General

Malware Config

Signatures

Files

• 68ef5a4ecab4fe38ace1b7dba86eec71_JaffaCakes118

  .dll regsvr32 windows:6 windows x86 arch:x86

  2fdd613595b2aa09b5ca62d0d319e1b3

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  iasdatastore.pdb

  Imports

  msvcrt

  _adjust_fdiv

  _except_handler4_common

  ??1type_info@@UAE@XZ

  __CxxFrameHandler3

  free

  _CxxThrowException

  ??0exception@@QAE@XZ

  malloc

  _callnewh

  __dllonexit

  _lock

  _onexit

  _XcptFilter

  _initterm

  _unlock

  _amsg_exit

  ??0exception@@QAE@ABV0@@Z

  ??1exception@@UAE@XZ

  ?what@exception@@UBEPBDXZ

  memcpy

  vswprintf_s

  wcsncpy_s

  _wtoi

  wcscat_s

  memset

  sprintf_s

  _wcsupr_s

  wcscpy_s

  wcsrchr

  atl

  ord15

  ord16

  ord21

  ord18

  ord22

  ord23

  ord32

  iassvcs

  IASGetProductLimits

  IASRegisterComponent

  IASVariantChangeType

  ntdll

  RtlImageNtHeader

  RtlAllocateHeap

  RtlFreeHeap

  advapi32

  RegOpenKeyExW

  OpenSCManagerA

  OpenServiceA

  CloseServiceHandle

  QueryServiceStatusEx

  RegOpenKeyW

  RegQueryValueExW

  RegCloseKey

  kernel32

  CreateFileW

  CloseHandle

  FindResourceW

  FreeLibrary

  LoadLibraryW

  GetModuleHandleW

  GetSystemDirectoryW

  SetLastError

  GetModuleFileNameW

  VirtualQuery

  LocalFree

  FormatMessageA

  MultiByteToWideChar

  lstrlenA

  ExpandEnvironmentStringsW

  InitializeCriticalSection

  DeleteCriticalSection

  InterlockedIncrement

  InterlockedDecrement

  DisableThreadLibraryCalls

  EnterCriticalSection

  LeaveCriticalSection

  GetSystemInfo

  InterlockedExchange

  Sleep

  InterlockedCompareExchange

  QueryPerformanceCounter

  GetTickCount

  GetCurrentThreadId

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  SwitchToThread

  TryEnterCriticalSection

  LoadResource

  SizeofResource

  GetLastError

  ole32

  CoTaskMemFree

  CoTaskMemAlloc

  CoCreateInstance

  OleRun

  oleaut32

  SysAllocString

  SysAllocStringByteLen

  SysStringByteLen

  SysStringLen

  VariantInit

  VariantCopy

  VariantClear

  GetErrorInfo

  SysFreeString

  rtutils

  TraceVprintfExA

  TracePutsExA

  TraceRegisterExW

  TraceDeregisterW

  rpcrt4

  CStdStubBuffer_CountRefs

  NdrDllCanUnloadNow

  NdrOleAllocate

  NdrOleFree

  IUnknown_QueryInterface_Proxy

  IUnknown_AddRef_Proxy

  IUnknown_Release_Proxy

  CStdStubBuffer_QueryInterface

  CStdStubBuffer_AddRef

  CStdStubBuffer_Connect

  CStdStubBuffer_Disconnect

  CStdStubBuffer_Invoke

  CStdStubBuffer_IsIIDSupported

  CStdStubBuffer_DebugServerQueryInterface

  CStdStubBuffer_DebugServerRelease

  NdrDllUnregisterProxy

  NdrDllRegisterProxy

  NdrCStdStubBuffer_Release

  NdrDllGetClassObject

  vssapi

  CreateWriter

  Exports

  Exports

  DllCanUnloadNow

  DllGetClassObject

  DllRegisterServer

  DllUnregisterServer

  Sections

  .text

  Size: 36KB - Virtual size: 35KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .orpc

  Size: 512B - Virtual size: 184B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