179c5c4b62d8939590a499bd4c9be1d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

179c5c4b62d8939590a499bd4c9be1d1_JaffaCakes118
Size

505KB
MD5

179c5c4b62d8939590a499bd4c9be1d1
SHA1

8128c5d0e78e63ce9e18ef8aadf6b5dd4bb4e26f
SHA256

f40c070789749fab7f1e1dbea6e20d5d45bb69de86993874514a6816b09db134
SHA512

290af74da264c7c0c488634a3533c1a39ae7e8a93fb4cfe3c73465aec4e3946c40e4b1af9b615ea71b412f12c6c2a78a9b393a7470bc75941eff506058393b8b
SSDEEP

6144:0RxEx/eCeeVFH4rVAVtKPmWwhsIJ5v0L9MTIGDK9tR:0RaeZMtsGDJKL3GD2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
179c5c4b62d8939590a499bd4c9be1d1_JaffaCakes118

Files

179c5c4b62d8939590a499bd4c9be1d1_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

a5a886ad01983a8814116114f8ffe1a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ThemeUI.pdb

Imports

msvcrt

_except_handler3
_vsnprintf
atoi
_wcsnicmp
wcslen
malloc
_adjust_fdiv
_initterm
free
wcstombs
_itow
_vsnwprintf

kernel32

GetPrivateProfileIntW
ExpandEnvironmentStringsW
CopyFileW
ProcessIdToSessionId
GetCurrentProcessId
InterlockedExchange
GetCurrentThreadId
GetModuleHandleW
lstrlenA
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
WriteFile
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
FormatMessageW
WinExec
GetWindowsDirectoryW
GetSystemDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetShortPathNameW
GetLongPathNameW
CreateThread
WaitForSingleObject
FreeLibraryAndExitThread
WritePrivateProfileStringW
LoadLibraryExW
FreeResource
WriteProfileStringW
lstrcmpW
GetPrivateProfileStringW
GetTempPathW
GetSystemDefaultLCID
GetUserDefaultLCID
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
CreateFileW
ReadFile
SetFilePointer
MultiByteToWideChar
CreateProcessW
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
CloseHandle
DeleteFileW
GlobalMemoryStatus
GetProcAddress
GetModuleFileNameW
GlobalAlloc
IsDebuggerPresent
FreeLibrary
LoadLibraryW
LocalAlloc
GetTickCount
LocalFree
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
lstrlenW
MulDiv
GetVersionExA
GetModuleHandleA
lstrcpynW
DelayLoadFailureHook

gdi32

GetNearestPaletteIndex
GetObjectType
SetTextAlign
ExtTextOutW
GetTextExtentPointW
BeginPath
EndPath
CreatePen
StrokePath
PathToRegion
GetPixel
ExtFloodFill
SetMagicColors
CreatePatternBrush
CreateHalftonePalette
IntersectClipRect
SetStretchBltMode
StretchBlt
SelectClipRgn
GetDIBColorTable
CreateBitmap
SaveDC
GetTextColor
SetBkColor
RestoreDC
TranslateCharsetInfo
TextOutW
EnumFontFamiliesW
CreateDIBSection
CreateCompatibleBitmap
SetLayout
CreateCompatibleDC
BitBlt
SetTextColor
SetBkMode
DeleteDC
CreateSolidBrush
GetObjectW
GetTextMetricsW
SelectPalette
RealizePalette
PatBlt
EnumFontFamiliesExW
GetTextExtentPoint32W
SelectObject
GetDeviceCaps
GetPaletteEntries
CreatePalette
DeleteObject
CreateFontIndirectW
SetPaletteEntries
GetStockObject
GetNearestColor

