22e520ea444720bd2084043a8d226839_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

22e520ea444720bd2084043a8d226839_JaffaCakes118
Size

324KB
MD5

22e520ea444720bd2084043a8d226839
SHA1

4d3ae6b5fb77f443fe32ab223b10e91973b4737c
SHA256

309eff3e482b366e9cd8ae5b36bf6854cf04f71e2b2ae8c467e5d24c7cc25d3e
SHA512

8c6074c11cc9cee39318fe2d3f8ef40cb05a615d6f593ed476c8bb93632cc86864ebb2d8603d1f0cdc3c93bbe555de1a9bc622d20f9428235d84212ea6af0f7c
SSDEEP

6144:F/ZR8w7UilElXGTZx7H8s5aJoroPgsripw93QR:LR8W7Kl0ZxV5smop0ugR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22e520ea444720bd2084043a8d226839_JaffaCakes118

Files

22e520ea444720bd2084043a8d226839_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

28842d193d105d6478755fb0fb4e4a6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msdaora.pdb

Imports

msvcrt

_itow
_wtoi
wcsstr
bsearch
towlower
_ftol
towupper
wcschr
realloc
_wcsnicmp
swprintf
wcscpy
wcslen
wcsncpy
wcsncmp
_wcsicmp
free
_except_handler3
wcscmp
wcscat
_endthreadex
_beginthreadex
_initterm
_adjust_fdiv
_purecall
malloc
_ltow

msdatl3

?GetValLong@CUtlProps2@@QBEJKK@Z
?GetValBool@CUtlProps2@@QBEFKK@Z
?SetPropValue@CUtlProps2@@QAEJPBU_GUID@@KPAUtagVARIANT@@@Z
?SetUPropSetCount@CUtlProps2@@QAEXK@Z
?FillDefaultValues@CUtlProps2@@QAEJK@Z
?GetUPropSetCount@CUtlProps2@@QAEKXZ
?CompareDBIDs@@YAJPBUtagDBID@@0@Z
?GetBuffer@CWString@@QAEPAGH@Z
??4CWString@@QAEABV0@PBE@Z
??ACWString@@QBEGH@Z
??YCWString@@QAEABV0@ABV0@@Z
?Mid@CWString@@QBE?AV1@HH@Z
??0CUtlPropInfo@@QAE@XZ
?SetValString@CUtlProps2@@QAEJKKPBG@Z
?GetValShort@CUtlProps2@@QBEFKK@Z
??1CUtlPropInfo@@UAE@XZ
?FInit@CUtlPropInfo@@QAEJXZ
?GetPropertyInfo@CUtlPropInfo@@QAEJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPINFOSET@@PAPAG@Z
??0CWString@@QAE@PBG@Z
??YCWString@@QAEABV0@G@Z
?IsEmpty@CUtlProps2@@QAEHKK@Z
?GetValString@CUtlProps2@@QAEPBGKK@Z
?W95LoadString@@YAHPAXIPAGH@Z
?W95LoadLibraryEx@@YAPAXPBGPAXK@Z
??0CWString@@QAE@PBE@Z
??0CWString@@QAE@PBD@Z
?LoadResourceDLL@@YAJPAG0PAXPAPAX@Z
?OnUnicodeSystem@@YAHXZ
?RegisterServer@@YAJQAX0KQBUtagREGENTRIES@@@Z
??4CWString@@QAEABV0@PBD@Z
?UnRegisterServer@@YAJQAXKQBUtagREGENTRIES@@@Z
?SetCombinedPassThrough@CUtlProps2@@UAEJPBUtagDBPROPSET@@K@Z
??1CSlotListShort@@UAE@XZ
??0CSlotListShort@@QAE@XZ
??0CVLHeap@@QAE@XZ
?FInit@CVLHeap@@QAEHK@Z
?FInit@CSlotListShort@@UAEHKPAPAVISlotList@@PAPAVIHashTbl@@K@Z
?GetNextSlots@CSlotListShort@@UAGJKKPAK@Z
?ReleaseSlots@CSlotListShort@@UAGKKK@Z
?NoBusySlots@CSlotListShort@@UAGJXZ
?GetRowBuff@CSlotListShort@@UAIPAUtagRowBuff@@K@Z
?IsValidSlot@CSlotListShort@@UAGJK@Z
?RecordInternalUse@CSlotListShort@@UAGXXZ
?ResetBusySlotIteration@CSlotListShort@@UAGXXZ
?NextBusySlot@CSlotListShort@@UAGJPAK@Z
??1CExtBuffer@@QAE@XZ
?CountOfBusySlots@CSlotListShort@@UAGKXZ
?SLSlotCapacity@CSlotListShort@@UAGKXZ
??1CVLHeap@@QAE@XZ
?VLAlloc@CVLHeap@@QAGPAXK@Z
?VLTrueRealloc@CVLHeap@@QAGPAXPAXK@Z
?VLFree@CVLHeap@@QAGXPAX@Z
?SetPropertyInError@CUtlProps2@@QAEXKK@Z
?GetPropOption@CUtlProps2@@QAEKKK@Z
?SetStatus@CUtlProps2@@QAEXKKK@Z
?ClearPropertyInError@CUtlProps2@@QAEXXZ
?GetPropsInErrorPtr@CUtlProps2@@QAEPAKXZ
?CopyPropsInError@CUtlProps2@@QAEXPAK@Z
??1CUtlProps2@@UAE@XZ
?SetPropertiesArgChk@CUtlProps2@@SAJKQBUtagDBPROPSET@@@Z
?SetProperties@CUtlProps2@@QAEJKQBUtagDBPROPSET@@H@Z
?GetPropertiesArgChk@CUtlProps2@@QAEJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPSET@@@Z
?GetProperties@CUtlProps2@@QAEJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPSET@@@Z
??4CWString@@QAEABV0@ABV0@@Z
??0CWString@@QAE@XZ
??4CWString@@QAEABV0@PBG@Z
?ReplaceAt@CWString@@QAEXHHPBGH@Z
?IsEmpty@CWString@@QBEHXZ
?Empty@CWString@@QAEXXZ
?ConcatInPlace@CWString@@QAEXHPBG@Z
??YCWString@@QAEABV0@PBG@Z
?OLEDBGetCharTypeW@@YAHKGPAG@Z
??0CUtlProps2@@QAE@K@Z
?GetUPropValIndex@CUtlProps2@@MAEKKK@Z
?FInit@CUtlProps2@@UAEJPAV1@@Z
?GetIndexofPropSet@CUtlProps2@@UAEJPBU_GUID@@PAK@Z
?GetIndexofPropIdinPropSet@CUtlProps2@@UAEJKKPAK@Z
?SetPassThrough@CUtlProps2@@UAEJPBUtagDBPROPSET@@@Z
?ConflictsWithCurrent@CUtlProps2@@UAEHKKABUtagVARIANT@@@Z
?FIsValidColId@CUtlProps2@@UAEHPAUtagDBPROP@@@Z
??1CBitArray@@QAE@XZ
?GetDWORDOfExtBuffer@CExtBuffer@@QAGKK@Z
?GetLastItemHandle@CExtBuffer@@QAGXAAK@Z
?GetItemOfExtBuffer@CExtBuffer@@QAGXKPAX@Z
?InsertIntoExtBuffer@CExtBuffer@@QAGJPAXAAK@Z
?SetSlot@CBitArray@@QAGJK@Z
?IsSlotSet@CBitArray@@QAGJK@Z
?ResetAllSlots@CBitArray@@QAGXXZ
?DeleteFromExtBuffer@CExtBuffer@@QAGXK@Z
?FInit@CBitArray@@QAGJK@Z
??0CBitArray@@QAE@XZ
?FInit@CExtBuffer@@QAEHKPAXKK@Z
??0CExtBuffer@@QAE@XZ
??BCWString@@QBEPBGXZ
?GetLength@CWString@@QBEHXZ
??1CWString@@QAE@XZ
?FoundError@CWString@@QBEHXZ
??0CWString@@QAE@ABV0@@Z

