09374bb7e93bdfc84cf49e6ab2108a31_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

09374bb7e93bdfc84cf49e6ab2108a31_JaffaCakes118
Size

780KB
MD5

09374bb7e93bdfc84cf49e6ab2108a31
SHA1

c52142a3d1b1ff512de77b7be3bc8a231edf6ad3
SHA256

19bf4405c9953351e2e53827b5618d947f0aa551db4a9958056cfe4efe6da024
SHA512

842667ac5c7d972390f0e09142be965716920ffb35a6d5b5b679e53cc8e72a987a809f1df8587dcc83f016859a431c79016dc373accc50785c7def8f8c2e0fc3
SSDEEP

12288:lvzI7UehDIaQIEMkYT5x+QoUPNHKb3jixj8Zy53poi3ejQ5E:lvk7UeWaR+Qd+K4Zy53phN5E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09374bb7e93bdfc84cf49e6ab2108a31_JaffaCakes118

Files

09374bb7e93bdfc84cf49e6ab2108a31_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e3fb7f9fa8fa13748afbbbe8f8b1d77d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

x:\Projects\ProductwiseToolbar2\Sources\VS_Projects\FireFox\SmileyCore\SmileyCore\Release\bin\SmileyCoreXX.pdb

Imports

kernel32

TerminateThread
DeleteFileA
GetCurrentThreadId
GetModuleHandleW
Sleep
GlobalAlloc
GetLastError
GlobalSize
GlobalLock
GlobalUnlock
WideCharToMultiByte
OutputDebugStringW
DebugBreak
lstrlenA
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetThreadLocale
IsProcessorFeaturePresent
CreateEventW
InterlockedCompareExchange
CreatePipe
CreateProcessA
SetHandleInformation
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetEnvironmentVariableA
GetOverlappedResult
SetConsoleMode
GetThreadTimes
GetSystemTimeAdjustment
GetProcessTimes
GetWindowsDirectoryA
GlobalMemoryStatus
FindNextFileA
FindFirstFileA
CreateMutexA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
SetStdHandle
GetConsoleOutputCP
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
GetVersionExA
HeapFree
GetProcessHeap
LoadLibraryW
GetFileAttributesW
FreeLibrary
LoadLibraryA
CloseHandle
GetTempPathW
CreateDirectoryW
GetModuleHandleA
GetCurrentProcess
OutputDebugStringA
CreateProcessW
FormatMessageW
GetVersion
GetModuleFileNameW
GetSystemInfo
SetLastError
GetSystemTime
GetTickCount
GlobalFree
GetProcAddress
GetVersionExW
GetCurrentThread
FindClose
FindFirstFileW
FindNextFileW
CopyFileW
CreateEventA
GetSystemTimeAsFileTime
SetEvent
WaitForSingleObject
FlushInstructionCache
GetLocalTime
CreateThread
ReleaseMutex
CreateMutexW
HeapAlloc
CreateFileW
GetModuleFileNameA
OpenFile
RemoveDirectoryW
IsBadReadPtr
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteConsoleW
GetFileType
GetStdHandle
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetACP
GetOEMCP
IsValidCodePage
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
GetLocaleInfoW
WriteConsoleA
MultiByteToWideChar

user32

SystemParametersInfoW
MapWindowPoints
KillTimer
SetTimer
RegisterClipboardFormatW
UnregisterClassA
GetParent
GetSystemMetrics
PostMessageW
SetWindowLongW
IsWindow
GetWindowLongW
OpenClipboard
SetClipboardData
SetWindowTextW
GetWindow
GetClipboardOwner
GetCursorPos
GetForegroundWindow
GetCapture
GetQueueStatus
FindWindowA
SendMessageA
DestroyWindow
EndPaint
BeginPaint
GetDC
EmptyClipboard
EndDialog
GetDlgItem
CloseClipboard
GetClassNameW
CharNextW
wvsprintfW
EnableWindow
SetCursor
ScreenToClient
LoadImageW
SetWindowPos
GetWindowRect
GetActiveWindow
LoadStringW
EnumThreadWindows
GetFocus
SetForegroundWindow
SetFocus
GetClassInfoW
RegisterClassW
GetClientRect
CreateWindowExW
GetDesktopWindow
DefWindowProcW
EnumClipboardFormats
GetClipboardFormatNameW
GetClipboardData
FindWindowW
SendMessageW
DialogBoxParamW
LoadCursorW

gdi32

CreateCompatibleBitmap
SetMapMode
StretchBlt
GetMapMode
DeleteDC
BitBlt
CreateBitmap
SelectObject
GetObjectW
CreateCompatibleDC
DeleteEnhMetaFile
DeleteObject
CopyEnhMetaFileW
GetStockObject
TextOutW
SetTextColor
SetBkColor
CreateFontW
GetBkColor
GetTextColor
CreateSolidBrush
DPtoLP

advapi32

CryptGetKeyParam
GetTokenInformation
OpenProcessToken
RegEnumValueW
RegSetValueExW
RegQueryValueExW
CryptDecrypt
CryptReleaseContext
CryptDeriveKey
CryptEncrypt
CryptDestroyKey
CryptHashData
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyW
RegCloseKey
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

ShellExecuteW
SHGetFolderPathW

ole32

OleRun
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString
SysStringByteLen
VariantInit
VariantChangeType
VariantClear
GetErrorInfo
SysAllocStringByteLen

xpcom

NS_StringContainerFinish
NS_GetServiceManager
NS_StringContainerInit2
NS_StringContainerInit
NS_Free
NS_Alloc
NS_StringSetData
NS_StringGetData

nspr4

PR_AtomicIncrement
PR_AtomicDecrement

plc4

PL_strdup

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetAdaptersInfo

Exports

Exports

NSGetModule

Sections

.text
Size: 388KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.smiley
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.oex
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e3fb7f9fa8fa13748afbbbe8f8b1d77d

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

xpcom

nspr4

plc4

urlmon

version

iphlpapi

Exports

Exports

Sections

.text Size: 388KB - Virtual size: 384KB

.smiley Size: 44KB - Virtual size: 42KB

.rdata Size: 128KB - Virtual size: 124KB

.data Size: 12KB - Virtual size: 39KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 28KB - Virtual size: 25KB

.reloc Size: 44KB - Virtual size: 43KB

.oex Size: 48KB - Virtual size: 45KB

.text
Size: 388KB - Virtual size: 384KB

.smiley
Size: 44KB - Virtual size: 42KB

.rdata
Size: 128KB - Virtual size: 124KB

.data
Size: 12KB - Virtual size: 39KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 28KB - Virtual size: 25KB

.reloc
Size: 44KB - Virtual size: 43KB

.oex
Size: 48KB - Virtual size: 45KB