JaffaCakes118_9777aa581e47a650868f58617d3b9693cf1fe269202fe66fe58ebc39e9276695

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_9777aa581e47a650868f58617d3b9693cf1fe269202fe66fe58ebc39e9276695
Size

708KB
MD5

14ea712ea5b33066f347ae4504f78603
SHA1

381ba16d436e3ccc0898da14b50e5ab06b178940
SHA256

9777aa581e47a650868f58617d3b9693cf1fe269202fe66fe58ebc39e9276695
SHA512

9fbf0396f51e550de8f68e9703be37025c9f84a2927c6c76055e8cddcc5c4ea8d047d3b97881b91a1d65bc2176cd028883fa979cbc9ad29225837c2272008291
SSDEEP

12288:MEbhuc5c8ryvCn9AketEWiRaU5bgr3F0lE+EuPq/krbhjnjlqcmVkqh57YrxOOPg:MEbhtiEuvdisU5bgr1TX5MrdjxqccV5t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/22e548e51e503a2413dd76d786eda4be774723cc305d155318a1e525c18a26a7

Files

JaffaCakes118_9777aa581e47a650868f58617d3b9693cf1fe269202fe66fe58ebc39e9276695
.zip

Password: infected
22e548e51e503a2413dd76d786eda4be774723cc305d155318a1e525c18a26a7
.xll windows:5 windows x86 arch:x86

7848449e2eabbf3231a2a17635dbabf3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Spreadsheet Tools\Projects\trunk\LockXLSRuntime\Release\LockXLSRuntime.pdb

Imports

kernel32

ReadFile
GetTempPathW
GetExitCodeThread
WaitForSingleObject
CreateThread
GetFileSize
SetFilePointerEx
GetFileType
ResumeThread
Thread32Next
OpenThread
Thread32First
CreateToolhelp32Snapshot
SuspendThread
ResetEvent
CreateEventW
SetEvent
GetCurrentThread
GlobalFree
GetFileTime
GetComputerNameW
DeviceIoControl
OutputDebugStringW
VirtualQuery
GetSystemTime
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
WriteFile
FileTimeToSystemTime
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
GetLocalTime
UnmapViewOfFile
GetTickCount
Sleep
WideCharToMultiByte
LoadLibraryA
GetCommandLineW
ExpandEnvironmentStringsA
SetEnvironmentVariableA
CompareStringW
GetFullPathNameA
CreateFileA
GetProcessHeap
SetEndOfFile
WriteConsoleW
FlushFileBuffers
LoadLibraryExA
LockResource
SetFileAttributesW
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FatalAppExitA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
SetHandleCount
SetCurrentDirectoryW
PeekNamedPipe
GetFullPathNameW
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
HeapSize
HeapReAlloc
GetLocaleInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapDestroy
HeapCreate
GetStdHandle
ExitProcess
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
GetCommandLineA
GetSystemTimeAsFileTime
FindFirstFileExW
FileTimeToLocalFileTime
FindClose
RtlUnwind
HeapFree
HeapAlloc
DecodePointer
EncodePointer
InterlockedExchange
InterlockedCompareExchange
GetStringTypeW
LocalFree
lstrlenA
RemoveDirectoryW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
QueryDosDeviceW
GetLogicalDriveStringsW
IsValidLocale
CloseHandle
CreateFileW
GetDriveTypeW
MoveFileExW
MoveFileW
ReplaceFileW
CopyFileExW
CopyFileW
GetCurrentThreadId
FindResourceA
IsDebuggerPresent
InitializeCriticalSection
IsBadReadPtr
GlobalSize
GlobalLock
GlobalAlloc
GlobalUnlock
GetCurrentProcessId
VirtualProtect
GetUserDefaultLangID
SetConsoleCtrlHandler
DeleteFileW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetModuleHandleA
FreeLibrary
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
OutputDebugStringA
GetModuleFileNameW
SetLastError
LoadLibraryW
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
SetStdHandle

