375a3d28ce0a6d4080971db51c86fd60_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

375a3d28ce0a6d4080971db51c86fd60_JaffaCakes118
Size

160KB
MD5

375a3d28ce0a6d4080971db51c86fd60
SHA1

9ff5c7b4b8a959c366222c82be9781f9b1a0ba12
SHA256

ad5fb26f2b552416d6e1f43899962a5c6e7f0a6c4865afc7c0c6f45acb8fdd6e
SHA512

f1f78e3df427ee4e577801b640c1b84e2427ae40aac4bfa0b730c10a8566deba8b8b8f8ef3a0fbcde129e2c697b8e3b99cf06834abca46f059b15102c48973b5
SSDEEP

1536:wywas+1i4m5py6dwpg3IhTPI4uq/hxyYdjzahERB36TX81IjgtDmjnXjPliOW1X/:wIE4w+QG1oaGQIDnLjnXhiOW5S4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
375a3d28ce0a6d4080971db51c86fd60_JaffaCakes118

Files

375a3d28ce0a6d4080971db51c86fd60_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

cc8e9e99cb2abb5c28bbe05ddff33217

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\depot\WorksCD\Common\Components\proofing\Release\WkProof.pdb

Imports

wkwbl90

?CwchIntToWz@MWblStrings@@SAHHHPA_WI@Z
?BEqualWz@MWblStrings@@SA_NPB_W0W4EStringCompareType@@@Z
?CwchWzToInt@MWblStrings@@SAHPB_WPAH@Z
?NFindWchInWz@MWblStrings@@SAHPB_W_W@Z
?NCompareLocWz@MWblStrings@@SAHPB_W0W4EStringCompareType@@@Z
??2@YAPAXIPAXK@Z
?CwchFromWz@MWblStrings@@SAHPB_W@Z
?NCompareWz@MWblStrings@@SAHPB_W0_N@Z
?NMessageBoxTitle@CWblMessages@@QAEHPAUHWND__@@IPB_W1@Z
??0CWfxContextHelp@@QAE@XZ
?ProcessWindowMessage@CWfxContextHelp@@QAEHPAUHWND__@@IIJAAJK@Z
?WchToUpperCase@MWblStrings@@SA_W_W@Z
?WzUpperCase@MWblStrings@@SAPA_WPA_WI@Z
?BLowerCaseWch@MWblStrings@@SA_N_W@Z
?BUpperCaseWch@MWblStrings@@SA_N_W@Z
?NCompareLocRgwchLoc@MWblStrings@@SAHPB_WH0HW4EStringCompareType@@GG@Z
?WzStripTrailingWch@MWblStrings@@SAPA_WPA_W_W@Z
?_WksHeapDestroy@@YAPAXPAX@Z
?LoadUIResourceDLL@MWblIntl@@SAPAUHINSTANCE__@@PB_WPAU2@@Z
?Init@CWblMessages@@QAEXPAUHINSTANCE__@@@Z
?_WksHeapCreate@@YAPAXKKK@Z
??0CWblMessages@@QAE@XZ
?BPuncWch@MWblStrings@@SA_N_W@Z
?OperatorDelete@@YAXPAX@Z
?_WksHeapReAlloc@@YAPAXPAXKPAPAXK@Z
?_WksHeapAlloc@@YAPAXPAXKK@Z
?BGetSpecialFolder@@YA_NHPA_WI@Z
?WzStrStrEx@MWblStrings@@SAPA_WPB_WI0IW4EStringCompareType@@@Z
??1CWksWaitCursor@@QAE@XZ
??0CWksWaitCursor@@QAE@PB_W_N@Z
?BSpaceWch@MWblStrings@@SA_N_W@Z
?BAlphaNumWch@MWblStrings@@SA_N_W@Z
?CbWzToSz@MWblStrings@@SAHPB_WPADH@Z
?CwchSzToWz@MWblStrings@@SAHPBDPA_WH@Z
?CchFromSz@MWblStrings@@SAHPBD@Z
?CwchLoadWz@MWblIntl@@SAHPAUHINSTANCE__@@IPA_WH@Z
?BFEWch@MWblStrings@@SA_N_W@Z
?GetSystemLcid@MWblIntl@@SAKXZ
?BFarEast@MWblIntl@@SA_NK@Z
?NMessageBox@CWblMessages@@QAEHPAUHWND__@@IH@Z
?OperatorNew@@YAPAXIPAXK@Z
??3@YAXPAX0K@Z

wkwat90

?CleanUpWksGen@@YAXXZ
?HrInitWksGen@@YAJK@Z

msi

ord39
ord109

kernel32

GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
Sleep
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
HeapFree
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualFree
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetLastError
InterlockedExchange
GetModuleFileNameW
DisableThreadLibraryCalls
GetModuleHandleW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
lstrcmpiW
EnterCriticalSection
SetLastError
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
GetLocaleInfoW
GetFileAttributesW
GetProcessHeap
FreeLibrary
LoadLibraryW
GetProcAddress
RaiseException
lstrlenW
CreateDirectoryW
CreateFileW
GetFileSizeEx
WriteFile
CloseHandle
DeleteFileW
GetTempPathW
GetTempFileNameW
GetVersionExA
LeaveCriticalSection
LoadLibraryExW

user32

GetFocus
CallNextHookEx
GetParent
IsWindow
SetWindowsHookExW
UnhookWindowsHookEx
GetWindowLongW
GetWindow
SystemParametersInfoW
GetWindowRect
MapWindowPoints
SetWindowPos
SetFocus
EnableWindow
GetDlgItem
IsDlgButtonChecked
InvalidateRect
GetSysColor
ShowWindow
SendDlgItemMessageW
GetWindowTextLengthW
UnregisterClassA
InvalidateRgn
SetWindowTextW
CharNextW
SetWindowLongW
EndDialog
DialogBoxParamW
SendMessageW
ClientToScreen
GetClientRect
GetActiveWindow
GetWindowTextW

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2

oleaut32

UnRegisterTypeLi
SysStringLen
RegisterTypeLi
VarUI4FromStr
SysAllocString
SysFreeString
LoadTypeLi

msvcr80

wcslen
malloc
wcsncpy_s
wcscat_s
wcscpy_s
memcmp
wcschr
_CxxThrowException
__CxxFrameHandler3
??0exception@std@@QAE@XZ
?terminate@@YAXXZ
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_invalid_parameter_noinfo
memcpy_s
_recalloc
free
memcpy
_vsnwprintf_s
memset
_wmakepath_s
_wsplitpath_s
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
strlen
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_purecall

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc8e9e99cb2abb5c28bbe05ddff33217

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wkwbl90

wkwat90

msi

kernel32

user32

advapi32

ole32

oleaut32

msvcr80

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 20KB - Virtual size: 16KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 20KB - Virtual size: 16KB

.reloc
Size: 8KB - Virtual size: 5KB