0b28ceee1e738c5ac645053e1bbdd4a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b28ceee1e738c5ac645053e1bbdd4a7_JaffaCakes118
Size

276KB
MD5

0b28ceee1e738c5ac645053e1bbdd4a7
SHA1

e3c08d79078ebb4c4111bf62b5aa2121406bfd24
SHA256

fc75d9fc7bf0a324fe223b4a06f44dc8b70a77989089f9c944325405e6ae5bb8
SHA512

5e027af9180e106b8a598b4e575de2664fe53f765bd823744d7dcd2f8f65b4f42b9daf005c1524ad1c13aa4d1758c2db5e462b918e73d0cce8e51d5777f50b9b
SSDEEP

6144:g8Ula9ml1MKE+9rFTVVjtSmhHLJgF2u1Y1977n7xTTC7C:l6ak+KXTfPdFgmzt3Ce

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b28ceee1e738c5ac645053e1bbdd4a7_JaffaCakes118

Files

0b28ceee1e738c5ac645053e1bbdd4a7_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

481ac8d19d5edb5ae1823d111cd83343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

advapi32

LookupPrivilegeValueW
UnregisterTraceGuids
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
CopySid
CreateProcessAsUserW
CreateRestrictedToken
CreateWellKnownSid
DuplicateToken
DuplicateTokenEx
EqualSid
GetFileSecurityW
GetLengthSid
GetSecurityInfo
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
InitializeSecurityDescriptor
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegDisablePredefinedCache
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegisterTraceGuidsW
RevertToSelf
SetEntriesInAclW
SetFileSecurityW
SetSecurityDescriptorDacl
SetThreadToken
SetTokenInformation
TraceEvent

