29976419f111ed4ea5da69b13ab6c547_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

29976419f111ed4ea5da69b13ab6c547_JaffaCakes118
Size

203KB
MD5

29976419f111ed4ea5da69b13ab6c547
SHA1

8da14205fdadaafd463db3b44e70856032add461
SHA256

3db2166be67ee6eecd2ddcb66dcc72def90791a02ebc11edf99a0d96050fc14c
SHA512

be01bce4059f30bd37960cb40dedd0b201bbb47202eda383aa061ef57ba7062ca47fbfdc2f8311a7bdef958eba229b2036fe33846e195c2ee1d2718928fd2128
SSDEEP

3072:P9yAi/4iLoUCRUckAbTC0shNZtndkf7FZGYBq2JpUomA:U8t1BTC0sDU2H27zj

Score

1^/10

Malware Config

Signatures

Files

29976419f111ed4ea5da69b13ab6c547_JaffaCakes118
.dll windows:5 windows x86 arch:x86

0ac3f289d39322958e1ea81512a2887e

Code Sign

6b:33:9f:da:07:cd:02:7e:b3:7f:f1:52:59:f1:5d:8c
Certificate

Issuer

CN=fvGjrF9V10D6Ftl

Not Before

02-04-2012 07:34

Not After

31-12-2039 23:59

Subject

CN=fvGjrF9V10D6Ftl

Extended Key Usages

ExtKeyUsageCodeSigning

35:06:06:16:c7:03:b7:66:d6:ad:cd:15:5b:44:38:b6:93:30:cd:ec
Signer

Actual PE Digest

35:06:06:16:c7:03:b7:66:d6:ad:cd:15:5b:44:38:b6:93:30:cd:ec

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
lstrcatA
CreateFileA
GetWindowsDirectoryA
VirtualAlloc

user32

RegisterClassExA

comdlg32

ReplaceTextW
ReplaceTextA
PrintDlgW
PrintDlgExW
PrintDlgExA
PrintDlgA
PageSetupDlgW
PageSetupDlgA
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA
GetFileTitleW
GetFileTitleA
FindTextW
FindTextA
CommDlgExtendedError
ChooseFontW
ChooseFontA
ChooseColorW
ChooseColorA

