b66daef8e6519bfe56a564fd5a1bc05b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b66daef8e6519bfe56a564fd5a1bc05b_JaffaCakes118
Size

192KB
MD5

b66daef8e6519bfe56a564fd5a1bc05b
SHA1

4d78bba4e7ec2f5408d88d4e6155fe073a04284c
SHA256

0780f3f7d14975647265529f1b15c3645bfc38ac8d1010382e781937fc2c95c0
SHA512

3cfa1b81d01e48e62e82e38f57efada6e3ed6ac6b9534ba19a9ae9fdc39ee5b8a1a9672f2a570397cf68b3d011429bd46d02deb86b218b2c3bff05fa9820c941
SSDEEP

3072:VsrBuYC/WLSBijiVM88v4p73B51tE6GLT7StrWkL:VsFWW7iVM5IOQWk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b66daef8e6519bfe56a564fd5a1bc05b_JaffaCakes118

Files

b66daef8e6519bfe56a564fd5a1bc05b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

4d8a646103cc7d6dfd48905e5bf528ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

h:\2008-08-27\New프로젝트\윈도우즈팩\WindowsPack1.0.0.1\WindowsPack\Release\WindowsPack.pdb

Imports

kernel32

LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
DisableThreadLibraryCalls
SetThreadLocale
GetThreadLocale
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
SetLastError
GetStringTypeExW
GetCurrentProcess
FlushInstructionCache
lstrcmpiW
FindResourceExW
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetSystemTimeAsFileTime
lstrlenW
HeapCreate
GetCommandLineA
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange

user32

RedrawWindow
UnregisterClassA
SetWindowLongW
GetWindowLongW
SendMessageW
GetClassInfoExW
LoadCursorW
CharNextW
DestroyWindow
IsWindow
ShowWindow
wvsprintfW
RegisterWindowMessageW
GetWindowTextLengthW
SetWindowTextW
GetWindowTextW
CreateAcceleratorTableW
DestroyAcceleratorTable
SetFocus
GetDesktopWindow
GetWindow
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
BeginPaint
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetSysColor
CreateWindowExW
RegisterClassExW
DefWindowProcW
GetFocus

gdi32

GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
GetStockObject

advapi32

RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromCLSID
StringFromGUID2
OleLockRunning
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
CoGetClassObject
OleUninitialize
OleInitialize

oleaut32

VarUI4FromStr
SysStringByteLen
VariantInit
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
DispCallFunc
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
SysAllocStringLen
VariantClear
SysStringLen
SysFreeString

wininet

InternetCrackUrlW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d8a646103cc7d6dfd48905e5bf528ed

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 126KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 128KB - Virtual size: 126KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 11KB