0c8f9cb2806a2896a6f18876320e0c37_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0c8f9cb2806a2896a6f18876320e0c37_JaffaCakes118
Size

1.5MB
MD5

0c8f9cb2806a2896a6f18876320e0c37
SHA1

e0d88b442fa55d6ea20566b044db6e9bc812cc91
SHA256

67f91399e6f0ec50c2a7b346123aacaa38f93deee863dcf5216365db4f3d4c48
SHA512

534e0c67726aa6c04b636d45067eecfc054c5725936a9351c5917814bf816917bbae2ef086d60a863ad5d69b16bc403f26c3714187aa91be1e60ec36deb7674d
SSDEEP

24576:b22cPkxhwKszym+lnd9FCehYgp9wIfQaIgk8+kzSroyKcDv9YE0OHzYSqLS86zvL:gQwRl4Qa+k1y/DvLvgSBzvQMn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c8f9cb2806a2896a6f18876320e0c37_JaffaCakes118

Files

0c8f9cb2806a2896a6f18876320e0c37_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

17dcf84d91c0d1c37b7b7469920c4c53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Ss\Dvlp\DVLP - Release\Release\tbedrs.pdb

Imports

comctl32

_TrackMouseEvent
ImageList_ReplaceIcon
CreatePropertySheetPageW
PropertySheetW
CreateToolbarEx
InitCommonControlsEx
ImageList_Create

wininet

DeleteUrlCacheEntryW
InternetCloseHandle
InternetSetOptionA
InternetSetCookieW
HttpQueryInfoA
FindFirstUrlCacheEntryA
HttpQueryInfoW
InternetOpenUrlW
InternetSetOptionW
GetUrlCacheEntryInfoW
CreateUrlCacheEntryW
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindCloseUrlCache
InternetReadFile
InternetOpenW
InternetCanonicalizeUrlA
HttpSendRequestA
InternetQueryOptionA
InternetGetConnectedState
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetCrackUrlA
InternetSetOptionExA
InternetOpenA
InternetGetLastResponseInfoA
InternetConnectA
HttpOpenRequestA
CommitUrlCacheEntryW
InternetCanonicalizeUrlW

shlwapi

PathFileExistsW
PathAppendW

wsock32

setsockopt
WSAGetLastError
socket
WSASetLastError
WSACleanup
htons
ioctlsocket
send
recv
select
gethostbyname
WSAStartup
connect
closesocket

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msimg32

GradientFill

urlmon

URLDownloadToFileW

crypt32

CryptQueryObject
CryptUnprotectData
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringA
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptProtectData
CryptMsgClose

winmm

PlaySoundW
sndPlaySoundW
timeGetTime
PlaySoundA

kernel32

ResumeThread
ExitThread
HeapAlloc
HeapFree
LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
CloseHandle
ReleaseMutex
GetLastError
CreateMutexW
lstrlenW
GetModuleFileNameW
lstrcpyW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
LoadLibraryA
GetLocalTime
GetCurrentThreadId
lstrcpyA
WriteFile
CreateFileW
FindClose
FindFirstFileW
CopyFileW
HeapReAlloc
SetLastError
GetVersion
lstrcmpiA
lstrcmpiW
CompareStringA
CompareStringW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
FindNextFileW
TerminateThread
GetExitCodeThread
CreateThread
GlobalAlloc
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
ReadFile
GetFileSize
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
GetModuleHandleW
CreateProcessW
ExpandEnvironmentStringsW
Sleep
GetTickCount
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
GetFileAttributesW
SystemTimeToFileTime
GetSystemTime
GetTimeFormatW
GetDateFormatW
Beep
CreateDirectoryW
GetLocaleInfoW
InterlockedDecrement
ExitProcess
RtlUnwind
SetEnvironmentVariableA
SetEndOfFile
GetTimeZoneInformation
SetConsoleCtrlHandler
CreateFileA
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetSystemTimeAsFileTime
VirtualProtect
GetDateFormatA
GetTimeFormatA
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
TlsAlloc
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
QueryPerformanceCounter
GetCurrentProcessId
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
IsBadWritePtr
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapSize
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetCPInfo
SetFilePointer
DeleteFileW

