098a158e82b74e1ad606e671b2e69e0a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

098a158e82b74e1ad606e671b2e69e0a_JaffaCakes118
Size

300KB
MD5

098a158e82b74e1ad606e671b2e69e0a
SHA1

966108ed0857b584fb5788d894a660e3ea5d5a0d
SHA256

e9d50b841fc4c7b9d4bac20b91d3b8d2e8cb1860d1ad5b642132985e9a277110
SHA512

1591f66b288b48548b7c8217bc7f1800cb6a0ae4a87d90aabebadfd78c515f6c2ada7ddbabf27627607d466ae456172577b774cc4eb8b42ebdc89977092cff08
SSDEEP

6144:N7Hvloxt3oK0VcCtewD/jY1rJMMi0pQyzqmyV3+7EV7LIYy:9HvlU2K0kwnY1rJMMi0pQyzzyp+QLIT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
098a158e82b74e1ad606e671b2e69e0a_JaffaCakes118

Files

098a158e82b74e1ad606e671b2e69e0a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a1e367ad9c8522d67ffeb2789d74780b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Work\Rst\Projects\SiG\Thunder\LastBuild\WndLayer.pdb

Imports

kernel32

EnterCriticalSection
HeapAlloc
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
ExitProcess
CreateThread
GetCommandLineA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
LoadLibraryExA
lstrcmpiA
lstrcpynA
LeaveCriticalSection
lstrcatA
lstrcpyA
SetThreadPriority
SetPriorityClass
GetProcAddress
GetPriorityClass
GetThreadPriority
GetCurrentThread
GetLocalTime
MulDiv
lstrcmpA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
LocalFree
GetProcessHeap
HeapFree
GlobalAlloc
GlobalLock
GlobalUnlock
CreateEventA
GetModuleFileNameA
GetLastError
GetCurrentProcessId
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
SetEvent
Sleep
OpenEventA
WaitForSingleObject
ResetEvent
CloseHandle
RaiseException
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
lstrlenW
lstrlenA
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
IsDBCSLeadByte

user32

EnableWindow
SendMessageA
DispatchMessageA
TranslateMessage
GetKeyState
GetMessageA
PeekMessageA
ShowWindow
GetSystemMetrics
ReleaseCapture
GetCursorPos
SetFocus
DestroyIcon
DispatchMessageW
GetMessageW
IsWindowUnicode
MsgWaitForMultipleObjects
CreateWindowExA
GetWindowRect
UnregisterClassA
MoveWindow
DrawTextA
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
UnionRect
PtInRect
LoadIconA
wsprintfA
CallWindowProcA
GetDlgItem
InvalidateRgn
InvalidateRect
SetCapture
CreateAcceleratorTableA
GetDC
ReleaseDC
GetDesktopWindow
CharNextA
GetClassNameA
RedrawWindow
GetClientRect
BeginPaint
FillRect
EndPaint
IsChild
GetFocus
GetWindow
GetSysColor
DestroyAcceleratorTable
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
DefWindowProcA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
IsWindow
GetParent
SetWindowPos
SetWindowLongA
GetWindowLongA
DestroyWindow

gdi32

GetStockObject
TextOutA
SetTextAlign
Rectangle
DeleteMetaFile
CloseMetaFile
RestoreDC
SetWindowExtEx
SetWindowOrgEx
GetObjectA
CreateMetaFileA
SetViewportOrgEx
SetMapMode
LPtoDP
CreateDCA
SetTextColor
SetBkMode
GetPixel
CreatePolygonRgn
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
SaveDC
CreateRectRgnIndirect
DeleteDC

advapi32

RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CLSIDFromString
StringFromGUID2
CoCreateInstance
OleUninitialize
CreateStreamOnHGlobal
OleInitialize
CoGetClassObject
CLSIDFromProgID
CoTaskMemAlloc
OleLockRunning
CoInitialize
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CreateDataAdviseHolder
CoTaskMemFree
CoTaskMemRealloc
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
WriteClassStm

oleaut32

UnRegisterTypeLi
RegisterTypeLi
OleCreatePropertyFrame
VarUI4FromStr
VariantChangeType
OleCreateFontIndirect
DispCallFunc
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
SysAllocString
SysAllocStringLen
VarBstrCat
SysAllocStringByteLen
SysStringLen
SysFreeString
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysStringByteLen

shlwapi

PathFindExtensionA

msvcp71

?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Nomemory@std@@YAXXZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@AAD@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?clear@ios_base@std@@QAEXH_N@Z
?_Id_cnt@id@locale@std@@0HA
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?width@ios_base@std@@QBEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IABV12@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
?swap@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXAAV12@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?to_int_type@?$char_traits@G@std@@SAGABG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?eof@?$char_traits@G@std@@SAGXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?to_char_type@?$char_traits@G@std@@SAGABG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?to_int_type@?$char_traits@D@std@@SAHABD@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@D@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ

msvcr71

__security_error_handler
__CppXcptFilter
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_callnewh
wcslen
memset
memmove
fopen
vsprintf
fclose
fgetpos
fseek
fgetc
fsetpos
wcsncpy
realloc
_purecall
_resetstkoflw
malloc
sprintf
wcscmp
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??_V@YAXPAX@Z
free
_except_handler3
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
??3@YAXPAX@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1e367ad9c8522d67ffeb2789d74780b

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 207KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 16KB - Virtual size: 14KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 208KB - Virtual size: 207KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 12KB - Virtual size: 11KB