b4eac16f809296a1a61fd6a99831583d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b4eac16f809296a1a61fd6a99831583d_JaffaCakes118
Size

1.3MB
MD5

b4eac16f809296a1a61fd6a99831583d
SHA1

8554a21ff8e93298b266b2abd134e776c1ba66fc
SHA256

610e251612da7a879794871b570ab2b59064e4062f76e376da30bebef8f217eb
SHA512

05e9e63391eec8ce141491f5878d1382428854ae0a50fe7648448fdd523980a565ff9be634f7bf8631388e67c6795473abecd9bcb91dafa43e47c8c6492ef319
SSDEEP

24576:YW0fvMDVBI8bZTTeKWTCWUzQwmDwcx2kZW8WNhHHb93:YW8kBI6DWTZ68WnV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4eac16f809296a1a61fd6a99831583d_JaffaCakes118

Files

b4eac16f809296a1a61fd6a99831583d_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

0fa39df79236fad84de121dafa7de609

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

quartz.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryValueExA
RegQueryValueW
RegFlushKey
RegCreateKeyExW
RegQueryInfoKeyW
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegOpenKeyExW

gdi32

CreateRectRgn
RealizePalette
SetTextCharacterExtra
EnumFontFamiliesExW
SetDIBitsToDevice
StretchDIBits
GetObjectW
CreateDCW
SetStretchBltMode
StretchBlt
CreateDIBSection
BitBlt
SetBkMode
SetTextColor
GetTextExtentPoint32W
SelectPalette
CreateRectRgnIndirect
CombineRgn
FillRgn
GetStockObject
CreatePalette
SetBkColor
ExtTextOutW
GetPixel
SetPixel
GdiFlush
GetClipBox
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
CreateSolidBrush
PatBlt
GetDIBits
GetSystemPaletteEntries
CreateFontIndirectW
ExtCreateRegion
EqualRgn
GetDCOrgEx
DeleteObject
GetDeviceCaps
SetDIBColorTable

kernel32

GetProfileIntW
GetProfileStringA
GetPrivateProfileStringA
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
LocalAlloc
LocalFree
HeapAlloc
GetProcessHeap
HeapFree
WriteProfileStringW
SetErrorMode
GetDiskFreeSpaceW
GetDriveTypeW
GetFileSize
LocalUnlock
LocalLock
LocalReAlloc
CompareStringA
lstrcmpA
lstrcpynA
IsBadWritePtr
IsBadReadPtr
GetShortPathNameA
GetACP
lstrcmpiA
CreateFileMappingW
MapViewOfFile
CreateSemaphoreW
UnmapViewOfFile
OpenProcess
GetExitCodeProcess
lstrcpyA
CompareStringW
GetTempPathW
GetFileInformationByHandle
GetFullPathNameW
WriteFile
QueryPerformanceFrequency
ReleaseMutex
CreateMutexW
HeapDestroy
WideCharToMultiByte
FreeLibraryAndExitThread
Sleep
CreateFileW
lstrcatW
SetFilePointer
ReadFile
FormatMessageA
GetModuleHandleA
FormatMessageW
CreateThread
GetCurrentThread
GetThreadPriority
SetThreadPriority
InterlockedExchange
lstrcpyW
LoadLibraryW
GetLastError
lstrlenA
GetModuleHandleW
GetModuleFileNameW
DisableThreadLibraryCalls
GetVersionExW
lstrcmpW
VirtualFree
GetSystemInfo
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
ResetEvent
SetEvent
CreateEventW
CloseHandle
InterlockedDecrement
InterlockedIncrement
lstrlenW
lstrcpynW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DelayLoadFailureHook
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LoadLibraryA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
GetModuleFileNameA
MultiByteToWideChar
lstrcmpiW
DeviceIoControl
MapViewOfFileEx
VirtualAlloc
MulDiv
RaiseException

msvcrt

??3@YAXPAX@Z
wcsrchr
_ftol
free
_initterm
malloc
_adjust_fdiv
??2@YAPAXI@Z
__dllonexit
_onexit
_ltow
towupper
atoi
_vsnwprintf
memmove
getenv
sscanf
_local_unwind2
sprintf
wcscpy
_strdup
_except_handler3
_wtoi
wcslen

