09da053bfed571a468b35692a7c0005b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

09da053bfed571a468b35692a7c0005b_JaffaCakes118
Size

212KB
MD5

09da053bfed571a468b35692a7c0005b
SHA1

f3514dbf777850da8343ff2f904f2908296eb23b
SHA256

cb9b8ec6e484200c461e85d6df020fb677da00b828c325e3daea262df8491348
SHA512

23b161692ea7e2d5b12ff09738918e769c15c2cdfd9ceb3a1bf05e39d53717ac2a3575bde6fb8fd5172de0488a796a03ec2907d551d884c3390b3b6bb1885616
SSDEEP

6144:yEXmxj3upYxUZCNbZmSNnYKCae3T8TcDgJZVgx4:qxqK2Z2ZnNnYrT84DSZVgx4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09da053bfed571a468b35692a7c0005b_JaffaCakes118

Files

09da053bfed571a468b35692a7c0005b_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

44b59bdc4e5ae9a25b7c2f30a339d05c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

safrslv.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_adjust_fdiv
_initterm
_close
wcscat
_CxxThrowException
wcscmp
iswdigit
_wopen
_write
_purecall
wcslen
__CxxFrameHandler
realloc
free
_wtol
wcsncmp
wcsncpy
vswprintf
malloc

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoWaitForMultipleHandles
CoTaskMemFree

oleaut32

LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysAllocString
SysFreeString
SysStringLen

user32

wsprintfW
CharNextW

kernel32

ExpandEnvironmentStringsW
MultiByteToWideChar
lstrlenW
lstrcpyW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
lstrcpynW
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
lstrcatW
GetModuleFileNameW
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW
DisableThreadLibraryCalls
lstrlenA
SizeofResource
LoadResource
FindResourceW
GetLastError
LoadLibraryExW
GetShortPathNameW
LocalAlloc
OutputDebugStringA
GetSystemDirectoryW
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
CloseHandle
CreateRemoteThread
SetEnvironmentVariableW
CreateEventW
DuplicateHandle
GetCurrentProcess
OpenProcess
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
ConvertStringSidToSidW
FreeSid
SystemFunction036
CreateProcessAsUserW
IsValidSid
CopySid
EqualSid
LookupAccountSidW
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
RegSetValueExW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

winsta

WinStationQueryInformationW

shlwapi

wnsprintfW
StrCmpIW

psapi

GetModuleBaseNameW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44b59bdc4e5ae9a25b7c2f30a339d05c

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ole32

oleaut32

user32

kernel32

advapi32

userenv

wtsapi32

winsta

shlwapi

psapi

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 32KB

.data Size: 169KB - Virtual size: 169KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 32KB

.data
Size: 169KB - Virtual size: 169KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 3KB