f884ba2edb6ed7575fd46a2fd5cf291f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f884ba2edb6ed7575fd46a2fd5cf291f_JaffaCakes118
Size

289KB
MD5

f884ba2edb6ed7575fd46a2fd5cf291f
SHA1

25e341295344a61dc245ecb0fb435b0d2154b186
SHA256

7bc081523f37fdce81703bd23b43e23401cd9911797d0a8721c621f88bbc001f
SHA512

87656bc4ff10944759ec496ed9567d12886a9f4a20bedb972ee35117a11ba023383e4098ce670d9acd5520456f712b5c23073a01cfcbbc0ab2f1768711b7b178
SSDEEP

6144:nvobd/PdGHLjO1+CZ1b3MDjejwUyN0LYkvPFY:Wd9/LpwU/LY2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f884ba2edb6ed7575fd46a2fd5cf291f_JaffaCakes118

Files

f884ba2edb6ed7575fd46a2fd5cf291f_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

7012b3d56c57837628a1b8fdaadc70fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\source\rpshellextension\rel32\rpshellextension.pdb

Imports

ole32

StringFromCLSID
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
SetThreadLocale
GetThreadLocale
LockResource
FindResourceExA
GlobalFree
GlobalUnlock
GlobalLock
GetCurrentProcessId
SetEnvironmentVariableA
GetEnvironmentVariableA
Sleep
CloseHandle
WaitForSingleObject
GetCurrentThreadId
TryEnterCriticalSection
CreateMutexA
ReleaseMutex
LoadLibraryA
GetVersionExA
InterlockedDecrement
GetTickCount
GetSystemInfo
GetVersion
GlobalAlloc
GetSystemDirectoryA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
InterlockedExchange
SetErrorMode
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InterlockedIncrement
IsDBCSLeadByte
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
lstrcmpiA
lstrlenA
GetLastError
DeleteCriticalSection

user32

wsprintfA
GetSystemMetrics
GetDC
ReleaseDC
CharNextW
CharNextA

advapi32

RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegCreateKeyA
RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegQueryValueExA
RegSetValueA
RegDeleteKeyA

shell32

SHGetFileInfoA

oleaut32

LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

gdi32

CreateDIBitmap
DeleteDC
StretchBlt
CreateBitmap
SelectObject
SetBrushOrgEx
SetStretchBltMode
GetStretchBltMode
CreateCompatibleDC
DeleteObject

msvcr90

printf
__CppXcptFilter
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
_adjust_fdiv
_unlock
_except_handler4_common
_access
??0exception@std@@QAE@ABV01@@Z
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_amsg_exit
_initterm_e
_initterm
__dllonexit
_putenv
_encoded_null
??3@YAXPAX@Z
strstr
malloc
free
memcpy_s
strcpy_s
wcsncpy_s
strncpy_s
strcat_s
??_V@YAXPAX@Z
_resetstkoflw
_recalloc
??_U@YAPAXI@Z
memset
strncpy
__CxxFrameHandler3
calloc
_purecall
??2@YAPAXI@Z
sprintf
strtol
strrchr
realloc
memcpy
_vsnprintf
memmove
_stat32
strchr
getenv
_ismbblead
_stricmp
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
_CxxThrowException

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
RMACreateInstance
RMAShutdown
SetDLLAccessPath

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7012b3d56c57837628a1b8fdaadc70fc

Headers

File Characteristics

PDB Paths

Imports

ole32

version

kernel32

user32

advapi32

shell32

oleaut32

gdi32

msvcr90

msvcp90

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 73KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 172KB - Virtual size: 173KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 172KB - Virtual size: 173KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 14KB - Virtual size: 14KB