3daf9d3d9e6df48d3cf2835664c346f2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3daf9d3d9e6df48d3cf2835664c346f2_JaffaCakes118
Size

200KB
MD5

3daf9d3d9e6df48d3cf2835664c346f2
SHA1

ca8b2978dd2c9b364782a5d66ac072c5f0b769d6
SHA256

1c50f58da6d4ec7d2b9daadb68c0790eda83e387cd94d70bb2cfc9f144f6dfbb
SHA512

66c7a500edc4df3948ffb5a6cfe9b91c27a9cd1157be64c8490f16e4816905a09ba665bfd5b45bec301687efa43d6e0fd17981f1770e85038b987a6573aa969d
SSDEEP

3072:Za91Ai/4iLoUCRUckAbTC0shNZtndkf7FZGYOj82JpUZe:g8t1BTC0sDU2q27H

Score

1^/10

Malware Config

Signatures

Files

3daf9d3d9e6df48d3cf2835664c346f2_JaffaCakes118
.dll windows:5 windows x86 arch:x86

5c52e4043ddcc5c6ad68c91f1c4dacd3

Code Sign

1f:70:e3:05:ae:c4:c7:4c:be:ba:24:28:e5:11:6a:2d
Certificate

Issuer

CN=0D9IT1upUGvSWX6

Not Before

02/04/2012, 17:46

Not After

31/12/2039, 23:59

Subject

CN=0D9IT1upUGvSWX6

Extended Key Usages

ExtKeyUsageCodeSigning

89:73:e0:7a:a6:e5:bb:78:45:1b:32:1f:73:85:af:6e:ba:86:d7:3b
Signer

Actual PE Digest

89:73:e0:7a:a6:e5:bb:78:45:1b:32:1f:73:85:af:6e:ba:86:d7:3b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcatA
CreateFileA
LoadLibraryA
GetWindowsDirectoryA
VirtualAlloc

gdi32

GetStockObject

comdlg32

ReplaceTextW
ReplaceTextA
PrintDlgW
PrintDlgExW
PrintDlgExA
PrintDlgA
PageSetupDlgW
PageSetupDlgA
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA
GetFileTitleW
GetFileTitleA
FindTextW
FindTextA
CommDlgExtendedError
ChooseFontW
ChooseFontA
ChooseColorW
ChooseColorA

advapi32

RegOpenKeyW

ole32

HMETAFILEPICT_UserSize
WriteOleStg
WriteClassStg
WdtpInterfacePointer_UserUnmarshal
WdtpInterfacePointer_UserSize
WdtpInterfacePointer_UserMarshal
UtGetDvtd16Info
StringFromGUID2
StgOpenStorage
StgCreateDocfileOnILockBytes
StgConvertVariantToProperty
StgConvertPropertyToVariant
SetConvertStg
SNB_UserUnmarshal
SNB_UserSize
SNB_UserMarshal
SNB_UserFree
RevokeDragDrop
ReadStringStream
ReadFmtUserTypeStg
ReadClassStm
PropVariantCopy
PropVariantClear
OleTranslateAccelerator
OleSetClipboard
OleSaveToStream
OleRun
OleRegGetUserType
OleRegGetMiscStatus
OleRegEnumVerbs
OleNoteObjectVisible
OleLoad
OleIsRunning
OleInitializeWOW
OleGetIconOfClass
OleGetAutoConvert
OleDoAutoConvert
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFileEx
OleCreateFromFile
OleCreateFromDataEx
OleCreateEx
OleCreateEmbeddingHelper
OleCreateDefaultHandler
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAMEx
OleConvertIStorageToOLESTREAM
MonikerCommonPrefixWith
HWND_UserSize
HWND_UserMarshal
HMETAFILE_UserUnmarshal
HMETAFILE_UserMarshal
HMETAFILE_UserFree
HMETAFILEPICT_UserFree
HMENU_UserFree
HICON_UserSize
HICON_UserMarshal
HENHMETAFILE_UserMarshal
HENHMETAFILE_UserFree
HDC_UserUnmarshal
HDC_UserMarshal
HBRUSH_UserMarshal
HBITMAP_UserUnmarshal
HBITMAP_UserSize
HACCEL_UserUnmarshal
GetHGlobalFromStream
GetHGlobalFromILockBytes
GetDocumentBitStg
GetConvertStg
GetClassFile
EnableHookObject
DllDebugObjectRPCHook
DcomChannelSetHResult
CreateStdProgressIndicator
CreateFileMoniker
CreateBindCtx
CreateAntiMoniker
CoWaitForMultipleHandles
CoUnmarshalHresult
CoUnloadingWOW
CoUninitialize
CoTestCancel
CoTaskMemAlloc
CoSuspendClassObjects
CoSetProxyBlanket
CoSetCancelObject
CoRevokeMallocSpy
CoRevokeClassObject
CoRevertToSelf
CoReleaseServerProcess
CoRegisterPSClsid
CoRegisterMessageFilter
CoRegisterClassObject
CoRegisterChannelHook
CoReactivateObject
CoQueryReleaseObject
CoQueryProxyBlanket
CoQueryClientBlanket
CoQueryAuthenticationServices
CoMarshalHresult
CoLockObjectExternal
CoLoadLibrary
CoIsOle1Class
CoIsHandlerConnected
CoGetObjectContext
CoGetMarshalSizeMax
CoGetMalloc
CoGetInterfaceAndReleaseStream
CoGetCurrentProcess
CoGetCurrentLogicalThreadId
CoGetCancelObject
CoGetApartmentID
CoFreeAllLibraries
CoFileTimeToDosDateTime
CoEnableCallCancellation
CoDosDateTimeToFileTime
CoDisconnectObject
CoCreateInstanceEx
CoCreateInstance
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoCancelCall
CoBuildVersion
CLSIDFromProgIDEx
CLIPFORMAT_UserUnmarshal
CLIPFORMAT_UserSize
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserFree
BindMoniker
HMETAFILEPICT_UserUnmarshal