user32

CharNextW
DrawIconEx
EnumChildWindows
SendNotifyMessageW
LoadIconW
UnionRect
AlignRects
SetWindowRgn
GetCursorPos
GetAsyncKeyState
GetMessagePos
GetMessageTime
GetDoubleClickTime
SetRect
IntersectRect
GetKeyState
SetCursorPos
BringWindowToTop
SetMenuDefaultItem
IsWindowEnabled
CheckMenuItem
TrackPopupMenu
IsCharUpperW
IsRectEmpty
ClientToScreen
SystemParametersInfoA
PostThreadMessageW
EnumDisplaySettingsExW
CharUpperBuffW
GetDlgItemInt
SendMessageTimeoutW
EndTask
CallWindowProcW
RedrawWindow
GetFocus
FindWindowW
RegisterWindowMessageW
LoadBitmapW
IsWindow
DrawIcon
SetSysColorsTemp
DrawCaptionTempW
DrawFrameControl
GetDesktopWindow
GetWindowLongA
GetSubMenu
CharLowerW
DrawMenuBarTemp
DestroyIcon
DestroyMenu
LoadMenuW
EnableMenuItem
PtInRect
WaitForInputIdle
MessageBoxW
GetClassInfoW
RegisterClassW
GetDlgCtrlID
GetCapture
ChangeDisplaySettingsW
SetRectEmpty
EnumDisplayDevicesW
ChangeDisplaySettingsExW
RegisterClipboardFormatW
CharUpperW
SetWindowTextW
SystemParametersInfoW
SetForegroundWindow
LoadImageW
GetMessageW
RegisterClassExW
SetTimer
KillTimer
GetSystemMetrics
UnregisterClassW
BeginPaint
LoadStringA
CopyRect
DrawTextW
EndPaint
MonitorFromPoint
SetFocus
ShowCursor
ReleaseCapture
SetCapture
ShowWindow
GetDlgItemTextW
MoveWindow
DrawTextExW
SetWindowPos
AdjustWindowRect
MonitorFromRect
GetMonitorInfoW
ChildWindowFromPoint
IsWindowVisible
LoadCursorW
SetCursor
GetSysColor
SetSysColors
MapWindowPoints
DestroyWindow
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
GetParent
PostMessageW
GetWindowLongW
SetWindowLongW
DefWindowProcW
WinHelpW
EndDialog
IsDlgButtonChecked
GetWindowTextW
GetClientRect
LoadStringW
GetWindow
SetDlgItemTextW
SetDlgItemInt
DrawEdge
OffsetRect
FillRect
InflateRect
DrawFocusRect
FrameRect
GetSysColorBrush
InvalidateRect
UpdateWindow
SendDlgItemMessageW
CheckDlgButton
EnableWindow
GetDC
ReleaseDC
GetDlgItem
SendMessageW
GetWindowRect
CreateWindowExW
DialogBoxParamW

advapi32

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueW
RegEnumValueW
RegOpenKeyExA
RegQueryValueExA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

secur32

GetUserNameExW

msimg32

TransparentBlt

shlwapi

PathUnExpandEnvStringsW
ord175
ord217
ord534
ord508
PathCommonPrefixW
StrStrIW
SHGetValueW
ord439
StrRStrIW
ord346
PathRemoveExtensionW
PathIsRelativeW
ord466
ord295
ord294
PathIsFileSpecW
StrChrW
PathRemoveBlanksW
ord464
PathRemoveFileSpecW
SHRegGetPathW
ord165
StrDupW
PathQuoteSpacesW
wvnsprintfW
ord191
SHRegSetUSValueW
SHRegSetPathW
ord353
ord260
PathFindExtensionW
ord193
PathParseIconLocationW
ord271
StrToIntExW
SHRegGetUSValueW
PathFindFileNameW
StrStrW
SHSetValueW
ord460
ord437
ord16
ord24
PathFileExistsW
ord499
SHRegGetBoolUSValueW
ord172
ord494
SHDeleteKeyW
ord497
ord487
ord495
StrCmpW
StrCmpNIW
PathAppendW
StrCmpIW
ord199
ord174
ord496
StrToIntW
ord219
wnsprintfW
ord80
StrCatBuffW
ord507

shell32

SHFileOperationW
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteW
ord194
ord167
ord169
ord182
SHChangeNotify
ExtractIconExW
ord258
ord259
ShellExecuteExW
ord74
ord100
SHGetSpecialFolderPathW
ExtractIconW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5a886ad01983a8814116114f8ffe1a5

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

gdi32

user32

advapi32

ole32

secur32

msimg32

shlwapi

shell32

Exports

Exports

Sections

.text Size: 218KB - Virtual size: 217KB

.data Size: 131KB - Virtual size: 199KB

.rsrc Size: 140KB - Virtual size: 139KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 218KB - Virtual size: 217KB

.data
Size: 131KB - Virtual size: 199KB

.rsrc
Size: 140KB - Virtual size: 139KB

.reloc
Size: 15KB - Virtual size: 14KB