351a11a6ba07e31db07888499915c45b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

351a11a6ba07e31db07888499915c45b_JaffaCakes118
Size

376KB
MD5

351a11a6ba07e31db07888499915c45b
SHA1

81e3490bea0064353ab834dd3e254a7d08a7668a
SHA256

2b531865e8ea342f5e90245947a5adfc3fe23e0a07c7a437e8782a4389d828f9
SHA512

05ed0f7464e67931fcbd2a473fd979e51aaf6e12a1c1ae04d8139c12767d0984fb58008d80cc988db380df4bebc24e5690ea13f4e59b25585a87bbe8c65b9018
SSDEEP

6144:5O86+//WiVK68W1IkvKGwU86G9HXcBYDXqodvOlYwzk0VTTmDK3EDjlo:5C+//fM68W1Ikv5wyGZMeaowTqrnlo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
351a11a6ba07e31db07888499915c45b_JaffaCakes118

Files

351a11a6ba07e31db07888499915c45b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

84961dfe4418dd197c4272472ea0092c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

LoadLibraryA
GetLastError
lstrcmpiW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
ReleaseSemaphore
SetFileTime
CreateFileW
WriteFile
MulDiv
ReadFile
GetFileSizeEx
FormatMessageW
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetFileAttributesW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
Sleep
GetLocalTime
DeleteFileW
GetTempPathW
ExitThread
ReleaseMutex
CreateMutexW
RemoveDirectoryW
GetExitCodeProcess
CreateProcessW
FileTimeToSystemTime
FileTimeToLocalFileTime
SetThreadPriority
OpenMutexW
FindResourceW
TerminateThread
GetExitCodeThread
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
GetLocaleInfoW
FindNextFileW
WideCharToMultiByte
GetProcAddress
LoadLibraryW
HeapValidate
GetProcessHeap
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
LocalFileTimeToFileTime
SystemTimeToFileTime
GetDiskFreeSpaceW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess
LockResource
LoadResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
CreateSemaphoreW
CloseHandle
GetVersionExA
InterlockedCompareExchange
TerminateProcess
CreateThread

user32

MessageBoxW
DefWindowProcW
RegisterClassW
LoadCursorW
CharNextW
LoadIconW
SetTimer
ShowWindow
KillTimer
IsWindow
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterWindowMessageW
PostMessageW
UnregisterClassA

gdi32

GetStockObject

advapi32

RegOpenKeyW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

StringFromGUID2
CoInitialize
CLSIDFromProgID
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
SysAllocStringLen
SysFreeString

msvcp80

??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ

msvcr80

_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_adjust_fdiv
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
_recalloc
??3@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
__CxxFrameHandler3
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??2@YAPAXI@Z
memcpy_s
memmove_s
malloc
free
wcsncpy_s
memset
_mktime64
iswspace
wcscmp
_wcsicmp
wcschr
wcsrchr
_vscwprintf
vswprintf_s
wcslen
_wsplitpath_s
??_V@YAXPAX@Z
_purecall
memcmp
_wstat64i32
wcsstr
_wcsupr_s
wcscpy_s
wcscat_s
_wtoi
_time64
_localtime64_s
fread
fseek
fclose
_wfopen_s
_wtoi64
wcstombs_s
sprintf_s
strlen
mbstowcs_s
__clean_type_info_names_internal

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84961dfe4418dd197c4272472ea0092c

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 170KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 108KB - Virtual size: 106KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 108KB - Virtual size: 106KB

.reloc
Size: 20KB - Virtual size: 16KB