23b8825cf26b76cc2f380adbeb580eae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

23b8825cf26b76cc2f380adbeb580eae_JaffaCakes118
Size

132KB
MD5

23b8825cf26b76cc2f380adbeb580eae
SHA1

8a2f1eb0160b36ec8d4dff4dd2b4d0c7641ebc1c
SHA256

4f423159facdafffba4b9c3a8ebd9fa237a37a8532a96eb73838f11b99b88270
SHA512

9804639c9602c7811179fdc24e68bbf1784582d1a489aa469270b13651148abb3d7c9a9a28273bd2d96cbc49a948931cb38ae70ee484912f649dc404b00d7633
SSDEEP

1536:+F2cmkD7+Z0wx2xVrC8Zc6tcizwRd/g7OYnOJF7h3pmOuFKHl/r6OA5Y9D:+RPIiGW7vnOJF7fmOnr6OA5iD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23b8825cf26b76cc2f380adbeb580eae_JaffaCakes118

Files

23b8825cf26b76cc2f380adbeb580eae_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

0685b40c6ad07df2b5593cdfe80c3455

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\savxp\build\symbols\Release\DCManagement.pdb

Imports

kernel32

GetCurrentThread
HeapAlloc
GetProcessHeap
FormatMessageW
CloseHandle
GetTickCount
WaitForSingleObject
TerminateThread
GetCurrentProcess
ResetEvent
CreateThread
WaitForMultipleObjects
SetEvent
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
Sleep
FreeLibrary
GetModuleFileNameW
InterlockedDecrement
lstrcmpiW
GetLastError
InterlockedIncrement
LeaveCriticalSection
InitializeCriticalSection
lstrlenW
LoadLibraryExW
FindResourceW
LoadResource
EnterCriticalSection
SizeofResource
GetModuleHandleW
MultiByteToWideChar
RaiseException
DeleteCriticalSection
SetThreadLocale
CreateEventW
GetThreadLocale
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA

user32

UnregisterClassA
wsprintfW
LoadStringW
CharNextW

advapi32

QueryServiceStatusEx
StartServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
OpenThreadToken
OpenProcessToken
EqualSid
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW
ControlService

ole32

CoRevertToSelf
CoImpersonateClient
CoGetInterfaceAndReleaseStream
CoTaskMemRealloc
ProgIDFromCLSID
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoTaskMemAlloc
CoInitializeEx
OleRun
CoMarshalInterThreadInterfaceInStream

oleaut32

SysAllocStringByteLen
VarUI4FromStr
RegisterTypeLi
SysFreeString
SysStringLen
UnRegisterTypeLi
SysAllocString
LoadTypeLi
VariantCopyInd
VariantChangeType
SafeArrayRedim
SafeArrayCreate
VarBstrCmp
SysAllocStringLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayCopy
SafeArrayDestroy
VariantInit
SafeArrayUnlock
VariantCopy
SafeArrayGetVartype
SysStringByteLen
VariantClear
LoadRegTypeLi
CreateErrorInfo
SetErrorInfo

msvcp80

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z

msvcr80

??1exception@std@@UAE@XZ
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memset
_CxxThrowException
_vswprintf
vswprintf_s
_vscwprintf
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??3@YAXPAX@Z
memcpy_s
_recalloc
wcsncpy_s
malloc
wcscat_s
wcscpy_s
??_V@YAXPAX@Z
free
_purecall
swprintf_s
_resetstkoflw
??2@YAPAXI@Z

userenv

UnloadUserProfile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0685b40c6ad07df2b5593cdfe80c3455

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp80

msvcr80

userenv

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 92KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 92KB - Virtual size: 92KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 10KB - Virtual size: 9KB