f20f07e8bd65d321845a9df4b34e12e8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f20f07e8bd65d321845a9df4b34e12e8_JaffaCakes118
Size

328KB
MD5

f20f07e8bd65d321845a9df4b34e12e8
SHA1

319778ac4706533cbfedbc43a40a6ca11e581f32
SHA256

393c0246c461558bc8b4e30fdaf018f0ddc3d8c4424238c05948a6273b23eaa3
SHA512

b03f3cb4f11aa6c4b60e628417b36920c9731d77c4e8b6d24983542d6f28ed0e677c50d7654d4d0da5931099944e01f8a989c719d621388b92e1c7b97a5e6a12
SSDEEP

6144:QZXISo9g9OTuD2pQFWTq+mUHtQ2mUfzdvbwN/Bvuzi:QJItu9Eu1WTq+urEzdjwN1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f20f07e8bd65d321845a9df4b34e12e8_JaffaCakes118

Files

f20f07e8bd65d321845a9df4b34e12e8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

eb9a29cbed69b95f57c5469dc9866c0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\projects\Overland\components\HPDataTransmission\HP_DTC\Release\HP_DTC.pdb

Imports

wininet

HttpSendRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
InternetGetConnectedState
InternetReadFileExA
HttpQueryInfoA
InternetCloseHandle
HttpOpenRequestA
InternetConnectA
HttpEndRequestA
InternetOpenA

kernel32

ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
GetShortPathNameA
GetModuleFileNameA
FindClose
FindFirstFileA
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
lstrcpynA
IsDBCSLeadByte
FreeLibrary
LocalFree
FormatMessageA
LoadLibraryExA
QueryPerformanceCounter
DeleteFileA
CreateDirectoryA
GetTempPathA
CopyFileA
MoveFileA
GetFileSize
CloseHandle
Sleep
WaitForSingleObject
CreateThread
lstrcatA
FreeResource
GetModuleHandleA
GetSystemDefaultLangID
CreateMutexA
OpenMutexA
SetFilePointer
UnlockFile
SetEndOfFile
WriteFile
GetTickCount
LockFile
ReleaseMutex
SetLastError
OutputDebugStringA
GetCurrentThreadId
GetTimeFormatA
GetDateFormatA
HeapFree
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
HeapDestroy
CreateFileA
ReadFile

user32

LoadIconA
SetTimer
BeginPaint
GetClientRect
FillRect
EndPaint
PostQuitMessage
DispatchMessageA
CreateWindowExA
RegisterClassExA
SendMessageA
SetMenuItemInfoA
IsWindow
DestroyWindow
CharNextA
GetWindowLongA
SetWindowLongA
DefWindowProcA
GetMessageA
KillTimer
TranslateMessage

advapi32

RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA

shell32

Shell_NotifyIconA
SHGetFileInfoA

ole32

CoTaskMemFree
StringFromCLSID
OleRun
CoCreateInstance
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoUninitialize
CoInitializeEx

hpvaut32

ord313
ord5
ord277
ord8
ord9
ord12
ord161
ord162
ord186
ord163
ord150
ord149
ord7
ord6
ord4
ord2
ord200

hpvcr70

atol
wcsncpy
__dllonexit
_wcsicmp
realloc
??3@YAXPAX@Z
__CxxFrameHandler
??_U@YAPAXI@Z
memmove
vsprintf
_vscprintf
_mbscmp
_mbslwr
_mbsupr
_mbscspn
_mbsspn
_mbsrchr
_mbsstr
_mbsicmp
_purecall
strchr
printf
strncat
strstr
_ultoa
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
wcsstr
free
malloc
_except_handler3
memset
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_ltoa
_adjust_fdiv
_initterm
_onexit
_CxxThrowException
??_V@YAXPAX@Z
??2@YAPAXI@Z
_mbschr

hpvcp70

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eb9a29cbed69b95f57c5469dc9866c0c

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

shell32

ole32

hpvaut32

hpvcr70

hpvcp70

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 84KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 8KB - Virtual size: 7KB

.text Size: 180KB - Virtual size: 180KB

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 180KB - Virtual size: 180KB