advapi32

RegOpenKeyW

ole32

WriteStringStream
WriteOleStg
WriteClassStg
WdtpInterfacePointer_UserUnmarshal
WdtpInterfacePointer_UserSize
WdtpInterfacePointer_UserMarshal
WdtpInterfacePointer_UserFree
UtGetDvtd32Info
UtGetDvtd16Info
UtConvertDvtd16toDvtd32
UpdateDCOMSettings
StringFromGUID2
StgPropertyLengthAsVariant
StgOpenStorageEx
StgOpenStorage
StgIsStorageILockBytes
StgIsStorageFile
StgGetIFillLockBytesOnILockBytes
StgCreateStorageEx
StgCreatePropStg
StgCreateDocfileOnILockBytes
StgConvertVariantToProperty
StgConvertPropertyToVariant
SetDocumentBitStg
SetConvertStg
STGMEDIUM_UserSize
SNB_UserUnmarshal
SNB_UserSize
SNB_UserMarshal
SNB_UserFree
RevokeDragDrop
ReleaseStgMedium
ReadStringStream
ReadFmtUserTypeStg
ReadClassStm
ReadClassStg
PropVariantCopy
PropVariantClear
OpenOrCreateStream
OleUninitialize
OleTranslateAccelerator
OleSetClipboard
OleSetAutoConvert
OleSaveToStream
OleRun
OleRegGetUserType
OleRegGetMiscStatus
OleRegEnumVerbs
OleQueryLinkFromData
OleNoteObjectVisible
OleLoad
OleIsRunning
OleInitializeWOW
OleGetIconOfFile
OleGetIconOfClass
OleGetClipboard
OleGetAutoConvert
OleFlushClipboard
OleDuplicateData
OleDraw
OleDoAutoConvert
OleDestroyMenuDescriptor
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateLinkFromDataEx
OleCreateLinkFromData
OleCreateLinkEx
OleCreateFromFileEx
OleCreateFromFile
OleCreateFromDataEx
OleCreateEx
OleCreateEmbeddingHelper
OleCreateDefaultHandler
OleCreate
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAMEx
OleConvertIStorageToOLESTREAM
OleBuildVersion
MonikerRelativePathTo
MonikerCommonPrefixWith
MkParseDisplayName
IsEqualGUID
IIDFromString
HWND_UserUnmarshal
HWND_UserSize
HWND_UserMarshal
HPALETTE_UserUnmarshal
HMETAFILE_UserUnmarshal
HMETAFILE_UserSize
HMETAFILE_UserMarshal
HMETAFILE_UserFree
HMETAFILEPICT_UserUnmarshal
HMETAFILEPICT_UserSize
HMETAFILEPICT_UserMarshal
HMETAFILEPICT_UserFree
HMENU_UserUnmarshal
HMENU_UserSize
HICON_UserSize
HICON_UserMarshal
HENHMETAFILE_UserSize
HENHMETAFILE_UserMarshal
HENHMETAFILE_UserFree
HDC_UserUnmarshal
HDC_UserMarshal
HBRUSH_UserMarshal
HBRUSH_UserFree
HBITMAP_UserUnmarshal
HBITMAP_UserSize
HBITMAP_UserFree
HACCEL_UserUnmarshal
HACCEL_UserSize
HACCEL_UserMarshal
GetHGlobalFromStream
GetHGlobalFromILockBytes
GetDocumentBitStg
GetConvertStg
GetClassFile
EnableHookObject
DoDragDrop
DllDebugObjectRPCHook
CreateStdProgressIndicator
CreatePointerMoniker
CreateOleAdviseHolder
CreateItemMoniker
CreateILockBytesOnHGlobal
CreateGenericComposite
CreateFileMoniker
CreateDataAdviseHolder
CreateBindCtx
CreateAntiMoniker
CoWaitForMultipleHandles
CoUnmarshalHresult
CoUnloadingWOW
CoUninitialize
CoTestCancel
CoTaskMemRealloc
CoTaskMemAlloc
CoSuspendClassObjects
CoSetProxyBlanket
CoSetCancelObject
CoRevokeMallocSpy
CoRevokeClassObject
CoRevertToSelf
CoReleaseServerProcess
CoReleaseMarshalData
CoRegisterSurrogate
CoRegisterPSClsid
CoRegisterMessageFilter
CoRegisterClassObject
CoRegisterChannelHook
CoReactivateObject
CoQueryReleaseObject
CoQueryProxyBlanket
CoQueryClientBlanket
CoQueryAuthenticationServices
CoMarshalInterThreadInterfaceInStream
CoMarshalHresult
CoLockObjectExternal
CoLoadLibrary
CoIsOle1Class
CoIsHandlerConnected
CoInitialize
CoImpersonateClient
CoGetObjectContext
CoGetMarshalSizeMax
CoGetMalloc
CoGetInterfaceAndReleaseStream
CoGetCurrentProcess
CoGetCurrentLogicalThreadId
CoGetCancelObject
CoGetCallContext
CoGetApartmentID
CoFreeLibrary
CoFreeAllLibraries
CoFileTimeToDosDateTime
CoFileTimeNow
CoEnableCallCancellation
CoDosDateTimeToFileTime
CoDisconnectObject
CoCreateInstanceEx
CoCreateInstance
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoCancelCall
CoBuildVersion
CoAllowSetForegroundWindow
CoAddRefServerProcess
CLSIDFromString
CLSIDFromProgIDEx
CLIPFORMAT_UserUnmarshal
CLIPFORMAT_UserSize
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserFree
BindMoniker
HMENU_UserFree
CreateStreamOnHGlobal
DcomChannelSetHResult

