0c397b722c70db67bd1e61b7f3844ae4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c397b722c70db67bd1e61b7f3844ae4_JaffaCakes118
Size

224KB
MD5

0c397b722c70db67bd1e61b7f3844ae4
SHA1

56a011e988bb494f996c802d58814604bbbb2789
SHA256

2d3b2c6f1e3274d831938fa4c6d49e14c1c9bdc9f490ec3537cd4acd3a24aeeb
SHA512

e9dac2485d6d897214528dbe9fb39c0e5704efccd8c8dfdae3643fce202579277b524d8877ab887684afcf5e299bc24543a8035e21b58e5eb436a8fc6c005ee4
SSDEEP

3072:4IvATgN8opxi8vwbNj+OyZJlOlJXHo7Y7Dkfp8K4dy5CJIR5iFh:h0c8opM87n7lOlJXI7Y78cIRWh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c397b722c70db67bd1e61b7f3844ae4_JaffaCakes118

Files

0c397b722c70db67bd1e61b7f3844ae4_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ed99f8aada3501aa9f73a490e80ee9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\VSS_Service\081Q\081Q_Maintenance\4.DevelopLibrary\09.TOOLS\11.VES\03.SourceCode(COD)\VES_Vista\VES Extension 3.3\VESTransform\Unicode Release\VESTransform.pdb

Imports

hid

HidD_GetHidGuid
HidD_GetAttributes
HidD_GetPreparsedData
HidP_GetCaps
HidD_GetFeature

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey

kernel32

FreeLibrary
GetProcAddress
LoadLibraryW
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FlushInstructionCache
GetCurrentThreadId
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GetTickCount
Sleep
GetSystemPowerStatus
SetThreadExecutionState
CreateFileW
SetThreadLocale
GetThreadLocale
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetVersionExW
OpenMutexW
SetLastError
GetCurrentProcess
GetLastError
GetCurrentThread
CloseHandle
ExpandEnvironmentStringsW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
HeapDestroy
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange

user32

CharNextW
LoadCursorW
IsWindow
RegisterClassExW
CreateWindowExW
GetWindowLongW
CallWindowProcW
KillTimer
SetTimer
UnregisterClassA
PostMessageW
DefWindowProcW
SetWindowLongW
GetClassInfoExW
SendMessageW
GetSystemMetrics
FindWindowW

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegOpenCurrentUser
RevertToSelf
RegQueryInfoKeyW
RegDeleteValueW
ImpersonateLoggedOnUser
RegSetValueExW
RegCreateKeyExW
OpenProcessToken
LookupPrivilegeValueW
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenThreadToken
RegCloseKey

ole32

CoTaskMemRealloc
CoTaskMemFree
CoReleaseMarshalData
CoUnmarshalInterface
CoTaskMemAlloc
CoInitialize
CoMarshalInterface
CreateStreamOnHGlobal
StringFromGUID2
CoCreateInstance
CLSIDFromString

oleaut32

UnRegisterTypeLi
LoadTypeLi
SysStringLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VarUI4FromStr
SysAllocString
VariantClear
VariantInit
SysFreeString
RegisterTypeLi

shlwapi

PathIsRelativeW
PathRemoveFileSpecW
PathAppendW
PathRemoveExtensionW

userenv

ExpandEnvironmentStringsForUserW

msvcr80

__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_except_handler4_common
_decode_pointer
_recalloc
_purecall
swprintf_s
wcsncpy_s
malloc
wcsrchr
??_V@YAXPAX@Z
_wcsicmp
memset
calloc
free
__CxxFrameHandler3
memmove_s
??2@YAPAXI@Z
_CxxThrowException
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
wcscat_s
wcscpy_s
memcpy
_resetstkoflw
??3@YAXPAX@Z
memcpy_s

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed99f8aada3501aa9f73a490e80ee9dc

Headers

File Characteristics

PDB Paths

Imports

hid

setupapi

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

userenv

msvcr80

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 8KB - Virtual size: 7KB