5598b01e46029bad1d4f53b70d700d20_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5598b01e46029bad1d4f53b70d700d20_JaffaCakes118
Size

188KB
MD5

5598b01e46029bad1d4f53b70d700d20
SHA1

b283b8becdcf4a59fbd1bb7c7d43b24a7e53ef9e
SHA256

b393521eedab6a4588343cdd646d081f362e6fef220fd9b2d48c75e575fca652
SHA512

5ef6cdbc8e7716731059516dd37cf2c05a3630f3f6f536d5c09a6de826736dd0e596fed289cf617143270a2f551ac1ee8345fe5bea90853309a11dbf25e80ab0
SSDEEP

3072:WQsJYSl6Cs8wTowPv2Ax01L8uUe9jOgk4xuvRwy:W3JPldwTowPOYkLT9jOg1SRw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5598b01e46029bad1d4f53b70d700d20_JaffaCakes118

Files

5598b01e46029bad1d4f53b70d700d20_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

728239e6b2df90c434d90017592cdd9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\QQLive_Dailybuild\src\symbol\SetupShell.pdb

Imports

common

?IsEmpty@CTXBSTR@@QAEHXZ
??0CTXBSTR@@QAE@PB_W@Z
??ICTXBSTR@@QAEPAPA_WXZ
??BCTXBSTR@@QBEPA_WXZ
??1CTXBSTR@@QAE@XZ
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
?Format@CTXStringW@@QAAXPB_WZZ
??H@YA?AVCTXStringW@@ABV0@0@Z
?RecordTransEnd@Perf@Util@@YAJ_JPB_WHH11H@Z
??0CTXStringW@@QAE@XZ
??4CTXStringW@@QAEAAV0@PB_W@Z
?RecordTransBegin@Perf@Util@@YA_JPB_WHH00@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??1CTXStringW@@QAE@XZ
??BCTXStringW@@QBEPB_WXZ
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
??0CTXStringW@@QAE@PB_W@Z
??0CTXBSTR@@QAE@XZ
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z

gf

?CreateObject@GF@Util@@YAJABU_GUID@@0PAPAX@Z
?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@0@Z

kernel32

CreateFileW
GetDiskFreeSpaceExW
GetLogicalDrives
WritePrivateProfileStringW
GetPrivateProfileIntW
DeleteFileW
GetTickCount
GetPrivateProfileStringW
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
lstrlenA
FindResourceW
InterlockedDecrement
GetPrivateProfileStructW
WritePrivateProfileStructW
lstrlenW
GetModuleFileNameW
SetThreadLocale
GetThreadLocale
RaiseException
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
OpenProcess
GetVersion
GetProcAddress
OutputDebugStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
DeviceIoControl
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
FindFirstFileW
GetDriveTypeW
CreateDirectoryW
GetLastError
GetFileAttributesW
SetFileAttributesW
WaitForSingleObject
GetExitCodeProcess
GetVersionExW
CloseHandle
GetCurrentThreadId
FindResourceExW
InterlockedIncrement

user32

GetWindowRect
SetRectEmpty
SetRect
GetParent
GetDesktopWindow
SystemParametersInfoW
IsIconic
IsWindowVisible
IsZoomed
SetWindowLongW
GetWindowLongW
SetWindowPos
IsWindow
FindWindowW
FindWindowExW
GetWindowThreadProcessId
SendMessageW
ClientToScreen
OffsetRect
UnregisterClassA

advapi32

RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW

shell32

ShellExecuteExW
SHGetMalloc
SHGetFolderPathW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CoLoadLibrary
CoCreateInstance

oleaut32

DispCallFunc
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
VarBstrCmp

log

?CheckAdvise@@YAXPB_W@Z
?CheckFileExist@@YAHPB_W@Z
?GetUserAppDataPath@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?IsWindowsVista@@YAHXZ
?GetExeFolder@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?GetUserAppDataPath2@@YA?AVCComBSTR@ATL@@XZ

atl80

ord31
ord58
ord15
ord61
ord23
ord32
ord18
ord22
ord64
ord10
ord30

shlwapi

PathAppendW

msvcp80

?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ

msvcr80

srand
rand
__CxxFrameHandler3
_resetstkoflw
malloc
_wfopen_s
fseek
ftell
fread
fclose
_decode_pointer
_invalid_parameter_noinfo
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
fwrite
_purecall
free
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
calloc
??2@YAPAXI@Z
_wtoi
_wcsicmp
wcsstr
wcstoul
ldiv
_except_handler4_common
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_onexit
_malloc_crt
_lock
??3@YAXPAX@Z
memset
swprintf_s
wcscat_s
memcpy_s
_CxxThrowException
vswprintf_s
_vscwprintf
memmove_s
??_V@YAXPAX@Z
_recalloc
wcsncpy_s
??0exception@std@@QAE@ABV01@@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

728239e6b2df90c434d90017592cdd9f

Headers

File Characteristics

PDB Paths

Imports

common

gf

kernel32

user32

advapi32

shell32

ole32

oleaut32

log

atl80

shlwapi

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 16KB - Virtual size: 13KB