msdart

MpGetHeapHandle
FXMemAttach
FXMemDetach
MPDeleteCriticalSection
MPInitializeCriticalSection
UMSEnterCSWraper
MpHeapFree
MpHeapAlloc

kernel32

LoadLibraryA
CompareStringW
CompareStringA
IsDBCSLeadByte
GetModuleFileNameA
HeapDestroy
lstrlenA
GetLastError
GetUserDefaultLCID
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
CreateEventA
ResetEvent
CloseHandle
WideCharToMultiByte
GetCurrentThreadId
SetEvent
WaitForSingleObject
GetProcAddress
GetVersion
FreeLibrary
InterlockedCompareExchange
Sleep
InterlockedExchange
GetVersionExW
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection

user32

PeekMessageW
TranslateMessage
DispatchMessageW
GetWindowLongA
GetWindowLongW
SetWindowLongA
SetWindowLongW
GetDlgItemTextA
GetDlgItemTextW
SetWindowTextW
EndDialog
SetDlgItemTextA
SetDlgItemTextW
DialogBoxParamA
CharUpperBuffW
CharUpperBuffA
GetCursor
SetCursor
DialogBoxParamW
MsgWaitForMultipleObjects

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoCreateInstance
CoGetClassObject
CoGetMalloc

oleaut32

GetErrorInfo
SetErrorInfo
SysFreeString
VarBstrFromR8
VarBstrFromR4
VariantClear
SysAllocString
VariantInit
VariantCopy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28842d193d105d6478755fb0fb4e4a6e

Headers

File Characteristics

PDB Paths

Imports

msvcrt

msdatl3

msdart

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 197KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 100KB - Virtual size: 96KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 200KB - Virtual size: 197KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 100KB - Virtual size: 96KB

.reloc
Size: 12KB - Virtual size: 10KB