17980084c0e54bc84365897f9ea912f7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

17980084c0e54bc84365897f9ea912f7_JaffaCakes118
Size

200KB
MD5

17980084c0e54bc84365897f9ea912f7
SHA1

a340597ed2023b6669d6f2046267c602393eede6
SHA256

6a67bffc6d5d9ff7e062136ecd8a890dfd501e10f0c321a12949e5c8841c2f97
SHA512

840c4f0196ef3d86c39f8c043f87d74f3b969cca29af532c6694da500f903a567657897b37f5aba55efb8ab80976acbd5096625f5d5042c28a229df68c7bcade
SSDEEP

3072:WHo9IAi/4iLoUCRUckAbTC0shNZtndkf7FZGYK6v2JpUQK:WHF8t1BTC0sDU2u278

Score

1^/10

Malware Config

Signatures

Files

17980084c0e54bc84365897f9ea912f7_JaffaCakes118
.dll windows:5 windows x86 arch:x86

85f844170e51836d9a9cb80a8013c64c

Code Sign

1f:70:e3:05:ae:c4:c7:4c:be:ba:24:28:e5:11:6a:2d
Certificate

Issuer

CN=0D9IT1upUGvSWX6

Not Before

02-04-2012 17:46

Not After

31-12-2039 23:59

Subject

CN=0D9IT1upUGvSWX6

Extended Key Usages

ExtKeyUsageCodeSigning

d2:2e:65:5b:38:7a:39:96:7c:fc:25:d6:7a:15:9c:e8:ad:cc:d2:69
Signer

Actual PE Digest

d2:2e:65:5b:38:7a:39:96:7c:fc:25:d6:7a:15:9c:e8:ad:cc:d2:69

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
lstrcatA
CreateFileA
GetWindowsDirectoryA
VirtualAlloc

user32

RegisterClassExA

comdlg32

ReplaceTextW
ReplaceTextA
PrintDlgW
PrintDlgExW
PrintDlgExA
PrintDlgA
PageSetupDlgW
PageSetupDlgA
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA
GetFileTitleW
GetFileTitleA
FindTextW
FindTextA
CommDlgExtendedError
ChooseFontW
ChooseFontA
ChooseColorW
ChooseColorA

advapi32

RegOpenKeyW

ole32

WriteOleStg
WriteClassStg
WdtpInterfacePointer_UserUnmarshal
WdtpInterfacePointer_UserSize
WdtpInterfacePointer_UserMarshal
UtGetDvtd16Info
StringFromGUID2
StgOpenStorage
StgCreateDocfileOnILockBytes
StgConvertVariantToProperty
StgConvertPropertyToVariant
SetConvertStg
SNB_UserUnmarshal
SNB_UserSize
SNB_UserMarshal
SNB_UserFree
RevokeDragDrop
ReadStringStream
ReadFmtUserTypeStg
ReadClassStm
PropVariantCopy
PropVariantClear
OleTranslateAccelerator
OleSetClipboard
OleSaveToStream
OleRun
OleRegGetUserType
OleRegGetMiscStatus
OleRegEnumVerbs
OleNoteObjectVisible
OleLoad
OleIsRunning
OleInitializeWOW
OleGetIconOfClass
OleGetAutoConvert
OleDoAutoConvert
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFileEx
OleCreateFromFile
OleCreateFromDataEx
OleCreateEx
OleCreateEmbeddingHelper
OleCreateDefaultHandler
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAMEx
OleConvertIStorageToOLESTREAM
MonikerCommonPrefixWith
HWND_UserSize
HWND_UserMarshal
HMETAFILE_UserUnmarshal
HMETAFILE_UserMarshal
HMETAFILE_UserFree
HMETAFILEPICT_UserUnmarshal
HMETAFILEPICT_UserSize
HICON_UserSize
HICON_UserMarshal
HENHMETAFILE_UserMarshal
HENHMETAFILE_UserFree
HDC_UserUnmarshal
HDC_UserMarshal
HBRUSH_UserMarshal
HBITMAP_UserUnmarshal
HBITMAP_UserSize
GetHGlobalFromStream
GetHGlobalFromILockBytes
GetDocumentBitStg
GetConvertStg
GetClassFile
EnableHookObject
DllDebugObjectRPCHook
DcomChannelSetHResult
CreateStdProgressIndicator
CreateFileMoniker
CreateBindCtx
CreateAntiMoniker
CoWaitForMultipleHandles
CoUnmarshalHresult
CoUnloadingWOW
CoUninitialize
CoTestCancel
CoTaskMemAlloc
CoSuspendClassObjects
CoSetProxyBlanket
CoSetCancelObject
CoRevokeMallocSpy
CoRevokeClassObject
CoRevertToSelf
CoReleaseServerProcess
CoRegisterPSClsid
CoRegisterMessageFilter
CoRegisterClassObject
CoRegisterChannelHook
CoReactivateObject
CoQueryReleaseObject
CoQueryProxyBlanket
CoQueryClientBlanket
CoQueryAuthenticationServices
CoMarshalHresult
CoLockObjectExternal
CoLoadLibrary
CoIsOle1Class
CoIsHandlerConnected
CoGetObjectContext
CoGetMarshalSizeMax
CoGetMalloc
CoGetInterfaceAndReleaseStream
CoGetCurrentProcess
CoGetCurrentLogicalThreadId
CoGetCancelObject
CoGetApartmentID
CoFreeAllLibraries
CoFileTimeToDosDateTime
CoEnableCallCancellation
CoDosDateTimeToFileTime
CoDisconnectObject
CoCreateInstanceEx
CoCreateInstance
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoCancelCall
CoBuildVersion
CLSIDFromProgIDEx
CLIPFORMAT_UserUnmarshal
CLIPFORMAT_UserSize
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserFree
BindMoniker
HACCEL_UserUnmarshal
HMENU_UserFree
HMETAFILEPICT_UserFree

