c:\RPS\HPScripting\Release\HPScripting.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2509d100943b86570d2bfa09802f9907_JaffaCakes118.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2509d100943b86570d2bfa09802f9907_JaffaCakes118.dll
Resource
win10v2004-20240508-en
General
-
Target
2509d100943b86570d2bfa09802f9907_JaffaCakes118
-
Size
172KB
-
MD5
2509d100943b86570d2bfa09802f9907
-
SHA1
c40dad6856f25a2bfe02344ba8afd5dfe598e757
-
SHA256
ca2826864e450550d7289a371ac8b0e98b7f6604771fa708456d6308d9d871f7
-
SHA512
a974e3e798605fab1455a412f611abffbe72bccf6b8e8ac5aaf652b2e48d8554e1a588445540001f8a00f020703439f3817fefc3284c15cdcd6a061f844e1453
-
SSDEEP
3072:AdxNLxnyrPJ39Arev4xJXKLwlvK9iwA9VWqyuoAhVrRnM4O2VmwJ+jI:AdOl9Ar+WX6eK9c9VWqysVrRnMtomwQj
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2509d100943b86570d2bfa09802f9907_JaffaCakes118
Files
-
2509d100943b86570d2bfa09802f9907_JaffaCakes118.dll regsvr32 windows:4 windows x86 arch:x86
8158b70edeb8683ba58515a9c17783d0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
EnterCriticalSection
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpyA
lstrcatA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetModuleFileNameA
InterlockedExchange
VirtualQuery
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
WriteFile
ExitProcess
RaiseException
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
GetCurrentThreadId
TlsSetValue
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TlsFree
SetLastError
TlsGetValue
TlsAlloc
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
user32
CharNextA
MessageBoxW
advapi32
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
ole32
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CoTaskMemFree
oleaut32
SysAllocString
RegisterTypeLi
UnRegisterTypeLi
SysStringLen
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
VariantCopy
VariantClear
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SysFreeString
shlwapi
PathFindExtensionA
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 44KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 12KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 100KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