c84f2e51c3b3a06f966736ad3c63b86d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c84f2e51c3b3a06f966736ad3c63b86d_JaffaCakes118
Size

432KB
MD5

c84f2e51c3b3a06f966736ad3c63b86d
SHA1

9631468949438641f8da2c675dcc428efc37780d
SHA256

ba0249732432fe95b77ce2ab552e3e078f112a05ffffe8c6e3ec48a62e8ca05f
SHA512

9898ee29657e8b74b294e00f2a2141f832e14da8f7068289563dcf41f34b7f383ce645d3e00c409fbaeef9402e358a1f7bac874c45872cd3b0263167c1b38c5b
SSDEEP

6144:YKXT6fCt7HmKalIb2BHRGLFr77lembuj3FTuJVquFkWPWr:YKj6fCt7HmKal02Bx0Fr7smsTuJVNC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c84f2e51c3b3a06f966736ad3c63b86d_JaffaCakes118

Files

c84f2e51c3b3a06f966736ad3c63b86d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8d699fdf9e2835f0987bd08815cd375e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\rbui\My Documents\Visual Studio Projects\InternetUtil\Release\InternetUtil.pdb

Imports

ws2_32

inet_ntoa
WSAStartup
gethostbyname
setsockopt
WSASocketA
inet_addr

rasapi32

RasEnumConnectionsA
RasGetConnectStatusA

tapi32

lineInitialize
lineNegotiateAPIVersion
lineGetDevCaps
lineOpen
lineGetNewCalls
lineShutdown
lineGetCallInfo

kernel32

DuplicateHandle
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
CreateFileA
CreateEventA
SetThreadPriority
ResumeThread
SuspendThread
EnumResourceLanguagesA
ConvertDefaultLocale
GlobalDeleteAtom
GetCurrentThread
GlobalAddAtomA
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GetFileTime
lstrcmpW
CloseHandle
GlobalGetAtomNameA
WritePrivateProfileStringA
GlobalFlags
GetCPInfo
GetOEMCP
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
HeapReAlloc
HeapSize
GetCommandLineA
ExitThread
CreateThread
TerminateProcess
SetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToLocalFileTime
FileTimeToSystemTime
SetLastError
GlobalFree
CreateDirectoryA
GetTickCount
GetCurrentProcessId
LocalAlloc
LocalSize
lstrcmpA
LocalFree
LoadLibraryA
GetProcAddress
lstrcatA
GetExitCodeThread
GlobalAlloc
GlobalLock
GlobalUnlock
WaitForSingleObject
Sleep
MoveFileA
DeleteFileA
GetFileAttributesA
FormatMessageA
lstrcpyA
GetCurrentThreadId
CompareStringW
CompareStringA
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
ResetEvent
SetEvent
MulDiv
GetVersion
LockResource
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
EnterCriticalSection
GetModuleFileNameA
LeaveCriticalSection
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GlobalFindAtomA

user32

GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
GetDlgCtrlID
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
GetWindow
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowTextA
UnhookWindowsHookEx
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
MessageBoxA
GetLastActivePopup
IsWindowEnabled
EnableWindow
PostQuitMessage
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
SendMessageA
PeekMessageA
GetCursorPos
GetSystemMetrics
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
BeginPaint
GetClientRect
EndPaint
GetParent
GetFocus
IsChild
SetFocus
ShowWindow
GetKeyState
InvalidateRect
CallWindowProcA
GetWindowLongA
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
UnionRect
PtInRect
SetRect
GetSysColor
GetSysColorBrush
IsWindow
CreateWindowExA
RegisterClassExA
DestroyMenu
SetWindowTextA
DefWindowProcA
LoadStringA
UnregisterClassA
DestroyWindow
LoadBitmapA
GetDC
ReleaseDC
LoadCursorA
wsprintfA
GetClassInfoExA
CharUpperA
PostMessageA
SetWindowLongA
CharNextA
RegisterWindowMessageA
SetCursor
WinHelpA
ValidateRect

gdi32

SetMapMode
GetMapMode
CreateCompatibleBitmap
CreateBitmap
DPtoLP
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
BitBlt
SetBkColor
DeleteDC
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
CreatePen
SelectObject
Rectangle
GetStockObject
DeleteObject
GetDeviceCaps
GetClipBox
SetTextColor
CreateCompatibleDC
GetObjectA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumKeyExA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegQueryValueExA
RegDeleteKeyA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

comctl32

ord17

shlwapi

PathFileExistsA
PathFindExtensionA
UrlUnescapeA
PathStripToRootA
PathFindFileNameA
PathIsUNCA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
ProgIDFromCLSID
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
OleRegGetMiscStatus
CreateDataAdviseHolder
OleLoadFromStream
WriteClassStm
OleSaveToStream
CoUninitialize
CoInitializeEx
StringFromGUID2

oleaut32

SysAllocString
RegisterTypeLi
UnRegisterTypeLi
OleCreatePropertyFrame
CreateErrorInfo
SetErrorInfo
SysAllocStringLen
VariantChangeType
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysStringLen
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
VariantCopy
VariantClear
SysFreeString

wininet

InternetQueryOptionA
InternetOpenUrlA
FtpOpenFileA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetQueryDataAvailable
HttpAddRequestHeadersA
HttpSendRequestA
InternetReadFile
InternetOpenA
InternetSetOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetGetConnectedState
HttpOpenRequestA
InternetConnectA
InternetGetLastResponseInfoA
HttpQueryInfoA
InternetCloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d699fdf9e2835f0987bd08815cd375e

Headers

File Characteristics

PDB Paths

Imports

ws2_32

rasapi32

tapi32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 228KB - Virtual size: 226KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 112KB - Virtual size: 110KB

.reloc Size: 28KB - Virtual size: 25KB

.text
Size: 228KB - Virtual size: 226KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 112KB - Virtual size: 110KB

.reloc
Size: 28KB - Virtual size: 25KB