fb5ce6719a9f55d7004f0e56e20bc5ad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb5ce6719a9f55d7004f0e56e20bc5ad_JaffaCakes118
Size

420KB
MD5

fb5ce6719a9f55d7004f0e56e20bc5ad
SHA1

1643eedb4cb56bf74b01c2f7391a20cb4877971b
SHA256

a5ee93e7ceeecfbaafb43a11769e717387cc84c1a016f6be06597d518db0d479
SHA512

a676746604fa9ee63f4fdcc40a2b680f1e20cd1a0b56073bde92b4c63c83bb792b33d4be9db5952e7ad45ba25ee59abb1448ef417d48a60db61100f46987a578
SSDEEP

3072:dDMIM6A+/xWkhK7UteaBIxeLgViaBiqbFtJgpSzs1mqZ+TUpyfQqZMMwtyD9l88g:dG+xqNemFTqUh74fbq2ayP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb5ce6719a9f55d7004f0e56e20bc5ad_JaffaCakes118

Files

fb5ce6719a9f55d7004f0e56e20bc5ad_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

6c6aac9bcc6ef86a1e2a88b7201c278f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\Miha\BHO\Browser.Help\Browser.Help\Release\rvrs.pdb

Imports

libcurl

curl_global_cleanup
curl_global_init
curl_easy_init
curl_easy_setopt
curl_formadd
curl_formfree
curl_easy_perform

kernel32

CreateTimerQueueTimer
DeleteTimerQueueTimer
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
InterlockedIncrement
Sleep
GetTickCount
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
CreateProcessA
CreateSemaphoreW
CloseHandle
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
EnterCriticalSection
LeaveCriticalSection
DeleteTimerQueue
OpenMutexW
GetACP
CreateMutexW
CreateTimerQueue
GetCurrentThreadId
SetThreadLocale
GetThreadLocale
LockResource
FindResourceExW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateFileW
lstrlenA
WriteFile
RaiseException
GetFileSize
CreateThread
GetCommandLineW
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
GetTempPathW
ExitProcess
TerminateThread
GetVersionExA
GetVolumeInformationW
SetErrorMode
GetFileTime
GetWindowsDirectoryW
GetExitCodeProcess
CreateProcessW
GetSystemDirectoryW
SetFileTime
WideCharToMultiByte
LocalFree
InterlockedExchange
GetLocaleInfoA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
lstrlenW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CreateFileA
ReadFile
GetStringTypeA
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
VirtualFree
GetCommandLineA
VirtualQuery
GetSystemInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetProcAddress
GetModuleHandleA

user32

GetActiveWindow
PostMessageW
ShowWindow
GetKeyboardState
GetMessageW
AllowSetForegroundWindow
GetForegroundWindow
SetWindowPos
PostThreadMessageW
CharNextW
FindWindowExW
UnregisterClassA

advapi32

RegOpenKeyExW
GetUserNameW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoInitialize
StringFromGUID2
OleRun
CLSIDFromProgID
CLSIDFromString
CoUninitialize

oleaut32

LoadTypeLi
SysAllocStringByteLen
GetErrorInfo
VariantChangeType
RegisterTypeLi
UnRegisterTypeLi
SysFreeString
LoadRegTypeLi
SysAllocString
VarUI4FromStr
VariantInit
VariantClear
SysStringLen
SysStringByteLen

shlwapi

UrlEscapeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 336KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c6aac9bcc6ef86a1e2a88b7201c278f

Headers

File Characteristics

PDB Paths

Imports

libcurl

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 336KB - Virtual size: 332KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 20KB - Virtual size: 17KB

.text
Size: 336KB - Virtual size: 332KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 20KB - Virtual size: 17KB