0c576b3371b4cc326d3cbca731d08e0a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c576b3371b4cc326d3cbca731d08e0a_JaffaCakes118
Size

112KB
MD5

0c576b3371b4cc326d3cbca731d08e0a
SHA1

d56fd742dca843820dfc76823cd2bd6e04e7c87f
SHA256

c8133cffef6c9df6e4ab2b31d3add18fa6fee6e58db135d9e9dc0349e2ae5f07
SHA512

312d0664d4cf92229e89728ecf73209f60cc13e4b1697d6b037215bbeabcce9d8462d90e4218572d1f86a086d112ce055322c0a675655238248f7e709fc0a6d6
SSDEEP

1536:K2zLGi/EwZ9qVk4i3UcreYIWi24WoPdrY7LX9+Dr99MF7:vzVB6i3EYInrY7LXaa7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c576b3371b4cc326d3cbca731d08e0a_JaffaCakes118

Files

0c576b3371b4cc326d3cbca731d08e0a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

2345b24317959fea2bbca42377377bea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr71

__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__security_error_handler
memset
_CxxThrowException
strstr
_strlwr
realloc
??_V@YAXPAX@Z
??_U@YAPAXI@Z
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_except_handler3
_resetstkoflw
free
malloc

rpcrt4

NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrCStdStubBuffer2_Release
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
NdrDllUnregisterProxy
NdrDllRegisterProxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
NdrStubCall2

mfc71

ord4307
ord2714
ord2838
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4481
ord4261
ord759
ord531
ord570
ord5437
ord2249
ord1003
ord2835
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord5226
ord4568
ord5566
ord3333
ord566
ord757
ord3830
ord2248
ord1049
ord581
ord1167
ord1092
ord1084
ord1209
ord1177
ord1175
ord1201
ord1120
ord371
ord1098
ord1208
ord1206
ord1037
ord315
ord765
ord1191
ord2731
ord2537
ord5213
ord5230
ord4569
ord3948
ord5227
ord5224
ord2931
ord1920
ord1185
ord3595
ord3635
ord4081
ord6286
ord5320
ord6297
ord262
ord5331
ord1917
ord1580
ord2346
ord259
ord2469
ord2322
ord865
ord908
ord310
ord384
ord5089
ord317
ord1434
ord1439
ord584
ord629
ord304
ord781
ord3255
ord1482
ord6118
ord2933
ord299
ord2902
ord876
ord1489
ord297
ord578
ord1740
ord314
ord1187
ord3683

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
LocalAlloc
LocalFree
FindNextFileA
FindFirstFileA
FindClose
HeapAlloc
GetCurrentProcess
FlushInstructionCache
GetModuleFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileAttributesExA
ReadFile
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
CreateDirectoryA
CreateFileA
WriteFile
CloseHandle
SetFilePointer
lstrlenW
WideCharToMultiByte
GetProcessHeap
HeapFree
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
GetLastError
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

SetFocus
DefWindowProcA
wsprintfA
PtInRect
UnionRect
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
SetWindowLongA
GetWindowLongA
CallWindowProcA
IsWindow
DestroyWindow
GetKeyState
EndPaint
GetClientRect
BeginPaint
IsChild
GetFocus
ShowWindow
PeekMessageA
CreateWindowExA
GetParent
InvalidateRect

gdi32

RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
CreateMetaFileA
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetClipRgn
CreateRectRgn
SelectClipRgn
Rectangle
SetTextAlign
TextOutA
GetDeviceCaps
LPtoDP
SaveDC
SetMapMode

advapi32

RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

shlwapi

PathFileExistsA

ole32

CoTaskMemFree
CreateDataAdviseHolder
CoTaskMemAlloc
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoInitialize
CoCreateInstance
OleRegGetMiscStatus

oleaut32

BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysFreeString
SysReAllocString
VariantClear
VariantInit
SysStringByteLen
VariantChangeType
LoadRegTypeLi
SysAllocString
OleCreatePropertyFrame
SysStringLen
LoadTypeLi
BSTR_UserFree

atl71

ord66
ord23
ord61
ord32
ord65
ord26
ord27
ord30
ord50
ord51
ord58
ord31
ord46
ord44
ord43
ord15
ord18
ord22
ord64

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 115B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2345b24317959fea2bbca42377377bea

Headers

File Characteristics

Imports

msvcr71

rpcrt4

mfc71

kernel32

user32

gdi32

advapi32

shlwapi

ole32

oleaut32

atl71

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 58KB

.orpc Size: 4KB - Virtual size: 115B

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 60KB - Virtual size: 58KB

.orpc
Size: 4KB - Virtual size: 115B

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 7KB