b6c9e900b08cd9fa0c3ef1ebe50d56f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b6c9e900b08cd9fa0c3ef1ebe50d56f1_JaffaCakes118
Size

244KB
MD5

b6c9e900b08cd9fa0c3ef1ebe50d56f1
SHA1

785f653fb79c92e57563fa9f0726c7f5e95a8e79
SHA256

91486cfdf7764f9eed6d4d266b76b600ac4e8153ac29abdfefc73eae11de0faf
SHA512

2648a4b0ee2649770aefcc07db73364bc78d5530684abe5508e4c9154deb718604d35517ed504e0d5f929da771d5f8e164a405466cfa0ebf5ecf4f662b391001
SSDEEP

3072:4k2I+0IPItMhmTEZ68IV/G7gmMP1UVeQlrWWzJ4CDBZi0NGhMAKhLrBgrzzBGzt6:HWIDCwuv1/FHNGNUBEKiL54Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6c9e900b08cd9fa0c3ef1ebe50d56f1_JaffaCakes118

Files

b6c9e900b08cd9fa0c3ef1ebe50d56f1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0b02845298a1818a48b9e3af948bc1c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

q:\Work\Personal\HitBot\BestClick\source\Release DLL\BestClick.pdb

Imports

kernel32

TerminateThread
FindClose
WaitNamedPipeA
RequestDeviceWakeup
GetThreadPriority
InitAtomTable
RemoveDirectoryA
BeginUpdateResourceA
LockResource
FindResourceExA
CopyFileA
LocalAlloc
SetHandleInformation
GetBinaryTypeA
OpenThread
GetTempFileNameA
GetTempPathA
GetMailslotInfo
LockFile
DuplicateHandle
FindFirstChangeNotificationA
LocalCompact
CreateIoCompletionPort
WritePrivateProfileStringA
SetMailslotInfo
AddAtomA
FindNextChangeNotification
TerminateProcess
SetEvent
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
QueryPerformanceCounter
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCommandLineA
ExitThread
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
SetFilePointer
GetProcessPriorityBoost
GetThreadPriorityBoost
MoveFileExA
GlobalHandle
GetHandleInformation
OutputDebugStringA
WriteProfileStringA
GetTickCount
EraseTape
GetProcAddress
ReadProcessMemory
WriteProcessMemory
GetWindowsDirectoryA
GetFileType
WaitForSingleObjectEx
GetPriorityClass
CreateEventA
SetCommMask
SetFileAttributesA
EndUpdateResourceW
SetVolumeLabelA
PrepareTape
CreateMutexA
ReleaseMutex
SetThreadAffinityMask
UnlockFile
SetStdHandle
EndUpdateResourceA
DisconnectNamedPipe
SetEndOfFile
CreateWaitableTimerA
SetWaitableTimer
WritePrivateProfileSectionA
TlsGetValue
GlobalFindAtomA
OpenProcess
GetExitCodeProcess
DefineDosDeviceA
WriteFile
CancelDeviceWakeupRequest
PulseEvent
PurgeComm
GetSystemDirectoryA
WriteTapemark
CreateTapePartition
IsProcessorFeaturePresent
GetFileAttributesA
GetStdHandle
ClearCommBreak
GetNamedPipeHandleStateA
WinExec
SetThreadPriorityBoost
ContinueDebugEvent
SetPriorityClass
ResetEvent
ResumeThread
GetProcessVersion
CreateFileA
GetFileSize
SetFileValidData
SetCommBreak
ReadFile
FindAtomA
IsBadStringPtrA
EscapeCommFunction
SetThreadPriority
FlushFileBuffers
SetMessageWaitingIndicator
SuspendThread
GetSystemTime
GetDriveTypeA
OpenSemaphoreA
SystemTimeToFileTime
GlobalAddAtomA
Sleep
OpenFileMappingA
GetEnvironmentVariableA
SetTapePosition
GetTapeStatus
DisableThreadLibraryCalls
ReleaseSemaphore
QueryDosDeviceA
MoveFileA
CancelIo
WriteProfileSectionA
GlobalCompact
GetCommMask
ExitProcess
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
lstrcmpA
FlushInstructionCache
HeapAlloc
MulDiv
GetLastError
lstrlenW
GlobalLock
GlobalUnlock
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
CreateThread
GetCommModemStatus
CloseHandle
WaitForSingleObject
SetEnvironmentVariableA
LoadLibraryExA
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetCurrentProcessId
GetCurrentProcess
GetCurrentThread
LoadLibraryA
GlobalAlloc
DeleteFileA

