00dfbee134ee37d95c4315bace3db13b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

00dfbee134ee37d95c4315bace3db13b_JaffaCakes118
Size

338KB
MD5

00dfbee134ee37d95c4315bace3db13b
SHA1

768fab6b29b43a2b781956bc39495944c5b3157f
SHA256

a0dca37a88d327238fa27d89b7bcb0c112eb666d73d4ad806c6ddd61adba2c6e
SHA512

d096fd044ec024b31449b843e724b1fb96c150498b69825922f0fb665e03ec269232b999648142535272b297b105942d7c56680510e32637a76b79bd82b7945b
SSDEEP

6144:x+VLPPGEA+Nu65tq9hXnpVX0i2L8NzCyddDEDAOA:xALHGERyXnpVX0i2LW70O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00dfbee134ee37d95c4315bace3db13b_JaffaCakes118

Files

00dfbee134ee37d95c4315bace3db13b_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

75b34b8f69e72fca5cbc2ead5d76fc7f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\mpchome1015\bin\x86\FLVSplitter.pdb

Imports

kernel32

LocalAlloc
GlobalAddAtomW
WritePrivateProfileStringW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
CompareStringW
GetModuleHandleA
GlobalFlags
GetVersionExA
LoadLibraryA
GlobalFindAtomW
HeapFree
RtlUnwind
GetCommandLineA
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapAlloc
ExitProcess
HeapReAlloc
GetFileType
VirtualQuery
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetFullPathNameW
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
SetLastError
DeleteFileW
Sleep
RaiseException
GetModuleFileNameW
CreateFileW
GetVolumeInformationW
FindFirstFileW
FindClose
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
DisableThreadLibraryCalls
CreateThread
GetVersionExW
GetTickCount
GetCurrentThread
SetThreadPriority
GetModuleHandleW
GetProcAddress
InterlockedExchange
VirtualAlloc
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
VirtualFree
WaitForSingleObject
ResetEvent
SetEvent
CreateEventW
CloseHandle
lstrcmpW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
InterlockedDecrement
FreeLibrary
InterlockedIncrement
GetModuleFileNameA
GetLastError
lstrlenA
MultiByteToWideChar
lstrlenW
SetStdHandle

user32

ShowWindow
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
DestroyMenu
GetClassInfoExW
CharUpperW
GetSystemMetrics
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
UnhookWindowsHookEx
PostMessageW
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
DispatchMessageW
RegisterWindowMessageW
PeekMessageW
SetRect
GetForegroundWindow

gdi32

ScaleWindowExtEx
DeleteDC
GetStockObject
RestoreDC
SetWindowExtEx
RectVisible
PtVisible
SaveDC
ScaleViewportExtEx
CreateBitmap
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
SetBkColor
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
ExtTextOutW

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW

shlwapi

PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathFindFileNameW

ole32

StringFromGUID2
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString

oleaut32

SysAllocStringLen
VariantChangeType
SysAllocString
SysFreeString
VariantInit
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75b34b8f69e72fca5cbc2ead5d76fc7f

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 195KB - Virtual size: 195KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 26KB - Virtual size: 41KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 195KB - Virtual size: 195KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 26KB - Virtual size: 41KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 43KB - Virtual size: 43KB