30c840960a63e29408a521510f69b10c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30c840960a63e29408a521510f69b10c_JaffaCakes118
Size

782KB
MD5

30c840960a63e29408a521510f69b10c
SHA1

b01fb8209fa33b2be14bb06172b9a5fd472143ce
SHA256

7ba9c6297c7c0c2e0e3a52b9634d0a13e26a6fd365dccd89d525859c4f4549ae
SHA512

d76c30458e7034b298cbf6ed06e9fc61e16cd99d73e594a5de3f99f9ad8f6ab8a692485138d2b31ba616603391119f746bac87011e034a1e0d56043ca49c4b26
SSDEEP

12288:ktnSsZgFDkTOzfNKhOiUDXpbZ0B88ZTNOK62ON4Zf6utZ0MpxtOD5qAEQ:agFVVaUnuZZOL2ONGZ0Mnt+5qA5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30c840960a63e29408a521510f69b10c_JaffaCakes118

Files

30c840960a63e29408a521510f69b10c_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

f93b1997f1dd2f32781f89ec84ccb9c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\100617_075120_build_Client_Build_PabstBlueRibbon_3.0.470.0\source\source_BrowserExtension\bin\ShopperReports_Release\CmndFF.pdb

Imports

pltfrm

??0XUrlFormat@@QAE@XZ
?GetServer@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetPath@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetParams@XUrlFormat@@QAE?AVCComBSTR@ATL@@XZ
?GetCid@InstlrUtl@@YA?AVCComBSTR@ATL@@XZ
?SetGuru@XUrlFormat@@QAEXPAUIGuru@@@Z
?GetFrmtdDateTime@PlatformUtils@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@_J@Z
?ExtractParam@InstlrUtl@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@V23@0_N@Z
?getUsrAgnt@UsrAgnt@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@_N@Z
??1XUrlFormat@@UAE@XZ
?SetUrl@XUrlFormat@@QAEXPA_W@Z
?LoadDecriptFile@PlatformUtils@@YAJAAVCComBSTR@ATL@@ABV23@_N@Z
?GetIeUserAgent@UsrAgnt@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@_N@Z
?GetUsrInf@InstlrUtl@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@ABV23@PAUIGuru@@@Z

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
SetThreadLocale
GetThreadLocale
GetCurrentThreadId
WideCharToMultiByte
lstrlenA
HeapAlloc
GetProcessHeap
FormatMessageW
CloseHandle
CreateFileW
ReadFile
GetFileSize
GetTickCount
FlushInstructionCache
GetCurrentProcess
WaitForSingleObject
SetLastError
CreateThread
InterlockedExchange
WriteFile
FlushFileBuffers
OutputDebugStringW
UnmapViewOfFile
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
SetFilePointer
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
lstrcmpW
LoadLibraryW
CreateMutexW
ReleaseMutex
CreateEventW
SetEvent
ResetEvent
GetCurrentProcessId
lstrcpynW
WaitForMultipleObjects
Sleep
SetFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetFileTime
GetVersionExW
DeleteFileW
ResumeThread
SetThreadPriority
TerminateThread
SetEndOfFile
lstrcpyW
GlobalHandle
lstrcmpiW
CreateSemaphoreW
SetUnhandledExceptionFilter
VirtualQuery
IsBadWritePtr
GetProcAddress
HeapFree
HeapReAlloc
GetVolumeInformationW
GetUserDefaultLCID
SetStdHandle
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetModuleHandleA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
GetFullPathNameW
GetFileAttributesW
GetCommandLineA
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapDestroy
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
GetCurrentDirectoryA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
ReleaseSemaphore
GetModuleHandleW
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
lstrlenW
RaiseException
InitializeCriticalSection
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
GetCurrentThread

user32

FindWindowW
wsprintfW
CreateDialogIndirectParamW
ReplyMessage
GetTopWindow
SetDlgItemTextW
UpdateWindow
SetTimer
KillTimer
PostThreadMessageW
MoveWindow
TranslateMessage
DispatchMessageW
GetMessageW
SetWindowContextHelpId
SendDlgItemMessageW
MapDialogRect
LoadStringW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowThreadProcessId
BeginPaint
CharNextW
PeekMessageW
IsWindow
SetWindowLongW
GetWindowLongW
BringWindowToTop
EnumWindows
IsWindowVisible
AnimateWindow
CallWindowProcW
DefWindowProcW
GetParent
DestroyWindow
InflateRect
GetClientRect
CharLowerBuffW
GetDesktopWindow
GetClassNameW
OffsetRect
GetWindowRect
SendMessageW
PostMessageW
MessageBoxW
GetClassInfoExW
LoadCursorW
RegisterClassExW
CreateWindowExW
SetRect
GetSystemMetrics
SetWindowTextW
SetWindowPos
DestroyAcceleratorTable
ReleaseDC
GetDC
InvalidateRect
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
ScreenToClient
FindWindowExW
EnumChildWindows
ShowWindow
UnregisterClassA
GetWindowTextW
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
GetDlgItem
GetSysColor
RedrawWindow
CreateAcceleratorTableW
ClientToScreen

gdi32

CreateFontIndirectW
CreateSolidBrush
CreateCompatibleBitmap
BitBlt
GetStockObject
GetDeviceCaps
CreateDIBSection
GetObjectW
SetDIBColorTable
SelectObject
DeleteDC
CreateCompatibleDC
DeleteObject

advapi32

RegEnumKeyW
RegEnumValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHCreateDirectoryExW
FindExecutableW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoCreateGuid
ProgIDFromCLSID
OleInitialize
CoGetClassObject
OleLockRunning
OleUninitialize
CreateStreamOnHGlobal
CreateItemMoniker
StringFromCLSID
GetRunningObjectTable
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize

oleaut32

SysStringLen
VarBstrCmp
SysFreeString
VariantInit
VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
DispCallFunc
UnRegisterTypeLi
RegisterTypeLi
VarBstrCat
VariantCopy
VariantChangeType
SysAllocStringLen
VectorFromBstr
OleCreateFontIndirect
SetErrorInfo
CreateErrorInfo
BstrFromVector

gdiplus

GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipBitmapUnlockBits
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipDrawImageI
GdipGetImageHeight

ws2_32

WSASetEvent
WSAEventSelect
WSARecv
WSAResetEvent
WSASend
WSACreateEvent
WSAConnect
WSAGetLastError
WSAEnumNetworkEvents
WSACloseEvent
WSACleanup
freeaddrinfo
WSAStartup
WSASocketW
WSASetLastError
getaddrinfo
WSAGetOverlappedResult
closesocket

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllSendIdsRequestAbort
DllSendIdsRequestAlreadyInstalled
DllSendIdsRequestCancel
DllSendIdsRequestInstalledOnVista
DllSendIdsRequestOk
DllSendUninstallReport
DllUnregisterServer

Sections

.text
Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f93b1997f1dd2f32781f89ec84ccb9c3

Headers

File Characteristics

PDB Paths

Imports

pltfrm

iphlpapi

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

ws2_32

Exports

Exports

Sections

.text Size: 516KB - Virtual size: 516KB

.rdata Size: 168KB - Virtual size: 168KB

.data Size: 31KB - Virtual size: 42KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 50KB - Virtual size: 50KB

.text
Size: 516KB - Virtual size: 516KB

.rdata
Size: 168KB - Virtual size: 168KB

.data
Size: 31KB - Virtual size: 42KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 50KB - Virtual size: 50KB