user32

MessageBoxW
GetForegroundWindow
GetWindowTextW
GetClassNameW
SetCursor
GetSysColorBrush
CharNextW
FillRect
SetRect
SetWindowPos
ShowWindow
GetDlgItemTextW
IsWindow
GetFocus
DrawIconEx
DrawFrameControl
wsprintfW
SetWindowTextW
SetForegroundWindow
EndDialog
SendMessageW
GetDlgItem
InvalidateRect
EnableWindow
GetWindow
IsWindowVisible
GetDesktopWindow
GetWindowThreadProcessId
GetParent
LoadCursorW
GetCursor
PtInRect
GetCursorPos
GetWindowRect
ScreenToClient
DestroyIcon
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
RegisterClipboardFormatW
SetClipboardData
EmptyClipboard
PostMessageW
IsWindowEnabled
WindowFromDC
SendMessageA
DestroyWindow
BeginPaint
EndPaint
GetDC
GetWindowDC
ReleaseDC
DefWindowProcW
GetWindowLongW
SetWindowLongW
RegisterWindowMessageW
SetTimer
LoadImageW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
SetLastErrorEx
SetDlgItemTextW
LoadStringW
SystemParametersInfoW
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
CallWindowProcW
RegisterClassW
DrawTextW
GetClientRect
GetSystemMetrics
MoveWindow
SetFocus
SetCapture
GetSysColor
DrawEdge
ReleaseCapture
KillTimer
CreateWindowExW
DialogBoxParamW

gdi32

CreateHalftonePalette
GetObjectW
SelectPalette
RealizePalette
CreateBitmap
SetBkColor
SetTextColor
BitBlt
CreateBrushIndirect
CreateSolidBrush
SelectObject
CreatePen
Rectangle
DeleteObject
CreateCompatibleDC
StartDocW
DeleteDC
CreateDCW
CopyEnhMetaFileW
GetDIBits
MoveToEx
LineTo
SetBkMode

advapi32

RegCloseKey
CryptEncrypt
CryptGetHashParam
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
ImpersonateSelf
OpenThreadToken
MapGenericMask
AccessCheck
RevertToSelf
GetUserNameW
GetFileSecurityW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromProgIDEx
StgIsStorageFile
StgCreateStorageEx
StgCreateDocfile
StgOpenStorageOnILockBytes
StgOpenStorage
StgOpenStorageEx
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoCreateGuid
StgCreateDocfileOnILockBytes
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

CreateErrorInfo
SysStringLen
SetErrorInfo
GetErrorInfo
SysFreeString
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayLock
SafeArrayUnlock
OleCreatePictureIndirect
VariantChangeType
VariantInit
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysAllocString
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr

shlwapi

SHDeleteKeyW

iphlpapi

GetAdaptersInfo

ws2_32

gethostbyname
WSAStartup
socket
connect
send
recv
closesocket
select
inet_addr
htons
ntohl
htonl
WSACleanup

wininet

HttpSendRequestW
InternetOpenW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetConnectW
HttpOpenRequestW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

gdiplus

GdiplusShutdown
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDrawImageRectI
GdipSetPageUnit
GdipSetSmoothingMode
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipAlloc
GdipFree
GdipDeleteGraphics
GdipLoadImageFromStream
GdiplusStartup

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetUSBDriveInfo
RtmGetVersion
RtmGetVersion2
StartupFunc
WeRTlwN
XyWaaQ
cWeuyRtj
xlAddInManagerInfo
xlAddInManagerInfo12
xlAutoClose
xlAutoOpen

Sections

.text
Size: 878KB - Virtual size: 877KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lxRtmDa
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

7848449e2eabbf3231a2a17635dbabf3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

ws2_32

wininet

version

gdiplus

Exports

Exports

Sections

.text Size: 878KB - Virtual size: 877KB

.rdata Size: 153KB - Virtual size: 152KB

.data Size: 15KB - Virtual size: 33KB

.lxRtmDa Size: 3KB - Virtual size: 2KB

.rsrc Size: 325KB - Virtual size: 324KB

.reloc Size: 41KB - Virtual size: 40KB

.text Size: 160KB - Virtual size: 160KB

.text
Size: 878KB - Virtual size: 877KB

.rdata
Size: 153KB - Virtual size: 152KB

.data
Size: 15KB - Virtual size: 33KB

.lxRtmDa
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 325KB - Virtual size: 324KB

.reloc
Size: 41KB - Virtual size: 40KB

.text
Size: 160KB - Virtual size: 160KB