df27d6d536a3ac281a5ee3fe4be746d5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df27d6d536a3ac281a5ee3fe4be746d5_JaffaCakes118
Size

240KB
MD5

df27d6d536a3ac281a5ee3fe4be746d5
SHA1

8ec261d56f60f01452f2d2276e39f4e8e400ab52
SHA256

7a7ebb0361b6208b57fab22141820888b340243428776548a6b07410bfd05dc3
SHA512

be85df455b78e040818768b060dec881d06e600424e8fc246ad0b2e2a0570adb088dfc6f4d2bb5da0b0192f6bb1216c4818b47d667481385cf687e503753f1a1
SSDEEP

6144:UDFBbG4WWdKOGxsBFTqOTp1Kdl8lK+bOzT92Ud:UDFhG4WzHxgTqgpf5dUd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df27d6d536a3ac281a5ee3fe4be746d5_JaffaCakes118

Files

df27d6d536a3ac281a5ee3fe4be746d5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

433d029ace20111530be7796f061d576

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\_VSS\Products\WinLine\WinAntiSpyware\PAS_Free\_Release\UserAgent.pdb

Imports

shlwapi

PathRemoveFileSpecA
PathAppendA

wininet

InternetGetCookieA
FindNextUrlCacheEntryExA
FindCloseUrlCache
FindFirstUrlCacheEntryExA

kernel32

GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiA
lstrlenW
lstrlenA
InterlockedIncrement
InterlockedDecrement
GetStringTypeExA
GetModuleHandleA
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
InterlockedExchange
LoadResource
FindResourceA
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
LockResource
FindResourceExA
CloseHandle
CreateFileA
ReadFile
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetSystemTimeAsFileTime
WriteFile
CompareFileTime
InterlockedCompareExchange
SetEndOfFile
GetLocaleInfoW
SetStdHandle
GetOEMCP
LocalFree
UnhandledExceptionFilter
FlushFileBuffers
SetFilePointer
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesA
SizeofResource
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryA
GetEnvironmentStrings
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
Sleep
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetCurrentThreadId
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
IsBadWritePtr
GetProcAddress
TerminateProcess
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetUnhandledExceptionFilter
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle

user32

LoadStringA
CharNextA

advapi32

RegCloseKey
RegEnumValueA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

shell32

SHGetFolderPathA

ole32

CoTaskMemFree
CoTaskMemRealloc
OleRun
CoCreateInstance
CoTaskMemAlloc

oleaut32

VarUI4FromStr

Exports

Exports

?$S5@?1??I@UserAgentManager@@SAPAV2@XZ@4IA
??0UserAgentManager@@AAE@XZ
??4UserAgentManager@@QAEAAV0@ABV0@@Z
?FindAbbrInList@UserAgentManager@@AAEHAAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?I@UserAgentManager@@SAPAV1@XZ
?ModifyEntry@UserAgentManager@@AAE_NPBD0@Z
?RemoveFree@UserAgentManager@@QAE_NXZ
?RemovePaid@UserAgentManager@@QAE_NXZ
?SetPurchased@UserAgentManager@@QAE_NXZ
?SetUnpurchased@UserAgentManager@@QAE_NXZ
?UpdateFreeVersion@UserAgentManager@@QAE_NXZ
?UpdatePaidVersion@UserAgentManager@@QAE_NXZ
?uam@?1??I@UserAgentManager@@SAPAV2@XZ@4V2@A

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

433d029ace20111530be7796f061d576

Headers

File Characteristics

PDB Paths

Imports

shlwapi

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 176KB - Virtual size: 172KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 948B

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 176KB - Virtual size: 172KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 948B

.reloc
Size: 16KB - Virtual size: 13KB