09076b0f3e8e9db254e135ab1c5efe82_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

09076b0f3e8e9db254e135ab1c5efe82_JaffaCakes118
Size

308KB
MD5

09076b0f3e8e9db254e135ab1c5efe82
SHA1

52c894382bfc40e838765f38531595dfb5ee6ad0
SHA256

3703a11d6b5e8bfed19a675095dc01aa0ff2f9eeb731f77c264ec3c765a36aca
SHA512

3458768ab66fac3333c92bd9b054dc81861461f1768a0f67dd5d94b0029305e24f6d4c4338c92c23b35817d153366a17893c83c02c2859029ccee1d9616f99da
SSDEEP

6144:QReuUYI/CiWDTpwhcQOL3+K9EAUUeJchE546qq1:QReuUYWCNDTpw/Oz9iApwcu5xqm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09076b0f3e8e9db254e135ab1c5efe82_JaffaCakes118

Files

09076b0f3e8e9db254e135ab1c5efe82_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

f145e287031dfbdbda8c13c0f213a48e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sqlxmlx.pdb

Imports

msvcrt

localeconv
_snwprintf
wcsrchr
_wcsicmp
wcstol
_CxxThrowException
_wtol
__CxxFrameHandler
free
_initterm
wcsncmp
swprintf
_itow
_i64tow
strncpy
_snprintf
wcscpy
wcscmp
_purecall
wcsncpy
_wcsnicmp
iswspace
wcschr
_ltow
wcslen
malloc
_adjust_fdiv
__dllonexit
_onexit
?terminate@@YAXXZ
_except_handler3
wcsspn
towlower
memmove

kernel32

LoadLibraryA
GetProcAddress
GetVersionExA
LoadLibraryExA
GetModuleFileNameA
CloseHandle
FreeLibrary
LocalFree
GetUserDefaultLCID
InterlockedDecrement
InterlockedIncrement
CompareFileTime
CreateFileA
GetFileTime
GetFileType
CreateFileW
IsBadCodePtr
GetCurrentProcessId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetFullPathNameW
GetCurrentThreadId
GetTickCount
IsDBCSLeadByteEx
GetLastError
WideCharToMultiByte
GetCPInfo
GetVersion
MultiByteToWideChar
FormatMessageA
SetLastError
LocalAlloc
FormatMessageW
QueryPerformanceCounter

user32

LoadStringA
LoadStringW

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

ole32

CoTaskMemFree
CoGetMalloc
CoCreateInstance
CoGetClassObject

oleaut32

VariantInit
CreateErrorInfo
SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantClear
GetErrorInfo
SetErrorInfo
SysFreeString
SysAllocStringLen

shlwapi

UrlIsW

msdart

mpMalloc
mpFree
?WriteUnlock@CSmallSpinLock@@QAEXXZ
?WriteLock@CSmallSpinLock@@QAEXXZ
MpHeapAlloc
MpHeapReAlloc
?CreateHolder@@YGJPAUIGPDispenser@@HIPAPAUIGPHolder@@@Z
?WriteLock@CReaderWriterLock2@@QAEXXZ
mpRealloc
FXMemDetach
FXMemAttach
MpGetHeapHandle
??1CSmallSpinLock@@QAE@XZ

msdatl3

??1CClassFactory@@QAE@XZ
??0CClassFactory@@QAE@PAJ0@Z
?QueryInterface@CClassFactory@@UAGJABU_GUID@@PAPAX@Z
?AddRef@CClassFactory@@UAGKXZ
?Release@CClassFactory@@UAGKXZ
?LockServer@CClassFactory@@UAGJH@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
ExecuteToStream

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f145e287031dfbdbda8c13c0f213a48e

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msdart

msdatl3

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 178KB

.data Size: 12KB - Virtual size: 8KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 180KB - Virtual size: 178KB

.data
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 12KB - Virtual size: 8KB