msvcrt

exit
fclose
feof
ferror
fflush
fgetpos
fgets
floor
fmod
fopen
fputc
fputs
fputws
frexp
fscanf
fseek
ftell
fwprintf
fwrite
fwscanf
getc
getchar
getenv
gets
getwchar
gmtime
isalpha
iscntrl
isdigit
isgraph
isleadbyte
islower
isprint
isspace
iswalnum
iswalpha
iswascii
iswctype
iswgraph
iswlower
ctime
iswxdigit
labs
ldexp
ldiv
localeconv
localtime
log
longjmp
mblen
mbstowcs
mbtowc
memchr
memcmp
memcpy
memset
modf
perror
printf
putc
putchar
puts
putwc
qsort
rand
realloc
rewind
setbuf
setlocale
signal
sin
sprintf
sqrt
srand
sscanf
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncpy
strpbrk
strstr
strtod
strtok
strtol
strtoul
strxfrm
swprintf
tan
tanh
tmpfile
tmpnam
tolower
towlower
towupper
ungetc
vfprintf
vprintf
vsprintf
vswprintf
vwprintf
wcscat
wcschr
wcscmp
wcscoll
wcscpy
wcscspn
wcsftime
wcslen
wcsncmp
wcsncpy
wcsrchr
wcstod
wcstok
wcstol
wcstombs
wcsxfrm
wctomb
wscanf
cosh
clock
clearerr
ceil
calloc
bsearch
atol
atoi
atof
atexit
atan2
asin
acos
abort
_y1
_wutime
_wunlink
_wtoi64
_wtempnam
_wsystem
_wstat64
_wstat
_wsplitpath
_wspawnvpe
_wspawnve
_wspawnv
_wspawnlp
_wsopen
_wsetlocale
_wrmdir
_wrename
_wputenv
_wpopen
_wperror
_wmktemp
_wmkdir
_wmakepath
_winver
_winminor
_winmajor
_wgetdcwd
_wgetcwd
_wfopen
_wfindnexti64
_wfindnext64
_wfindnext
_wfindfirsti64
_wfindfirst
_wfdopen
_wexecvpe
_wexecvp
_wexecve
_wexecv
_wexeclp
_wexecle
_wctime64
_wcsset
_wcsnset
_wcsnicoll
_wcsicmp
_wcmdln
_wchmod
_wchdir
_wasctime
_vsnwprintf
_utime
_unlock
_unlink
_ungetch
_ultow
_ultoa
_ui64tow
_ui64toa
_tzset
_tzname
_toupper
_tolower
_timezone
_time64
_tempnam
_telli64
_tell
_sys_nerr
_sys_errlist
_strupr
_strtime
_strset
_strnset
_strnicmp
_strlwr
_strerror
_strdate
_strcmpi
_stat64
_stat
_spawnvp
_spawnlpe
_spawnle
_spawnl
_sopen
_snprintf
_sleep
_setsystime
_setmode
_setmaxstdio
_setjmp3
_setjmp
_seterrormode
_set_error_mode
_seh_longjmp_unwind
_scalb
_safe_fprem1
_safe_fprem
_safe_fdivr
_safe_fdiv
_rotl
_putw
_putch
_purecall
_popen
_pipe
_pgmptr
_pctype
_pclose
_outpw
_outpd
_outp
_osplatform
_open
_nextafter
_mktime64
_mktemp
_mkdir
_memicmp
_memccpy
_mbsupr
_mbstok
_mbsstr
_mbsspnp
_mbspbrk
_mbsnset
_mbsninc
_mbsnicoll
_mbsnicmp
_mbsnccnt
_mbsncat
_mbsnbicoll
_mbsnbcoll
_mbsnbcnt
_mbsnbcmp
_mbsnbcat
_mbslwr
_mbsicoll
_mbsicmp
_mbsdup
_mbsdec
_mbscspn
_mbscpy
_mbscmp
_mbscat
_mbctombb
_mbctolower
_mbctokata
_mbctohira
_mbclen
_mbcjmstojis
_mbcjistojms
_mbccpy
_mbcasemap
_mbbtype
_mbbtombc
_ltow
_lseeki64
_lsearch
_lrotr
_lrotl
_longjmpex
_logb
_locking
_lock
_localtime64
_loaddll
_lfind
_jn
_itoa
_isnan
_ismbstrail
_ismbslead
_ismbcupper
_ismbcsymbol
_ismbcspace
_ismbclower
_ismbcl2
_ismbcl1
_ismbcl0
_ismbckata
_ismbcgraph
_ismbcdigit
_ismbcalpha
_ismbcalnum
_ismbbtrail
_ismbbpunct
_ismbbprint
_ismbblead
_ismbbkprint
_ismbbkana
_ismbbkalnum
_ismbbgraph
_ismbbalpha
_ismbbalnum
_isctype
_isatty
_inpd
_inp
_initterm
_i64tow
_hypot
_heapwalk
_heapmin
_heapchk
_heapadd
_gmtime64
_global_unwind2
_getws
_getw
_getsystime
_getpid
_getmbcp
_getdrives
_getdrive
_getdiskfree
_getdcwd
_getcwd
_getche
_getch
_get_sbh_threshold
_get_osfhandle
_gcvt
_futime64
_futime
_fullpath
_ftol
_ftime64
_fstat64
_fsopen
_fputchar
_fpclass
_flushall
_flsbuf
_finite
_findnext64
_findfirst64
_findfirst
_findclose
_fileno
_filelengthi64
_filelength
_fileinfo
_filbuf
_fgetwchar
_fcvt
_fcloseall
_expand
_execvp
_execve
_execlp
_execl
_except_handler3
_except_handler2
_errno
_eof
_environ
_endthreadex
_endthread
_ecvt
_dup2
_dup
_daylight
_ctype
_ctime64
_creat
_cputs
_copysign
_controlfp
_close
_clearfp
_chmod
_chkesp
_chgsign
_chdrive
_chdir
_cexit
_callnewh
_cabs
_c_exit
_beginthreadex
_beep
_atoi64
_atodbl
_amsg_exit
_adjust_fdiv
_adj_fptan
_adj_fprem1
_adj_fpatan
_adj_fdivr_m64
_adj_fdivr_m32i
_adj_fdiv_m64
_adj_fdiv_m32i
_acmdln
_access
_abnormal_termination
__wgetmainargs
__wargv
__unguarded_readlc_active
__toascii
__threadhandle
__setlc_active
__pxcptinfoptrs
__pioinfo
__p__winver
__p__winminor
__p__winmajor
__p__wenviron
__p__wcmdln
__p__timezone
__p__pwctype
__p__pgmptr
__p__pctype
__p__osver
__p__iob
__p__fileinfo
__p__environ
__p__dstbias
__p__amblksiz
__p__acmdln
__p___winitenv
__p___mb_cur_max
__p___initenv
__p___argc
__mb_cur_max
__lc_handle
__lc_collate_cp
__lc_codepage
__iscsymf
__isascii
__initenv
__argv
__argc
__RTtypeid
__RTDynamicCast
__RTCastToVoid
__CxxFrameHandler
_XcptFilter
_Getmonths
_EH_prolog
_CxxThrowException
_CItanh
_CItan
_CIsinh
_CIsin
_CIpow
_CIlog10
_CIlog
_CIfmod
_CIexp
_CIcos
_CIatan
_CIacos
iswupper

odbc32

ord68
ord26
ord2
GetODBCSharedData

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

StrFormatByteSize64A
StrCpyNW
SHRegisterValidateTemplate
SHCopyKeyW
SHCopyKeyA
SHAutoComplete
ColorHLSToRGB
ord16
PathFileExistsW

opengl32

glTexCoord3fv
glEvalCoord2dv
glTexCoord4dv
glVertex4f
wglGetPixelFormat
glPixelTransferi
glNormal3fv
glLightModelf
glGetFloatv
glEvalCoord1dv
glEvalCoord1d
glCullFace
glFogfv
glColor3bv
glClearAccum
glBlendFunc
glAccum