oleaut32

VarDecFromI2
VectorFromBstr
VariantInit
VariantCopyInd
VariantClear
VariantChangeTypeEx
VarXor
VarUI4FromUI2
VarUI4FromStr
VarUI4FromR8
VarUI4FromI4
VarUI4FromI2
VarUI4FromI1
VarUI4FromDisp
VarUI4FromDec
VarUI2FromUI4
VarUI2FromUI1
VarUI2FromR4
VarUI2FromI2
VarUI2FromI1
VarUI1FromR8
VarUI1FromR4
VarUI1FromI4
VarUI1FromI1
VarUI1FromDisp
VarUI1FromDate
VarUI1FromBool
VarTokenizeFormatString
VarSu
VarRound
VarR8Round
VarR8Pow
VarR8FromUI2
VarR8FromI1
VarR8FromDisp
VarR8FromDec
VarR8FromDate
VarR8FromCy
VarR4FromUI4
VarR4FromUI1
VarR4FromStr
VarR4FromR8
VarR4FromI4
VarR4FromI1
VarR4FromDisp
VarR4FromDate
VarR4FromBool
VarPow
VarParseNumFromStr
VarNot
VarNeg
VarMul
VarMod
VarInt
VarImp
VarI4FromUI2
BSTR_UserFree
BSTR_UserSize
BSTR_UserUnmarshal
BstrFromVector
CreateDispTypeInfo
CreateStdDispatch
DispCallFunc
DosDateTimeToVariantTime
GetActiveObject
GetAltMonthNames
GetErrorInfo
GetRecordInfoFromGuids
LHashValOfNameSys
LPSAFEARRAY_Size
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserUnmarshal
LoadRegTypeLi
LoadTypeLibEx
OACreateTypeLib2
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleLoadPictureEx
OleLoadPictureFile
OleLoadPicturePath
OleTranslateColor
RegisterActiveObject
RegisterTypeLi
SafeArrayAllocDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCopy
SafeArrayCopyData
SafeArrayCreate
SafeArrayCreateEx
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayDestroyDescriptor
SafeArrayGetDim
SafeArrayGetElement
SafeArrayGetIID
SafeArrayPtrOfIndex
SafeArrayRedim
SafeArraySetIID
SafeArrayUnaccessData
SafeArrayUnlock
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringByteLen
SysStringLen
SystemTimeToVariantTime
VARIANT_UserMarshal
VARIANT_UserSize
VarI4FromUI1
VarAnd
VarBoolFromCy
VarBoolFromDec
VarBoolFromDisp
VarBoolFromI2
VarBoolFromR4
VarBoolFromR8
VarBoolFromStr
VarBoolFromUI4
VarBstrCmp
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarBstrFromDisp
VarBstrFromI1
VarBstrFromI2
VarBstrFromI4
VarBstrFromR4
VarBstrFromUI1
VarBstrFromUI2
VarCat
VarCmp
VarCyAdd
VarCyCmp
VarCyCmpR8
VarCyFromDate
VarCyFromDisp
VarCyFromI1
VarCyFromI2
VarCyFromI4
VarCyFromR4
VarCyFromR8
VarCyFromStr
VarCyFromUI2
VarCyMul
VarCyNeg
VarCyRound
VarCySu
VarDateFromCy
VarDateFromDec
VarDateFromI2
VarDateFromI4
VarDateFromR4
VarDateFromR8
VarDateFromStr
VarDateFromUI1
VarDateFromUI2
VarDecAdd
VarDecCmpR8
VarDecFix
VarDecFromDate
VarDecFromDisp
VARIANT_UserUnmarshal
VarDecFromI4
VarDecFromR4
VarDecFromStr
VarDecInt
VarDecMul
VarDiv
VarEqv
VarFormatCurrency
VarFormatDateTime
VarFormatNumber
VarFormatPercent
VarI1FromDate
VarI1FromDec
VarI1FromDisp
VarI1FromI4
VarI1FromR4
VarI1FromR8
VarI1FromStr
VarI1FromUI4
VarI2FromBool
VarI2FromDec
VarI2FromDisp
VarI2FromI1
VarI2FromI4
VarI2FromR8
VarI2FromUI1
VarI2FromUI2
VarI2FromUI4
VarI4FromCy
VarI4FromDate
VarI4FromDisp
VarI4FromI2
VarI4FromR4
VarI4FromR8
VarI4FromStr

