dbec976bf9054f4658218fb738c24e97_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dbec976bf9054f4658218fb738c24e97_JaffaCakes118
Size

208KB
MD5

dbec976bf9054f4658218fb738c24e97
SHA1

7ab30f8736d2971381d07820a762d98687bdf1b2
SHA256

63bc64770d299d86488727250412952d6b23b8188dd165bcbec1efdda0ae7372
SHA512

4107c8d6559079729e1759a291b9e00360b67cb94f1d1c81c7eebb8f801b3ee298961df3d3f4c1a43ba04a02aa7392bdf100fe9cdf74a60ac350ec34f96baecd
SSDEEP

3072:GaFL7OLlWKgTBafA8s2Ix+Y0MeG5igVHPEpppIlJFYk9J1u8pZmtGRMzp42VHv6:G2nBiwx+Y0JGjPEdIlJJ9JXp4NVDS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbec976bf9054f4658218fb738c24e97_JaffaCakes118

Files

dbec976bf9054f4658218fb738c24e97_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8cdada68308aa35a75c3f852c3cd6848

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\110826_080235_build_FREEzeFrog_FREEzeFrog_2.0.21.0\source\source_sa\Bin\Release\Install.pdb

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptDeriveKey
CryptDestroyKey
CryptDecrypt
CryptHashData
RegCreateKeyExA
LookupAccountNameA
ConvertSidToStringSidA
CryptAcquireContextA

rpcrt4

UuidCreate

wininet

FindNextUrlCacheEntryA
FindCloseUrlCache
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry

kernel32

LocalFree
CreateDirectoryA
lstrcmpA
MultiByteToWideChar
DeleteFileA
GetTempFileNameA
GetTempPathA
GetModuleFileNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrlenA
CreateEventA
OpenEventA
SetEvent
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
CreateProcessA
WriteFile
SetFilePointer
CreateFileA
OutputDebugStringA
GetLocalTime
GetVersion
GetShortPathNameA
ReadFile
GetFileSize
GetWindowsDirectoryA
GetFileAttributesA
LocalAlloc
GetTickCount
GetCommandLineA
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
ResumeThread
CreateThread
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
OpenProcess
GetCurrentProcess
TerminateProcess
GetPrivateProfileStringA
LoadLibraryExA
SetLastError
GetComputerNameA
SetErrorMode
GetDriveTypeA
GetComputerNameExA
GetSystemDirectoryA
GetOEMCP
GetACP
GetThreadLocale
GetUserDefaultLangID
GetSystemDefaultLangID
DosDateTimeToFileTime
GetProcessHeap
HeapFree
HeapAlloc
WritePrivateProfileStringA
FlushFileBuffers
LoadLibraryW
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
LCMapStringW
WaitForSingleObject
IsProcessorFeaturePresent
GetModuleFileNameW
GetStdHandle
ExitProcess
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
DecodePointer
EncodePointer
Sleep
CloseHandle
GetVolumeInformationA
LoadLibraryA
GetProcAddress
FreeLibrary
FindFirstFileA
GetLastError
FindNextFileA
FindClose
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
SetStdHandle
WriteConsoleW
CreateFileW
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
RaiseException
InitializeCriticalSectionAndSpinCount

user32

SendMessageA
FindWindowA
ReleaseDC
wsprintfA
EnumWindows
GetClassNameA
PostMessageA
GetWindowTextA
IsWindowVisible
EnumChildWindows
RegisterWindowMessageA
SendMessageTimeoutA
FindWindowExA
GetDC

gdi32

GetDeviceCaps

shell32

SHGetFolderPathA

ole32

CLSIDFromString
CoInitialize
CLSIDFromProgID
CoCreateInstance

oleaut32

VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantInit
SysFreeString
SysAllocStringLen

shlwapi

PathIsDirectoryA
PathFileExistsA

Exports

Exports

AddHiJackThis
CheckToolbarEnabled
ClearPendingRebootFileOperations
CloseClient
ClosePartnerWindows
CreateCSID
CreateDir
CreateMachineID
DPIScale
DecryptString
Delete_IECookies
EncryptString
Get
GetBannerID
GetBridgeID
GetCVFValue
GetClientCSCID
GetClientInfo
GetClientUmt
GetConfigUrl
GetDid
GetEParamStatus
GetInstallerLoc
GetMessaging
GetPartnerId
GetRepairLoc
GetStringResource
GetTempExe
GetUninstallerLoc
InstallerStop
IsElevated
IsFFDefaultBrowser
IsNecessaryButNotSufficient
IsPaidHB
KeyExists
KillClient
LoadSettingsFromWeb
Log
LogDataStore
ParseCmdLine
PartnerIsRunning
RunAsAdmin
RunAsUser
SendHttpRequest
SendTrackedEvent
Set
SetBannerID
SetBridgeID
SetCVFValue
SetClientCSCID
SetClientUmt
SetConfigUrl
SetDid
SetInstallerLoc
SetLogPath
SetMessaging
SetPartnerId
SetRepairLoc
SetUninstallerLoc
ShowDialog
ShowToaster
ShowURLDialog
StartEvent
StopEvent
TurnOnToolbarInIE
VersionCompare

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8cdada68308aa35a75c3f852c3cd6848

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

rpcrt4

wininet

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 158KB - Virtual size: 158KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 13KB - Virtual size: 22KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 13KB - Virtual size: 22KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB