JaffaCakes118_4afb0546de239dc16fa97d58f23e0830

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4afb0546de239dc16fa97d58f23e0830
Size

782KB
MD5

4afb0546de239dc16fa97d58f23e0830
SHA1

73c3adacbb4998bfd935b91acc04a1e2c2460702
SHA256

9301eebbe6e566d4278f9b6a5d3142b3146fdae48b3bac20a6463ac8af507d5a
SHA512

c3aecbb9c85532174a9cdd59d520b6c8244a63c3c13ccf8dbe7f69b4f4bbacf797232cd2f24eb6309ad84eefde98de1eac230fab7397681c324a1d414316d46f
SSDEEP

24576:lxHRCGMpEGZ87FESpY5kTYxpGxgl0tMyqniPkMA:/deED7NY5kTGpGxgleMyqniPkMA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4afb0546de239dc16fa97d58f23e0830

Files

JaffaCakes118_4afb0546de239dc16fa97d58f23e0830
.dll regsvr32 windows:6 windows x86 arch:x86

569b7ee86c0b56220429984e2ff53158

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

iedvtool.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
realloc
?terminate@@YAXXZ
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_unlock
_wcslwr
_errno
__CxxFrameHandler
_mbsstr
floor
_CIcos
_CIsin
_CIsqrt
_CIatan2
memcpy
towlower
_wcsnicmp
iswdigit
iswalpha
towupper
iswalnum
wcsstr
iswxdigit
wcsrchr
iswspace
strtoul
wcschr
calloc
strchr
toupper
_vsnwprintf
_CxxThrowException
memset
_vscwprintf
_wcsicmp
_purecall
malloc
__dllonexit
_lock
_onexit
memmove
mbtowc
__mb_cur_max
isleadbyte
_iob
_snprintf
_itoa
ferror
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
free
bsearch
wcsncmp

kernel32

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SearchPathW
GetLocaleInfoW
GlobalFree
EnumUILanguagesW
InterlockedIncrement
InterlockedDecrement
lstrcmpW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
GetLastError
WideCharToMultiByte
lstrcmpiA
lstrlenW
Sleep
GetTickCount
lstrlenA
HeapFree
HeapAlloc
GetProcessHeap
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
GlobalUnlock
GlobalLock
GlobalAlloc
TlsGetValue
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
MulDiv
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
LocalFree
FreeLibrary
GetModuleHandleW
LoadLibraryW
TlsSetValue
GlobalAddAtomW
GetProcAddress
CloseHandle
IsDebuggerPresent
SetEvent
WaitForSingleObject
ResetEvent
CreateThread
CreateEventW
InterlockedExchange
GetModuleFileNameW
GetVersionExW
TlsFree
TlsAlloc
lstrcmpA
GetCurrentProcessId
CreateFileW
WriteFile
GetTempFileNameW
ReadFile
GetFileSize
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
LoadLibraryExW
OpenEventW
GetVersionExA
GetVersion
LoadLibraryA
VirtualFree
VirtualAlloc
InterlockedCompareExchange
OutputDebugStringA
RtlUnwind
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW

user32

GetDlgItemInt
GetActiveWindow
GetWindowInfo
GetWindow
GetClassLongW
SetLayeredWindowAttributes
ReleaseCapture
DrawEdge
UpdateWindow
GetCapture
SetCapture
IsIconic
GetClassInfoExW
TrackPopupMenu
RegisterClassExW
CheckMenuItem
GetMenuState
PostThreadMessageW
SystemParametersInfoA
AllowSetForegroundWindow
BringWindowToTop
CharNextW
NotifyWinEvent
UnregisterClassA
TrackPopupMenuEx
CreatePopupMenu
AppendMenuW
SetMenuItemInfoW
DestroyMenu
MessageBoxW
CloseWindow
LoadImageW
SendDlgItemMessageW
LoadIconW
MsgWaitForMultipleObjects
DestroyIcon
GetWindowThreadProcessId
AttachThreadInput
BeginPaint
FindWindowExW
EndPaint
GetUpdateRect
ValidateRect
DrawFocusRect
InSendMessageEx
ReplyMessage
IsWindowEnabled
GetComboBoxInfo
GetDesktopWindow
SetPropW
GetPropW
RemovePropW
EndDialog
CallWindowProcW
ClientToScreen
GetClassNameW
SetForegroundWindow
LoadAcceleratorsW
DestroyAcceleratorTable
GetMessagePos
CallNextHookEx
PostMessageW
EnableMenuItem
UnhookWindowsHookEx
SetWindowsHookExW
KillTimer
SetTimer
LoadMenuW
GetSubMenu
TranslateAcceleratorW
GetKeyState
MapWindowPoints
GetParent
EnableWindow
SetDlgItemTextW
IsDlgButtonChecked
CheckDlgButton
DialogBoxParamW
SetParent
ShowCaret
GetWindowTextW
DrawTextW
IsRectEmpty
UnionRect
InflateRect
EqualRect
CopyRect
SetRect
GetSystemMetrics
IntersectRect
GetFocus
SystemParametersInfoW
RedrawWindow
GetSysColorBrush
GetSysColor
IsWindowVisible
SetFocus
GetClientRect
CreateWindowExW
DefWindowProcW
MoveWindow
SetWindowLongW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
WindowFromPoint
GetWindowLongW
IsChild
ScreenToClient
ChildWindowFromPoint
GetDC
ReleaseDC
IsWindow
SendMessageW
LoadStringW
GetDlgItem
SetWindowTextW
InvalidateRect
SetClassLongW
FillRect
FrameRect
DestroyCursor
CreateDialogParamW
ShowWindow
LoadCursorW
SetCursor
DestroyWindow
PeekMessageW
TranslateMessage
DispatchMessageW
SetWindowPos
OffsetRect
PtInRect
SetRectEmpty
GetWindowRect

ole32

CreateStreamOnHGlobal
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoUninitialize
CoInitializeEx
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
OleInitialize
OleUninitialize

oleaut32

VariantInit
SysAllocStringLen
SysAllocString
SysStringLen
VariantChangeType
SysFreeString
SysStringByteLen
VarUI4FromStr
VarBstrCat
VariantClear
VarBstrCmp
VariantCopy
SysAllocStringByteLen

oleacc

CreateStdAccessibleObject
LresultFromObject

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW

shell32

SHGetFolderPathW
ord171
SHGetInstanceExplorer

gdi32

IntersectClipRect
SelectClipRgn
GetClipRgn
CreateRectRgn
GetObjectW
SetBkColor
GetBkColor
SetTextColor
SelectObject
CreateFontIndirectW
GetCurrentObject
GetTextColor
SetLayout
GetDeviceCaps
SetBkMode
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
Rectangle
GetStockObject
CreatePen
LineTo
MoveToEx
CreateFontW
GetTextExtentPointW
CreatePatternBrush
CreateBitmap
PatBlt
CombineRgn
GetTextExtentPoint32W
GetPixel
CreateSolidBrush
DeleteObject
StretchBlt
SetTextAlign
TextOutW

urlmon

CoInternetCreateZoneManager
CoInternetIsFeatureEnabled
CoInternetCombineIUri
GetMarkOfTheWeb
ord423
CreateUri

wininet

InternetSetOptionW
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
PrivacyGetZonePreferenceW
PrivacySetZonePreferenceW
HttpOpenRequestW
GetUrlCacheEntryInfoW
InternetCanonicalizeUrlW
RetrieveUrlCacheEntryStreamW
ReadUrlCacheEntryStream
UnlockUrlCacheEntryStream
InternetGetCookieW

msimg32

TransparentBlt
GradientFill

shlwapi

PathRemoveExtensionW
PathAddExtensionW
UrlCanonicalizeW
StrStrW
ord225
SHStrDupW
SHDeleteKeyW
StrChrW
StrToIntW
PathAppendW
PathFindExtensionW
ord2
StrRChrW
PathFindFileNameW
PathUndecorateW
SHCreateStreamOnFileW
StrCmpW
StrCmpIW
ord219
StrChrA

iertutil

ord681
ord457
ord458
ord519
ord453
ord518
ord32
ord64
ord65
ord68
ord61
ord660
ord657
ord656
ord655
ord654
ord651
ord650
ord70

ieframe

ord319
ord318
ord320
IEIsProtectedModeProcess

uxtheme

IsThemeActive

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 515KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

569b7ee86c0b56220429984e2ff53158

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

ole32

oleaut32

oleacc

advapi32

shell32

gdi32

urlmon

wininet

msimg32

shlwapi

iertutil

ieframe

uxtheme

Exports

Exports

Sections

.text Size: 515KB - Virtual size: 515KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 181KB - Virtual size: 180KB

.reloc Size: 25KB - Virtual size: 24KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 515KB - Virtual size: 515KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 181KB - Virtual size: 180KB

.reloc
Size: 25KB - Virtual size: 24KB

.rmnet
Size: 56KB - Virtual size: 60KB