c1b258abe35c1a41eb1d404c69fc7894_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c1b258abe35c1a41eb1d404c69fc7894_JaffaCakes118
Size

648KB
MD5

c1b258abe35c1a41eb1d404c69fc7894
SHA1

95d07a0306089859d35738d9561604b4df62f1b4
SHA256

7ae5b3a59bf30bcc34ab377cf232036d1b4eb74b1405003aef25db1d4f60ff41
SHA512

0c9323acd9f3a1549e8d557e01050c46ed0c5ad0b3afbcfbe57a641d98c2525a6f23494946ecd0577a10f27bbc5547786bd6519b1c45d7251871099cff372356
SSDEEP

12288:qvewLxjpfT54YwMkw4DIkNf46KCU3covhrH5ZlpCej7u+tBe6p:GenYM084NCEvhrZZmePuwgC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1b258abe35c1a41eb1d404c69fc7894_JaffaCakes118

Files

c1b258abe35c1a41eb1d404c69fc7894_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

dfd7df7656d531a9cf3466bca35ccc9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pltfrm

??0XUrlFormat@@QAE@XZ
?GetServer@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetPath@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetParams@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetCid@InstlrUtl@@YA?AVCComBSTR@ATL@@XZ
?SetGuru@XUrlFormat@@QAEXPAUIGuru@@@Z
?GetFrmtdDateTime@PlatformUtils@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@_J@Z
?ExtractParam@InstlrUtl@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@V23@0_N@Z
?getUsrAgnt@UsrAgnt@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@_N@Z
?GetUsrInf@InstlrUtl@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@ABV23@PAUIGuru@@@Z
?GetIeUserAgent@UsrAgnt@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@_N@Z
??1XUrlFormat@@UAE@XZ
?LoadDecriptFile@PlatformUtils@@YAJAAVCComBSTR@ATL@@ABV23@_N@Z
?SetUrl@XUrlFormat@@QAEXPAG@Z

iphlpapi

GetAdaptersInfo

xpcom

NS_StringContainerInit2
NS_StringContainerInit
NS_StringGetData
NS_StringContainerFinish

mozalloc

moz_free
moz_calloc
moz_malloc
moz_xmalloc

kernel32

GetModuleHandleW
lstrcmpiW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
LockResource
FindResourceExW
WideCharToMultiByte
lstrlenA
HeapAlloc
GetProcessHeap
FormatMessageW
CloseHandle
CreateFileW
GetCurrentThreadId
ReadFile
GetTickCount
InterlockedExchange
OutputDebugStringW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SetLastError
GetCurrentProcess
FlushInstructionCache
MulDiv
lstrcmpW
LoadLibraryW
CreateMutexW
WaitForSingleObject
ReleaseMutex
CreateEventW
SetEvent
ResetEvent
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCurrentProcessId
lstrcpynW
WaitForMultipleObjects
Sleep
SetFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetFileTime
GetVersionExW
DeleteFileW
ResumeThread
SetThreadPriority
TerminateThread
GetProcAddress
SetEndOfFile
SetFilePointer
FlushFileBuffers
WriteFile
lstrcpyW
DeleteCriticalSection
ReleaseSemaphore
CreateSemaphoreW
SetUnhandledExceptionFilter
VirtualQuery
IsBadWritePtr
GetCurrentThread
HeapFree
HeapReAlloc
GetVolumeInformationW
LCMapStringA
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
GetFileAttributesW
GetCommandLineA
GetSystemInfo
VirtualProtect
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapDestroy
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateThread
GetLastError
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetTimeZoneInformation
GetDateFormatA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GetConsoleCP
GetConsoleMode
GetTimeFormatA
GlobalHandle

user32

SetTimer
PostMessageW
UpdateWindow
SetDlgItemTextW
UnregisterClassA
EnumWindows
GetWindowThreadProcessId
CharNextW
CharLowerBuffW
KillTimer
PostThreadMessageW
PeekMessageW
EnumChildWindows
DispatchMessageW
GetMessageW
SetWindowContextHelpId
SendDlgItemMessageW
MapDialogRect
LoadStringW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
BeginPaint
EndPaint
GetTopWindow
GetFocus
SetFocus
GetWindow
GetDlgItem
TranslateMessage
FindWindowExW
SetWindowLongW
GetWindowLongW
MoveWindow
BringWindowToTop
ShowWindow
IsWindowVisible
AnimateWindow
CallWindowProcW
DefWindowProcW
GetDesktopWindow
IsWindow
DestroyWindow
GetClassNameW
OffsetRect
GetWindowRect
SendMessageW
SetRect
GetSystemMetrics
GetClientRect
SetWindowTextW
SetWindowPos
RegisterClassExW
GetClassInfoExW
LoadCursorW
DestroyAcceleratorTable
ReleaseDC
GetDC
InvalidateRect
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
CreateWindowExW
RedrawWindow
ReplyMessage
CreateDialogIndirectParamW
FindWindowW
IsChild
GetSysColor

gdi32

SelectObject
DeleteDC
CreateCompatibleDC
SetDIBColorTable
GetObjectW
CreateDIBSection
GetDeviceCaps
GetStockObject
BitBlt
CreateSolidBrush
CreateFontIndirectW
DeleteObject
CreateCompatibleBitmap

advapi32

RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl

shell32

FindExecutableW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
GetRunningObjectTable
StringFromCLSID
CreateItemMoniker
CoInitialize
CreateStreamOnHGlobal
OleUninitialize
OleLockRunning
CoGetClassObject
OleInitialize
ProgIDFromCLSID
CoCreateGuid
CoUninitialize
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarBstrCat
VariantChangeType
SysAllocStringLen
VarBstrCmp
LoadRegTypeLi
DispCallFunc
OleCreateFontIndirect
SetErrorInfo
CreateErrorInfo
SysStringLen

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipGetImageGraphicsContext
GdipCloneImage
GdipDrawImageI

ws2_32

getaddrinfo
WSACleanup
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAConnect
WSAGetOverlappedResult
WSASend
WSAResetEvent
WSARecv
WSAEventSelect
WSASetEvent
WSACreateEvent
WSAStartup
closesocket
WSASocketW
WSASetLastError
freeaddrinfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllSendIdsRequestAbort
DllSendIdsRequestAlreadyInstalled
DllSendIdsRequestCancel
DllSendIdsRequestInstalledOnVista
DllSendIdsRequestOk
DllSendUninstallReport
DllUnregisterServer

Sections

.text
Size: 425KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfd7df7656d531a9cf3466bca35ccc9e

Headers

File Characteristics

Imports

pltfrm

iphlpapi

xpcom

mozalloc

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

ws2_32

Exports

Exports

Sections

.text Size: 425KB - Virtual size: 425KB

.rdata Size: 138KB - Virtual size: 137KB

.data Size: 27KB - Virtual size: 37KB

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 425KB - Virtual size: 425KB

.rdata
Size: 138KB - Virtual size: 137KB

.data
Size: 27KB - Virtual size: 37KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 43KB - Virtual size: 43KB