oleaut32

VarDecFromI4
VectorFromBstr
VariantInit
VariantCopyInd
VariantClear
VariantChangeTypeEx
VarXor
VarUI4FromUI2
VarUI4FromStr
VarUI4FromR8
VarUI4FromI4
VarUI4FromI2
VarUI4FromI1
VarUI4FromDisp
VarUI4FromDec
VarUI2FromUI4
VarUI2FromUI1
VarUI2FromR4
VarUI2FromI2
VarUI2FromI1
VarUI1FromR8
VarUI1FromR4
VarUI1FromI4
VarUI1FromI1
VarUI1FromDisp
VarUI1FromDate
VarUI1FromBool
VarTokenizeFormatString
VarSu
VarRound
VarR8Round
VarR8Pow
VarR8FromUI2
VarR8FromI1
VarR8FromDisp
VarR8FromDec
VarR8FromDate
VarR8FromCy
VarR4FromUI4
VarR4FromUI1
VarR4FromStr
VarR4FromR8
VarR4FromI4
VarR4FromI1
VarR4FromDisp
VarR4FromDate
VarR4FromBool
VarPow
VarParseNumFromStr
VarNot
VarNeg
VarMul
VarMod
VarInt
BSTR_UserFree
BSTR_UserSize
BSTR_UserUnmarshal
BstrFromVector
CreateDispTypeInfo
CreateStdDispatch
DispCallFunc
DosDateTimeToVariantTime
GetActiveObject
GetAltMonthNames
GetErrorInfo
GetRecordInfoFromGuids
LHashValOfNameSys
LPSAFEARRAY_Size
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserUnmarshal
LoadRegTypeLi
LoadTypeLibEx
OACreateTypeLib2
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleLoadPictureEx
OleLoadPictureFile
OleLoadPicturePath
OleTranslateColor
RegisterActiveObject
RegisterTypeLi
SafeArrayAllocDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCopy
SafeArrayCopyData
SafeArrayCreate
SafeArrayCreateEx
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayDestroyDescriptor
SafeArrayGetDim
SafeArrayGetElement
SafeArrayGetIID
SafeArrayPtrOfIndex
SafeArrayRedim
SafeArraySetIID
SafeArrayUnaccessData
SafeArrayUnlock
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringByteLen
SysStringLen
SystemTimeToVariantTime
VARIANT_UserMarshal
VARIANT_UserSize
VarImp
VarAnd
VarBoolFromCy
VarBoolFromDec
VarBoolFromDisp
VarBoolFromI2
VarBoolFromR4
VarBoolFromR8
VarBoolFromStr
VarBoolFromUI4
VarBstrCmp
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarBstrFromDisp
VarBstrFromI1
VarBstrFromI2
VarBstrFromI4
VarBstrFromR4
VarBstrFromUI1
VarBstrFromUI2
VarCat
VarCmp
VarCyAdd
VarCyCmp
VarCyCmpR8
VarCyFromDate
VarCyFromDisp
VarCyFromI1
VarCyFromI2
VarCyFromI4
VarCyFromR4
VarCyFromR8
VarCyFromStr
VarCyFromUI2
VarCyMul
VarCyNeg
VarCyRound
VarCySu
VarDateFromCy
VarDateFromDec
VarDateFromI2
VarDateFromI4
VarDateFromR4
VarDateFromR8
VarDateFromStr
VarDateFromUI1
VarDateFromUI2
VarDecAdd
VarDecCmpR8
VarDecFix
VarDecFromDate
VarDecFromDisp
VarDecFromI2
VARIANT_UserUnmarshal
VarDecFromR4
VarDecFromStr
VarDecInt
VarDecMul
VarDiv
VarEqv
VarFormatCurrency
VarFormatDateTime
VarFormatNumber
VarFormatPercent
VarI1FromDate
VarI1FromDec
VarI1FromDisp
VarI1FromI4
VarI1FromR4
VarI1FromR8
VarI1FromStr
VarI1FromUI4
VarI2FromBool
VarI2FromDec
VarI2FromDisp
VarI2FromI1
VarI2FromI4
VarI2FromR8
VarI2FromUI1
VarI2FromUI2
VarI2FromUI4
VarI4FromCy
VarI4FromDate
VarI4FromDisp
VarI4FromI2
VarI4FromR4
VarI4FromR8
VarI4FromStr
VarI4FromUI1
VarI4FromUI2

