07a5ccf44af5ef1d336a83c4899d0c7e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

07a5ccf44af5ef1d336a83c4899d0c7e_JaffaCakes118
Size

330KB
MD5

07a5ccf44af5ef1d336a83c4899d0c7e
SHA1

8d4215fb987c3faf61991d283125c1a86c705ac2
SHA256

571dab4bc3203e9c545a0f2dfdd8984dcf0580f2d4259094d599f90d00457b85
SHA512

1cf5fa1ce8feed9198c6eab66872a196b6b3dd4e328cac761ec8a78dd0e68b22a62c264ce2545c5363efa162eef204d05794c1b13dfb42b8b57c13207fb5eda9
SSDEEP

6144:7rf6NxyZZ5cw+omyZs2MO7chmSkLFd2hhWtCnMj+g:7ryN8T5c1wtMOQmNd2fWtWg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07a5ccf44af5ef1d336a83c4899d0c7e_JaffaCakes118

Files

07a5ccf44af5ef1d336a83c4899d0c7e_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

cc8c38c7a7f10664e19bf757006a3e1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

audiodev.pdb

Imports

msvcrt

_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
_wtoi
memcpy
_vsnwprintf
memset

kernel32

DelayLoadFailureHook
GetVersionExA
FileTimeToLocalFileTime
DosDateTimeToFileTime
SetUnhandledExceptionFilter
GetModuleHandleA
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
LoadLibraryA
InterlockedCompareExchange
GetLocaleInfoW
GetNumberFormatW
CreateEventW
WaitForMultipleObjects
SetEvent
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
lstrlenA
UnhandledExceptionFilter
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeviceIoControl
GlobalFree
GlobalReAlloc
GlobalAlloc
InterlockedIncrement
LocalAlloc
LocalFree
GetLastError
lstrlenW
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
Sleep
WaitForSingleObject
CreateMutexW
CloseHandle
ReleaseMutex
GetExitCodeThread
CreateThread
SystemTimeToFileTime
GetSystemTime
MapViewOfFile
CreateFileMappingW
SetFilePointer
DeleteFileW
UnmapViewOfFile
CreateFileW
GetTempPathW
ReadFile
lstrcmpiW
lstrcmpW
GlobalUnlock
GlobalLock
GlobalSize
GetCurrentProcessId
ActivateActCtx
CreateActCtxW
GetModuleFileNameW
ReleaseActCtx
DeactivateActCtx
GetModuleHandleW
FormatMessageW
FileTimeToSystemTime
HeapAlloc
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA

user32

DialogBoxParamW
RegisterClipboardFormatW
GetShellWindow
LoadMenuW
GetMenuItemCount
GetMenuItemInfoW
CreatePopupMenu
GetMenuDefaultItem
DestroyWindow
GetLastActivePopup
SwitchToThisWindow
FindWindowW
GetClassNameW
GetWindowThreadProcessId
SendMessageTimeoutW
GetWindow
GetClassInfoW
LoadCursorW
RegisterClassW
CreateWindowExW
SetWindowTextW
WinHelpW
SendDlgItemMessageW
SetTimer
KillTimer
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
GetWindowLongW
SetWindowLongW
EndDialog
LoadIconW
LoadStringW
SetDlgItemTextW
ShowWindow
SetFocus
DefWindowProcW
GetDlgItem
PostMessageW
CopyImage
DestroyIcon
SendMessageW
GetSystemMetrics
CharNextW
CharNextA
GetSubMenu
RemoveMenu

shell32

SHGetDesktopFolder
ord6
ord256
ord701
SHChangeNotify
ord21
ord155
ord17
SHGetFileInfoW
ord750
SHGetPathFromIDListW
SHBindToParent
ord23
ord743
SHGetSettings
SHParseDisplayName
ExtractIconExW
ord152
ord19
ord67
ord18
ord16
ord74
ord25

shlwapi

ord10
ord8
ord9
StrCmpW
StrFormatKBSizeW
PathRemoveBlanksW
StrCmpIW
ord172
PathFindFileNameW
ord7
PathFindExtensionW
ord388
ord176
ord168
StrFormatByteSizeW
ord16
StrCmpLogicalW
AssocCreate
ord199
StrRChrW
ord158
ord219
PathAppendW
PathCombineW
PathRemoveFileSpecW
StrRetToBufW
SHStrDupW
ord487
SHQueryValueExW
ord174
SHGetThreadRef
StrToIntW
StrDupW
ord354

wmvcore

WMCreateEditor

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
_CDefFolderMenu_MergeMenu@16
_CIDLData_CreateFromIDArray@16
_GUIDFromStringW@8
_GetUIVersion@0
_ParseURLW@8
_SHAnsiToUnicode@12
_SHCoCreateInstanceAC@20
_SHGetMenuFromID@8
_SHGetObjectCompatFlags@8
_SHInvokeCommandOnContextMenu@20
_SHInvokeCommandsOnContextMenu@24
_SHLoadRegUIStringW@16
_SHStringFromGUIDW@12
_SHUnicodeToAnsi@12

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc8c38c7a7f10664e19bf757006a3e1d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

shell32

shlwapi

wmvcore

Exports

Exports

Sections

.text Size: 167KB - Virtual size: 166KB

.data Size: 65KB - Virtual size: 66KB

.rsrc Size: 88KB - Virtual size: 87KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 167KB - Virtual size: 166KB

.data
Size: 65KB - Virtual size: 66KB

.rsrc
Size: 88KB - Virtual size: 87KB

.reloc
Size: 9KB - Virtual size: 8KB