164088941192deb5f3318cd9a7b3a179_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

164088941192deb5f3318cd9a7b3a179_JaffaCakes118
Size

208KB
MD5

164088941192deb5f3318cd9a7b3a179
SHA1

8e52837b48ebd159199f9f32eaba42b84f6c6b25
SHA256

88dc9fd5f7e71f0589640bca3cf790a78219829b741c0718474794d2898e5d93
SHA512

c496ef94ebbe269ac67af54c1a18b57f62cf10f6fbfefb62a0f4a37c66041f8b033f3a706c3635e6182162f28b9bcb30e4e4ae1c6bdf03889f8311876dfc225e
SSDEEP

3072:EWddpdOkvNOibRGl4uLWQE1R2SZ7YoUaa/KcWcFpijrEVQBXT2/vPe0:EwXv4iUw2mkWcegUXCv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
164088941192deb5f3318cd9a7b3a179_JaffaCakes118

Files

164088941192deb5f3318cd9a7b3a179_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7b5a433e663461e10a0887fc706d0d3d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\GMT_업무\06_상단바\01_Enumerate_gt_상단바\07_winwin01_(goenjoy_topsearch)\02_백신수정_20121016\enumerate_gt_goenjoy\enumerate_gt_goenjoy\Release\enumerate_gt.pdb

Imports

wininet

InternetCloseHandle
InternetQueryDataAvailable
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
DeleteUrlCacheEntry
InternetReadFile

kernel32

InterlockedIncrement
InterlockedDecrement
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
SetThreadLocale
GetThreadLocale
GetVersionExA
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
GetCurrentThreadId
SetLastError
LockResource
DebugBreak
OutputDebugStringA
lstrcmpA
MulDiv
GlobalUnlock
GlobalLock
GetLocalTime
Sleep
CloseHandle
CreateProcessA
GlobalFree
GlobalHandle
GetProcAddress
LoadLibraryW
InterlockedExchange
GetACP
GetLocaleInfoA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsDBCSLeadByte
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
WideCharToMultiByte
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStdHandle
WriteFile
ExitProcess
HeapCreate
HeapDestroy
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualProtect
GetModuleFileNameA
lstrcmpiA
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
LoadLibraryA
GetEnvironmentStringsW
lstrlenW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringA
LCMapStringW
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetStartupInfoA

user32

RegisterClassExA
LoadCursorA
SetForegroundWindow
GetDesktopWindow
SetFocus
CreateAcceleratorTableA
FindWindowA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
RegisterWindowMessageA
CreateDialogIndirectParamA
BringWindowToTop
ShowWindow
SetTimer
KillTimer
GetForegroundWindow
UnregisterClassA
GetClassInfoExA
GetFocus
BeginPaint
EndPaint
CallWindowProcA
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
GetSysColor
SetWindowContextHelpId
GetWindow
SendDlgItemMessageA
SetWindowPos
CreateWindowExA
DestroyWindow
MapDialogRect
EndDialog
CharLowerA
FindWindowExA
DefWindowProcA
SetWindowsHookExA
GetCursorPos
CallNextHookEx
LoadStringA
SetRect
PtInRect
GetWindowRect
GetWindowLongA
SetWindowLongA
IsWindow
SendMessageA
UnhookWindowsHookEx
CharNextA
DestroyAcceleratorTable

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA

ole32

CoGetClassObject
OleLockRunning
CoCreateInstance
CLSIDFromProgID
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromString
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
StringFromCLSID
StringFromGUID2

oleaut32

OleCreateFontIndirect
VariantInit
SysStringByteLen
VariantChangeType
VariantClear
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
LoadRegTypeLi

gdi32

DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectA
GetStockObject
SelectObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b5a433e663461e10a0887fc706d0d3d

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

ole32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 133KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 136KB - Virtual size: 133KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 16KB - Virtual size: 13KB