comctl32

CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
ord6
CreateStatusWindowW
ord7
CreateToolbarEx
ord16
DestroyPropertySheetPage
ord15
DrawStatusText
ord5
DrawStatusTextW
FlatSB_EnableScrollBar
CreatePropertySheetPage
FlatSB_GetScrollProp
FlatSB_GetScrollRange
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollRange
FlatSB_ShowScrollBar
ord4
GetMUILanguage
ImageList_Add
ImageList_AddIcon
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
FlatSB_GetScrollInfo
_TrackMouseEvent
UninitializeFlatSB
ord3
PropertySheetW
PropertySheetA
PropertySheet
ord2
ord13
ord14
InitializeFlatSB
InitMUILanguage
InitCommonControlsEx
ord17
ImageList_Write
ImageList_SetOverlayImage
ImageList_SetImageCount
ImageList_SetIconSize
ImageList_SetFilter
ImageList_SetDragCursorImage
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Replace
ImageList_Remove
ImageList_Read
ImageList_Merge
ImageList_LoadImageW
ImageList_LoadImageA
ImageList_LoadImage
ImageList_GetImageRect
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_GetIcon
ImageList_GetDragImage
ImageList_GetBkColor
ImageList_EndDrag
ImageList_Duplicate
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_Draw
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ord8

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c52e4043ddcc5c6ad68c91f1c4dacd3

Code Sign

1f:70:e3:05:ae:c4:c7:4c:be:ba:24:28:e5:11:6a:2dCertificate

Extended Key Usages

89:73:e0:7a:a6:e5:bb:78:45:1b:32:1f:73:85:af:6e:ba:86:d7:3bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

comdlg32

advapi32

ole32

oleaut32

comctl32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 183KB - Virtual size: 182KB

.data2 Size: 1024B - Virtual size: 1000B

.reloc Size: 4KB - Virtual size: 3KB

1f:70:e3:05:ae:c4:c7:4c:be:ba:24:28:e5:11:6a:2d
Certificate

89:73:e0:7a:a6:e5:bb:78:45:1b:32:1f:73:85:af:6e:ba:86:d7:3b
Signer

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 183KB - Virtual size: 182KB

.data2
Size: 1024B - Virtual size: 1000B

.reloc
Size: 4KB - Virtual size: 3KB