user32

GetMonitorInfoA
MonitorFromRect
GetUpdateRect
EndPaint
BeginPaint
GetCursorPos
IsWindowVisible
SetCapture
GetCapture
GetMessageA
TranslateMessage
SetActiveWindow
ReleaseCapture
EnableMenuItem
DeleteMenu
EndMenu
GetMenuItemInfoW
SetMenuItemInfoW
InsertMenuItemW
GetMenuItemCount
LoadImageA
SetWindowPos
SetWindowRgn
LoadBitmapA
SetClassLongA
CreatePopupMenu
GetMonitorInfoW
TrackPopupMenu
CheckMenuItem
GetMenuState
GetMenuItemID
SetMenuInfo
GetMenuInfo
IsMenu
DestroyMenu
GetScrollInfo
MessageBoxA
PostThreadMessageA
MsgWaitForMultipleObjects
LoadImageW
GetDesktopWindow
LoadStringW
DrawFrameControl
FrameRect
GetDlgItemTextA
CreateWindowExA
RegisterClassExA
GetWindowRgn
CharLowerW
CharLowerA
DispatchMessageA
PeekMessageA
DrawIconEx
IsDlgButtonChecked
GetDlgItemTextW
MessageBoxW
CheckDlgButton
GetDlgCtrlID
GetWindowTextW
DefWindowProcW
SendMessageW
GetWindowTextLengthW
CreateDialogParamW
DialogBoxParamW
SetForegroundWindow
EnableWindow
EndDialog
SetLayeredWindowAttributes
GetMenuItemInfoA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetClassInfoW
RegisterClassW
CreateWindowExW
GetSystemMetrics
ShowWindow
CallWindowProcW
IsWindowUnicode
GetClassNameW
GetFocus
IsChild
SetFocus
SetWindowLongA
CopyRect
RegisterWindowMessageW
GetDC
ReleaseDC
GetIconInfo
DestroyIcon
DrawTextW
GetWindowRect
ScreenToClient
GetAsyncKeyState
PostMessageA
GetWindow
UpdateWindow
GetClassInfoExW
DefWindowProcA
RegisterClassExW
LoadStringA
UnregisterClassA
wsprintfW
DestroyWindow
KillTimer
LoadCursorA
SetCursor
MoveWindow
SetTimer
FillRect
PtInRect
CharUpperW
GetSysColor
CharUpperA
SetDlgItemTextW
SetWindowTextA
SetWindowTextW
GetClientRect
CallWindowProcA
InvalidateRect
GetDlgItem
SendMessageA
GetWindowLongA
IsWindow
SetWindowLongW
GetWindowLongW
GetParent
ClientToScreen
SystemParametersInfoW

gdi32

GetPixel
CreateRectRgn
RoundRect
PlgBlt
SetTextAlign
ExcludeClipRect
PtInRegion
CreateDIBSection
GetStretchBltMode
SetStretchBltMode
StretchBlt
GetDeviceCaps
CreateCompatibleBitmap
BitBlt
Polygon
SetPixel
GetObjectA
GetTextAlign
GetTextExtentPoint32W
GetLayout
CreateFontIndirectW
CreateSolidBrush
Rectangle
TextOutW
CreateCompatibleDC
DeleteDC
CreatePen
MoveToEx
LineTo
DeleteObject
SelectObject
SetTextColor
GdiFlush
SetBkColor
GetWindowOrgEx
SetWindowOrgEx
SetBkMode
CombineRgn
GetStockObject

comdlg32

GetOpenFileNameW

advapi32

RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
CryptReleaseContext
CryptAcquireContextA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCreateKeyW
RegEnumKeyW
RegOpenKeyW
RegDeleteValueW
RegEnumKeyExW
RegCloseKey

shell32

SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteW

ole32

IIDFromString
CLSIDFromString
CoInitialize
CoUninitialize
CoGetMalloc
StringFromIID
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SysFreeString
CreateErrorInfo
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantInit
SysAllocStringLen
VariantCopy
SafeArrayCreateVector
OleLoadPicture
VarBstrCmp
GetErrorInfo
VariantChangeType
SetErrorInfo
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllOnUninstall
DllOpenUninstallPage
DllRegisterServer
DllShowTB
DllShowToolbar
DllShowToolbarWithIE
DllUnregisterServer

Sections

.text
Size: 924KB - Virtual size: 921KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 272KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17dcf84d91c0d1c37b7b7469920c4c53

Headers

File Characteristics

PDB Paths

Imports

comctl32

wininet

shlwapi

wsock32

version

msimg32

urlmon

crypt32

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 924KB - Virtual size: 921KB

.rdata Size: 272KB - Virtual size: 270KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 240KB - Virtual size: 238KB

.reloc Size: 68KB - Virtual size: 64KB

.text
Size: 924KB - Virtual size: 921KB

.rdata
Size: 272KB - Virtual size: 270KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 240KB - Virtual size: 238KB

.reloc
Size: 68KB - Virtual size: 64KB