comctl32

CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
ord6
CreateStatusWindowW
_TrackMouseEvent
UninitializeFlatSB
ord7
CreateToolbarEx
ord16
DestroyPropertySheetPage
ord15
DrawStatusText
ord5
CreatePropertySheetPage
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollProp
FlatSB_GetScrollRange
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollRange
FlatSB_ShowScrollBar
ord4
GetMUILanguage
ImageList_Add
ImageList_AddIcon
ImageList_AddMasked
ImageList_BeginDrag
DrawStatusTextW
ord3
PropertySheetW
PropertySheetA
PropertySheet
ord2
ord13
ord14
InitializeFlatSB
InitMUILanguage
InitCommonControlsEx
ord17
ImageList_Write
ImageList_SetOverlayImage
ImageList_SetImageCount
ImageList_SetIconSize
ImageList_SetFilter
ImageList_SetDragCursorImage
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Replace
ImageList_Remove
ImageList_Read
ImageList_Merge
ImageList_LoadImageW
ImageList_LoadImageA
ImageList_LoadImage
ImageList_GetImageRect
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_GetIcon
ImageList_GetDragImage
ImageList_GetBkColor
ImageList_EndDrag
ImageList_Duplicate
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_Draw
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_Copy
ord8

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85f844170e51836d9a9cb80a8013c64c

Code Sign

1f:70:e3:05:ae:c4:c7:4c:be:ba:24:28:e5:11:6a:2dCertificate

Extended Key Usages

d2:2e:65:5b:38:7a:39:96:7c:fc:25:d6:7a:15:9c:e8:ad:cc:d2:69Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

ole32

oleaut32

comctl32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 183KB - Virtual size: 182KB

.data2 Size: 1024B - Virtual size: 1000B

.reloc Size: 4KB - Virtual size: 3KB

1f:70:e3:05:ae:c4:c7:4c:be:ba:24:28:e5:11:6a:2d
Certificate

d2:2e:65:5b:38:7a:39:96:7c:fc:25:d6:7a:15:9c:e8:ad:cc:d2:69
Signer

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 183KB - Virtual size: 182KB

.data2
Size: 1024B - Virtual size: 1000B

.reloc
Size: 4KB - Virtual size: 3KB