kernel32

CreateFileMappingW
CreateFileW
CloseHandle
CreateEventW
CreateFileA
CreateIoCompletionPort
CreateJobObjectW
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateRemoteThread
CreateSemaphoreW
CreateThread
DebugBreak
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FindResourceW
FlushFileBuffers
FormatMessageA
FreeLibrary
GetACP
GetCPInfo
GetCommMask
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileType
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessTimes
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersionExW
GetWindowsDirectoryW
Heap32ListFirst
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByte
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LockFile
LockResource
MapViewOfFile
MultiByteToWideChar
OpenEventW
OpenProcess
PeekNamedPipe
PostQueuedCompletionStatus
QueryDosDeviceW
QueryPerformanceCounter
RaiseException
ReadFile
ReadProcessMemory
RegisterWaitForSingleObject
RegisterWaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
RtlUnwind
SearchPathW
SetCommState
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetFilePointer
SetHandleCount
SetHandleInformation
SetInformationJobObject
SetLastError
SetMessageWaitingIndicator
SetNamedPipeHandleState
SetStdHandle
SetUnhandledExceptionFilter
SignalObjectAndWait
SizeofResource
SuspendThread
SystemTimeToFileTime
TerminateJobObject
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransactNamedPipe
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWaitEx
VirtualAlloc
lstrlenW
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeW
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteProcessMemory
AssignProcessToJobObject

winspool.drv

AdvancedSetupDialog
CloseSpoolFileHandle
CommitSpoolData
ConvertAnsiDevModeToUnicodeDevmode
DevQueryPrint
DevQueryPrintEx
DeviceMode
PlayGdiScriptOnPrinterIC
QuerySpoolMode
ScheduleJob
SplDriverUnloadComplete
SpoolerPrinterEvent
PrinterProperties

user32

DefWindowProcW
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawTextW
EnableMenuItem
EnableScrollBar
EndDialog
EndPaint
ExitWindowsEx
FillRect
FlashWindow
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetClassInfoW
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardSequenceNumber
GetCursorInfo
GetCursorPos
GetDlgCtrlID
GetFocus
GetForegroundWindow
GetInputState
GetLastActivePopup
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemID
GetMenuState
GetMessagePos
GetMessageTime
GetMessageW
GetNextDlgGroupItem
GetNextDlgTabItem
GetParent
GetProcessWindowStation
GetPropW
GetQueueStatus
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetThreadDesktop
GetUserObjectInformationW
GetWindowContextHelpId
GetWindowLongW
DdeUnaccessData
GetWindowTextLengthW
GetWindowTextW
GrayStringW
ImpersonateDdeClientWindow
InSendMessage
InternalGetWindowText
IsClipboardFormatAvailable
IsIconic
IsRectEmpty
IsWindow
IsWindowVisible
LoadBitmapW
LoadCursorW
LoadStringW
LockSetForegroundWindow
MapDialogRect
MapWindowPoints
MessageBoxW
ModifyMenuW
OpenInputDesktop
PackDDElParam
PeekMessageA
PeekMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RegisterShellHookWindow
RegisterWindowMessageW
ReleaseDC
RemovePropW
ScreenToClient
SendDlgItemMessageA
SendDlgItemMessageW
SendMessageW
SetActiveWindow
SetCursor
SetDebugErrorLevel
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetProcessWindowStation
SetPropW
SetWindowLongW
SetWindowPos
SetWindowTextW
SetWindowsHookExW
SystemParametersInfoA
TabbedTextOutW
ToAsciiEx
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UnregisterClassW
UpdateWindow
ValidateRect
WaitForInputIdle
WaitMessage
WinHelpW
keybd_event
DdeClientTransaction
DdeAbandonTransaction
CreateWindowExW
CreateDialogIndirectParamW
CreateDesktopW
CreateCursor
CopyRect
CopyImage
CloseWindowStation
CloseDesktop
ClientToScreen
CheckMenuItem
CharUpperW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
GetWindowPlacement
CreateWindowStationW

ws2_32

WSAAsyncGetServByName
WSAAsyncSelect
WSACancelBlockingCall
WSACreateEvent
WSAEnumNetworkEvents
WSAGetOverlappedResult
WSAAsyncGetHostByAddr
WSAJoinLeaf
WSARecvFrom
WSARemoveServiceClass
WSAResetEvent
WSASetBlockingHook
WSASetLastError
WSCInstallNameSpace
WSCUnInstallNameSpace
WSCWriteProviderOrder
__WSAFDIsSet
accept
gethostbyname
gethostname
htonl
ntohl
ntohs
recv
sendto
shutdown
WSAGetQOSByName

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 195KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

481ac8d19d5edb5ae1823d111cd83343

Headers

File Characteristics

Imports

winmm

advapi32

msvcrt

odbc32

version

shlwapi

opengl32

kernel32

winspool.drv

user32

ws2_32

Exports

Exports

Sections

.text Size: 195KB - Virtual size: 196KB

.rdata Size: 29KB - Virtual size: 31KB

.data Size: 22KB - Virtual size: 259KB

.idata Size: 20KB - Virtual size: 23KB

.rsrc Size: 9KB - Virtual size: 11KB

.text
Size: 195KB - Virtual size: 196KB

.rdata
Size: 29KB - Virtual size: 31KB

.data
Size: 22KB - Virtual size: 259KB

.idata
Size: 20KB - Virtual size: 23KB

.rsrc
Size: 9KB - Virtual size: 11KB