oleaut32

VarBstrFromUI2
VectorFromBstr
VariantInit
VariantCopyInd
VariantClear
VariantChangeTypeEx
VarXor
VarUI4FromUI2
VarUI4FromStr
VarUI4FromR8
VarUI4FromI4
VarUI4FromI2
VarUI4FromI1
VarUI4FromDisp
VarUI4FromDec
VarUI2FromUI4
VarUI2FromUI1
VarUI2FromR4
VarUI2FromI2
VarUI2FromI1
VarUI1FromR8
VarUI1FromR4
VarUI1FromI4
VarUI1FromI1
VarUI1FromDisp
VarUI1FromDate
VarUI1FromBool
VarTokenizeFormatString
VarSu
VarRound
VarR8Round
VarR8Pow
VarR8FromUI2
VarR8FromI1
VarR8FromDisp
VarR8FromDec
VarR8FromDate
VarR8FromCy
VarR4FromUI4
VarR4FromUI1
VarR4FromStr
VarR4FromR8
VarR4FromI4
VarR4FromI1
VarR4FromDisp
VarR4FromDate
VarR4FromBool
VarPow
VarParseNumFromStr
VarNot
VarNeg
VarMul
VarMod
VarInt
VarImp
VarI4FromUI2
VarI4FromUI1
VarI4FromStr
VarI4FromR8
VarI4FromR4
VarI4FromI2
VarI4FromDisp
VarI4FromDate
VarI4FromCy
VarI2FromUI4
VarI2FromUI2
VarI2FromUI1
VarI2FromR8
VarI2FromI4
VarI2FromI1
VarI2FromDisp
VarI2FromDec
VarI2FromBool
VarI1FromUI4
VarI1FromStr
VarI1FromR8
VarI1FromR4
VarI1FromI4
VarI1FromDisp
VarI1FromDec
VarI1FromDate
VarFormatPercent
VarFormatNumber
VarFormatDateTime
VarFormatCurrency
VarEqv
VarDiv
VarDecMul
VarDecInt
VarDecFromStr
VarDecFromR4
VarDecFromI4
VarDecFromI2
VarDecFromDisp
VarDecFromDate
VarDecFix
VarDecCmpR8
VarDecAdd
VarDateFromUI2
VarDateFromUI1
VarDateFromStr
VarDateFromR8
VarDateFromR4
VarDateFromI4
VarDateFromI2
VarDateFromDec
VarDateFromCy
VarCySu
VarCyRound
VarCyNeg
VarCyMul
VarCyFromUI2
VarCyFromStr
VarCyFromR8
VarCyFromR4
VarCyFromI4
VarCyFromI2
VarCyFromI1
VarCyFromDisp
VarCyFromDate
VarCyCmpR8
VarCyCmp
BSTR_UserFree
BSTR_UserSize
BSTR_UserUnmarshal
BstrFromVector
CreateDispTypeInfo
CreateStdDispatch
DispCallFunc
DosDateTimeToVariantTime
GetActiveObject
GetAltMonthNames
GetErrorInfo
GetRecordInfoFromGuids
LHashValOfNameSys
LPSAFEARRAY_Size
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserUnmarshal
LoadRegTypeLi
LoadTypeLibEx
OACreateTypeLib2
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
VarCyAdd
OleLoadPictureFile
OleLoadPicturePath
OleTranslateColor
RegisterActiveObject
RegisterTypeLi
SafeArrayAllocDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCopy
SafeArrayCopyData
SafeArrayCreate
SafeArrayCreateEx
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayDestroyDescriptor
SafeArrayGetDim
SafeArrayGetElement
SafeArrayGetIID
SafeArrayPtrOfIndex
SafeArrayRedim
SafeArraySetIID
SafeArrayUnaccessData
SafeArrayUnlock
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringByteLen
SysStringLen
SystemTimeToVariantTime
VARIANT_UserMarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VarAnd
VarBoolFromCy
VarBoolFromDec
VarBoolFromDisp
VarBoolFromI2
VarBoolFromR4
VarBoolFromR8
VarBoolFromStr
VarBoolFromUI4
VarBstrCmp
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarBstrFromDisp
VarBstrFromI1
VarBstrFromI2
VarBstrFromI4
VarBstrFromR4
VarBstrFromUI1
OleLoadPictureEx
VarCat
VarCmp

comctl32

CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
ord6
CreateStatusWindowW
_TrackMouseEvent
UninitializeFlatSB
ord7
CreateToolbarEx
ord16
DestroyPropertySheetPage
ord15
DrawStatusText
ord5
CreatePropertySheetPage
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollProp
FlatSB_GetScrollRange
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollRange
FlatSB_ShowScrollBar
ord4
GetMUILanguage
ImageList_Add
ImageList_AddIcon
ImageList_AddMasked
ImageList_BeginDrag
DrawStatusTextW
ord3
PropertySheetW
PropertySheetA
PropertySheet
ord2
ord13
ord14
InitializeFlatSB
InitMUILanguage
InitCommonControlsEx
ord17
ImageList_Write
ImageList_SetOverlayImage
ImageList_SetImageCount
ImageList_SetIconSize
ImageList_SetFilter
ImageList_SetDragCursorImage
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Replace
ImageList_Remove
ImageList_Read
ImageList_Merge
ImageList_LoadImageW
ImageList_LoadImageA
ImageList_LoadImage
ImageList_GetImageRect
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_GetIcon
ImageList_GetDragImage
ImageList_GetBkColor
ImageList_EndDrag
ImageList_Duplicate
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_Draw
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_Copy
ord8

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ac3f289d39322958e1ea81512a2887e

Code Sign

6b:33:9f:da:07:cd:02:7e:b3:7f:f1:52:59:f1:5d:8cCertificate

Extended Key Usages

35:06:06:16:c7:03:b7:66:d6:ad:cd:15:5b:44:38:b6:93:30:cd:ecSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

ole32

oleaut32

comctl32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 183KB - Virtual size: 183KB

.data2 Size: 1024B - Virtual size: 1000B

.reloc Size: 4KB - Virtual size: 3KB

6b:33:9f:da:07:cd:02:7e:b3:7f:f1:52:59:f1:5d:8c
Certificate

35:06:06:16:c7:03:b7:66:d6:ad:cd:15:5b:44:38:b6:93:30:cd:ec
Signer

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 183KB - Virtual size: 183KB

.data2
Size: 1024B - Virtual size: 1000B

.reloc
Size: 4KB - Virtual size: 3KB