ole32

CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree
CLSIDFromString
CreateBindCtx
CoCreateFreeThreadedMarshaler
MkParseDisplayName
CreateStreamOnHGlobal
StringFromCLSID
StgOpenStorage
StgIsStorageFile
IIDFromString
CoTaskMemRealloc

oleaut32

RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
SysReAllocString
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayDestroy
SafeArrayCreate
SysStringLen
SysAllocStringLen
VariantInit
VariantCopy
VariantChangeType
LoadRegTypeLi
SetErrorInfo

rpcrt4

NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrClientCall2
NdrDllCanUnloadNow

shell32

SHGetFolderPathW

user32

GetWindowLongW
IsIconic
GetWindowPlacement
MonitorFromRect
ChangeDisplaySettingsExA
IntersectRect
ScreenToClient
MapWindowPoints
SetRectEmpty
GetClientRect
ClientToScreen
EnumDisplayMonitors
EnumDisplayDevicesW
SetWindowsHookExW
InvalidateRect
UnhookWindowsHookEx
GetWindowRect
EnableWindow
GetDesktopWindow
SystemParametersInfoW
MessageBoxW
GetDlgItem
DialogBoxParamW
EndDialog
SendDlgItemMessageW
IsRectEmpty
IsWindowVisible
GetSystemMetrics
EqualRect
SetRect
wsprintfA
MonitorFromWindow
GetMonitorInfoW
InSendMessage
IsWindow
KillTimer
SetTimer
EndPaint
SetCursor
BeginPaint
DestroyCursor
LoadImageW
SetKeyboardState
DestroyWindow
CreateDialogParamW
SetDlgItemTextW
SetParent
IsZoomed
SetWindowLongW
FillRect
OffsetRect
ChangeDisplaySettingsExW
GetWindowTextW
SetWindowTextW
MoveWindow
SetForegroundWindow
ShowWindow
GetForegroundWindow
SetWindowPos
UpdateWindow
GetDlgItemInt
GetKeyboardState
SendMessageW
GetWindowThreadProcessId
LoadStringW
GetDC
ReleaseDC
GetMessageW
TranslateMessage
PostMessageW
CharNextW
DispatchMessageW
GetQueueStatus
RegisterWindowMessageW
PostThreadMessageW
wvsprintfW
MsgWaitForMultipleObjects
PeekMessageW
wsprintfW
AdjustWindowRectEx
DefWindowProcW
CreateWindowExW
RegisterClassW
LoadCursorW
GetClassInfoW
ReplyMessage
GetParent

winmm

timeGetTime
timeSetEvent
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
timeKillEvent
midiStreamClose
midiOutGetErrorTextW
midiStreamPosition
midiStreamPause
midiOutPrepareHeader
midiStreamRestart
midiOutUnprepareHeader
midiStreamOut
mixerGetControlDetailsW
mixerSetControlDetails
mixerGetLineControlsW
mixerGetDevCapsW
mixerGetLineInfoW
mixerGetNumDevs
midiOutGetNumDevs
midiStreamProperty
midiStreamOpen
midiOutReset
waveOutGetNumDevs
waveOutClose
waveOutGetDevCapsW
waveOutGetErrorTextW
waveOutGetPosition
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutUnprepareHeader
waveOutWrite
waveOutSetVolume
waveOutGetVolume

Exports

Exports

AMGetErrorTextA
AMGetErrorTextW
AmpFactorToDB
DBToAmpFactor
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 571B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fa39df79236fad84de121dafa7de609

Headers

File Characteristics

PDB Paths

Imports

advapi32

gdi32

kernel32

msvcrt

ole32

oleaut32

rpcrt4

shell32

user32

winmm

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.orpc Size: 1024B - Virtual size: 571B

.data Size: 36KB - Virtual size: 221KB

.rsrc Size: 55KB - Virtual size: 54KB

.reloc Size: 54KB - Virtual size: 54KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.orpc
Size: 1024B - Virtual size: 571B

.data
Size: 36KB - Virtual size: 221KB

.rsrc
Size: 55KB - Virtual size: 54KB

.reloc
Size: 54KB - Virtual size: 54KB