ba2b388382ae7818f4e8ea32445252ef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ba2b388382ae7818f4e8ea32445252ef_JaffaCakes118
Size

376KB
MD5

ba2b388382ae7818f4e8ea32445252ef
SHA1

94fa2b39f4d1c7d1be0249a1f2aa5bf46536b332
SHA256

59cd27c43bad35ed978748047d91f99b0aa0b8a9e5ba3655d599ca6eaab59fe1
SHA512

86d43044429058841b4fe8c512386fff9753f69f5f966eb8917423aefbc4fe22e1ad82207b3944bfb9dd93e5cd810b13de7d8bf782de561f3592e7e0e775b5fb
SSDEEP

6144:WH9dX7kVA3yRoxC1cB9rgWNj6uW3M/kREkjR7Av6Ghk4hbg0cofd4sV:odWzoKE9UWNj6uWokQvjeb0n5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba2b388382ae7818f4e8ea32445252ef_JaffaCakes118

Files

ba2b388382ae7818f4e8ea32445252ef_JaffaCakes118
.dll windows:4 windows x86 arch:x86

21e39333535bc777eeae85af5a1ed6ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\BUILD_~1\jdk6_20\control\build\WINDOW~1\tmp\deploy\plugin\regutils\obj\regutils.pdb

Imports

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegQueryInfoKeyA
StartServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
ControlService
QueryServiceStatusEx
RegEnumKeyExA
RegEnumKeyA
CreateProcessAsUserA
OpenProcessToken
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegUnLoadKeyA
RegLoadKeyA
GetUserNameA

wininet

HttpQueryInfoA
InternetErrorDlg
InternetCrackUrlA
HttpOpenRequestA
InternetConnectA
InternetTimeToSystemTime
InternetCloseHandle
HttpSendRequestA
InternetReadFile
InternetOpenA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shell32

SHGetFolderPathA
ShellExecuteExA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

kernel32

CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
SetStdHandle
FlushFileBuffers
QueryPerformanceCounter
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
GetLocalTime
CreateFileA
lstrcatA
lstrcpyA
GetTempPathA
lstrcmpiA
lstrcmpA
FindClose
FindFirstFileA
GetFullPathNameA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetFileAttributesA
SizeofResource
LockResource
LoadResource
FindResourceA
GetLastError
lstrlenA
SetEndOfFile
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetWindowsDirectoryA
GetShortPathNameA
MoveFileExA
Sleep
GetTickCount
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
DeleteFileA
FindNextFileA
CopyFileA
GetTempFileNameA
lstrcpynA
GetCurrentProcess
GetEnvironmentVariableA
IsDBCSLeadByte
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
lstrcpyW
GetSystemDirectoryA
GetLongPathNameA
GetProcAddress
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryA
RemoveDirectoryA
TerminateProcess
GetSystemInfo
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
ExpandEnvironmentStringsA
SetEvent
OpenEventA
WriteFile
LocalFree
SystemTimeToTzSpecificLocalTime
CompareFileTime
SystemTimeToFileTime
GetCurrentProcessId
SetFileAttributesA
HeapFree
HeapAlloc
VirtualFree
VirtualAlloc
LocalAlloc
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
ReadFile
GetCPInfo
GetOEMCP
SetCurrentDirectoryA
GetCurrentDirectoryA
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
IsBadWritePtr
HeapCreate
HeapDestroy
ExitProcess
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapReAlloc
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
VirtualQuery
RtlUnwind
VirtualProtect
SetEnvironmentVariableA

user32

PostMessageA
wsprintfA
CharNextA
GetDesktopWindow
EnumWindows
GetWindowThreadProcessId
wsprintfW

ole32

CLSIDFromString
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
StringFromCLSID
CoUninitialize

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
VariantClear
VariantInit
VarUI4FromStr

shlwapi

PathFileExistsA

Exports

Exports

InstallJQS
KillFirefox
KillIExplore
MSIDuplicateUnzippedFiles
MSIInstallJDK
MSIInstallJRE
MSIRemovePackFiles
MSIReplaceIEDlls
MSIUninstallJQS
MSIUninstallJRE
MSIUninstallJUpdate
MSIUninstallSDK
MSIcharsets
MSIdeploy
MSIjavaws
MSIjaws
MSIjsse
MSIlocaledata
MSIrt
MSIunzipcore
PostJFXPing
PostKernelComp
PostKernelDLComp
RegJavaConsoleIExplorer
ShowSysTray
_Java_com_sun_deploy_panel_PlatformSpecificUtils_applyBrowserSettings@8
_Java_com_sun_deploy_panel_PlatformSpecificUtils_getHasAdminPrivileges@8
_Java_com_sun_deploy_panel_PlatformSpecificUtils_getJavaPluginSettings@8
_Java_com_sun_deploy_panel_PlatformSpecificUtils_getJqsSettings@8
_Java_com_sun_deploy_panel_PlatformSpecificUtils_getLongPathName@12
_Java_com_sun_deploy_panel_PlatformSpecificUtils_getPublicJdks@8
_Java_com_sun_deploy_panel_PlatformSpecificUtils_getPublicJres@8
_Java_com_sun_deploy_panel_PlatformSpecificUtils_init@8
_Java_com_sun_deploy_panel_PlatformSpecificUtils_initBrowserSettings@8
_Java_com_sun_deploy_panel_PlatformSpecificUtils_onLoad@12
_Java_com_sun_deploy_panel_PlatformSpecificUtils_onSave@12
_Java_com_sun_deploy_panel_PlatformSpecificUtils_setJavaPluginSettings@12
_Java_com_sun_deploy_panel_PlatformSpecificUtils_setJqsSettings@12
_Java_com_sun_deploy_panel_PlatformSpecificUtils_showURL@12
_Java_com_sun_deploy_util_UpdateCheck_handleUserResponse@12
_Java_com_sun_deploy_util_UpdateCheck_shouldPromptForAutoCheck@8

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

21e39333535bc777eeae85af5a1ed6ed

Headers

File Characteristics

PDB Paths

Imports

advapi32

wininet

version

shell32

kernel32

user32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 68KB - Virtual size: 65KB

.reloc Size: 12KB - Virtual size: 10KB

.text Size: 112KB - Virtual size: 112KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 68KB - Virtual size: 65KB

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 112KB - Virtual size: 112KB