user32

GetCaretPos
GetSysColorBrush
GetGuiResources
EnumDesktopWindows
GetSystemMetrics
IsWindowVisible
GetWindowThreadProcessId
EnumChildWindows
SetRect
SetForegroundWindow
GetWindowRect
LoadKeyboardLayoutA
ClientToScreen
PostMessageA
SetWindowLongA
GetWindowLongA
UnregisterClassA
GetThreadDesktop
EnumClipboardFormats
DefWindowProcA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
RegisterClassExA
GetClassInfoExA
RegisterWindowMessageA
GetSysColor
ReleaseCapture
CharLowerBuffA
GetKeyboardType
PaintDesktop
IsClipboardFormatAvailable
FindWindowExA
GetClipboardData
GetCursorPos
GetKeyboardLayout
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
PeekMessageA
MessageBoxIndirectA
MessageBoxIndirectW
LoadCursorFromFileA
RegisterClipboardFormatA
CopyImage
WaitForInputIdle
GetAsyncKeyState
GetQueueStatus
MessageBoxA
LoadCursorA
SetCapture
FillRect
GetClientRect
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
GetDesktopWindow
CallWindowProcA
GetKeyState
EndPaint
BeginPaint
SetFocus
GetWindow
IsChild
GetFocus
DestroyAcceleratorTable
SendMessageA
IsWindow
GetDlgItem
RedrawWindow
DestroyWindow
SetWindowPos
GetClassNameA
GetParent
CharNextA
CreateAcceleratorTableA
CreateWindowExA
wsprintfA
SetThreadDesktop
OpenDesktopA
WindowFromDC
FindWindowA
CreateDesktopA

gdi32

StretchBlt
CloseEnhMetaFile
GetPixel
FlattenPath
CreateRectRgn
SetSystemPaletteUse
FillPath
SetTextCharacterExtra
ColorMatchToTarget
GetROP2
GetCurrentObject
LineTo
DrawEscape
RestoreDC
CloseFigure
GetPolyFillMode
GetMetaFileA
Chord
StrokeAndFillPath
GetSystemPaletteUse
SetICMProfileA
Pie
GetFontLanguageInfo
BeginPath
ExcludeClipRect
EndDoc
GdiGetBatchLimit
RealizePalette
CancelDC
SetGraphicsMode
SetROP2
GdiSetBatchLimit
GetBkColor
GetTextAlign
CloseMetaFile
StartPage
GetMapMode
SetMapperFlags
GetTextCharset
CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
AbortPath
EndPath
RoundRect
CreateScalableFontResourceA
IntersectClipRect
PathToRegion
CreateMetaFileA
ExtEscape
AbortDoc
TextOutA
Ellipse
GetTextColor
WidenPath
ArcTo
CreateHalftonePalette
SetICMMode
Arc
CreateEllipticRgn
GetColorSpace
SetBkMode
SetTextAlign
PatBlt
RemoveFontResourceA
SetArcDirection
SetMetaRgn
CreateFontA
SelectClipPath
UpdateColors
CreateRoundRectRgn
StrokePath
GetGraphicsMode
EndPage
GetEnhMetaFileA
GetTextFaceA
UpdateICMRegKeyA
PtVisible
SetLayout
GetBkMode
SetPolyFillMode
GetPixelFormat
Rectangle
CreateDiscardableBitmap
SaveDC
GetStretchBltMode
GetICMProfileA
GetArcDirection
SwapBuffers
SetMapMode
AddFontResourceA
GdiFlush
SetPixel
CreateDIBSection
GetTextCharacterExtra
GetLayout

advapi32

ImpersonateLoggedOnUser
ImpersonateAnonymousToken
RegReplaceKeyA
RegQueryValueA
AreAnyAccessesGranted
RegOverridePredefKey
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
AreAllAccessesGranted
ImpersonateNamedPipeClient
RegOpenKeyA
RegRestoreKeyA
ClearEventLogA
IsTokenRestricted
OpenThreadToken
DecryptFileA
RegSetValueA
Wow64Win32ApiEntry
CloseEventLog
RegEnumKeyA
RegNotifyChangeKeyValue
LogonUserA
IsTokenUntrusted
RegLoadKeyA
BackupEventLogA
NotifyChangeEventLog
GetNumberOfEventLogRecords
EncryptFileA
RegQueryValueExA

ole32

CoCreateGuid
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
OleCreateFontIndirect
VariantClear
VariantInit
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringByteLen
DispCallFunc
SafeArrayUnlock
SafeArrayLock
VarBstrCmp
SafeArrayDestroy
SafeArrayCreate
VariantCopyInd
SafeArrayRedim

shlwapi

PathFindExtensionW
PathFindExtensionA

gdiplus

GdipCloneImage
GdipFree
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipAlloc

winmm

waveOutOpen

wininet

FindCloseUrlCache
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

ws2_32

send
recv
connect
WSAStartup
WSACleanup
htons
gethostbyname
socket
select
ioctlsocket
closesocket

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b02845298a1818a48b9e3af948bc1c5

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

gdiplus

winmm

wininet

ws2_32

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 8KB - Virtual size: 12KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 8KB - Virtual size: 12KB

.reloc
Size: 20KB - Virtual size: 19KB