindow
OffsetRect
EnumChildWindows
ShowWindow
SetTimer
MapWindowPoints
DestroyWindow
IsWindow
GetParent
SetRectEmpty
GetSysColorBrush
SetWindowRgn
InflateRect
CopyRect
BringWindowToTop
GetKeyState
ReplyMessage
GetTopWindow
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
GetSysColor
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetDlgItem
ReleaseCapture
FillRect
EndPaint
BeginPaint
GetDesktopWindow
DestroyAcceleratorTable
SetFocus
GetFocus
TranslateMessage
UpdateWindow
KillTimer

gdi32

CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
GetDeviceCaps
CreateSolidBrush
SetDIBColorTable
CreateDIBSection
GetStockObject
CreateRectRgn
CombineRgn
CreatePolygonRgn
DeleteDC
CreateCompatibleDC
FillRgn
OffsetRgn
CreateRoundRectRgn

pltfrm

?GetParams@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?SetUrl@XUrlFormat@@QAEXPA_W@Z
?GetServer@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetPath@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
??0XUrlFormat@@QAE@PAUIXMLDOMNode@MSXML2@@@Z
?GetUrlWithoutFormat@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
??1XUrlFormat@@UAE@XZ
?GetCid@InstlrUtl@@YA?AVCComBSTR@ATL@@XZ
?GetIeUserAgent@UsrAgnt@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@_N@Z
?ExtractParam@InstlrUtl@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@V23@0_N@Z
?GetFrmtdDateTime@PlatformUtils@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@_J@Z
?GetUsrInf@InstlrUtl@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@ABV23@PAUIGuru@@@Z
?getUsrAgnt@UsrAgnt@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@_N@Z
?SetUrl@XUrlFormat@@QAEXPAUIXMLDOMNode@MSXML2@@@Z
??0XUrlFormat@@QAE@XZ
?BstrFromClsid@PlatformUtils@@YA?AVCComBSTR@ATL@@ABU_GUID@@@Z
?SetGuru@XUrlFormat@@QAEXPAUIGuru@@@Z

iphlpapi

GetAdaptersInfo

comctl32

ImageList_ReplaceIcon
ImageList_GetImageCount
_TrackMouseEvent

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromCLSID
StringFromGUID2
CoCreateGuid
ProgIDFromCLSID
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoUninitialize
CoInitialize
OleRun
GetRunningObjectTable
CreateItemMoniker
CoTaskMemFree

oleaut32

LoadTypeLi
VarBstrCmp
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VectorFromBstr
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
OleCreateFontIndirect
CreateErrorInfo
SetErrorInfo
VariantChangeType
SafeArrayPutElement
SafeArrayCreate
BstrFromVector
RegisterTypeLi
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
VarUI4FromStr
LoadRegTypeLi
VariantCopy
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
DispCallFunc
VarBstrCat
UnRegisterTypeLi

shlwapi

PathFileExistsW

ws2_32

WSACleanup
freeaddrinfo
WSAEnumNetworkEvents
WSACloseEvent
getaddrinfo
WSASetLastError
WSASocketW
closesocket
WSAStartup
WSACreateEvent
WSASetEvent
WSAEventSelect
WSAGetLastError
WSAConnect
WSAGetOverlappedResult
WSASend
WSARecv
WSAResetEvent

gdiplus

GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCloneImage
GdipDisposeImage

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW

sensapi

IsNetworkAlive

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllSendIdsRequestAbort
DllSendIdsRequestAlreadyInstalled
DllSendIdsRequestCancel
DllSendIdsRequestInstalledOnVista
DllSendIdsRequestOk
DllSendUninstallReport
DllUnregisterServer

Sections

.text
Size: 650KB - Virtual size: 649KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 41KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ac1b41bb1b61e03e150a68132c48ca1

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

pltfrm

iphlpapi

comctl32

ole32

oleaut32

shlwapi

ws2_32

gdiplus

shell32

sensapi

version

Exports

Exports

Sections

.text Size: 650KB - Virtual size: 649KB

.rdata Size: 226KB - Virtual size: 225KB

.data Size: 41KB - Virtual size: 55KB

.rsrc Size: 202KB - Virtual size: 201KB

.reloc Size: 70KB - Virtual size: 70KB

.text
Size: 650KB - Virtual size: 649KB

.rdata
Size: 226KB - Virtual size: 225KB

.data
Size: 41KB - Virtual size: 55KB

.rsrc
Size: 202KB - Virtual size: 201KB

.reloc
Size: 70KB - Virtual size: 70KB