3cbd1f73ddd29316570c876d26e68018_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3cbd1f73ddd29316570c876d26e68018_JaffaCakes118
Size

212KB
MD5

3cbd1f73ddd29316570c876d26e68018
SHA1

b80c85793c2c607f5cb2584ae0b8920a286e3359
SHA256

b3f142723219e1435052b8f5e56fbe7fa48800b152cb034a1329c85cb1eb09dc
SHA512

79f974da6ca565591dac22c2c5e58517ee8d1b7c43759716a95ffc8e17d67fdcfe2bbb17c832c092e9d3805ad1964e0cd005b99d1b4f98a58800c6dcf26fa9e4
SSDEEP

3072:G7KyPLx2h8Ou3zwHKpR5ZXlADG5fxVi3+VzqjbqpYzAKMbfAylu/UPSaJe6Fv4e0:62h8OsMHKf1ADCi3v2+Kbbl8KSwe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cbd1f73ddd29316570c876d26e68018_JaffaCakes118

Files

3cbd1f73ddd29316570c876d26e68018_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

be1beadc63c29df64184bbd8d290066d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msdarem.pdb

Imports

msvcrt

__CxxFrameHandler
mbstowcs
wcsstr
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
wcscpy
wcscat
_wcsicmp
_ltow
wcsncmp
bsearch
wcscmp
_wtol
_wcsnicmp
wcslen
_purecall
realloc
free
malloc
_except_handler3
wcsrchr
_CxxThrowException
wcsncpy
_snwprintf

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
GetCurrentThreadId
GetCurrentProcess
HeapDestroy
FreeLibrary
DisableThreadLibraryCalls
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GetUserDefaultLCID
LeaveCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedIncrement

user32

GetActiveWindow

advapi32

RegCloseKey

ole32

StgOpenStorage
CoTaskMemAlloc
IIDFromString
StringFromCLSID
CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
CoGetMalloc

oleaut32

GetErrorInfo
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantClear
VariantCopy
SysAllocString
SysStringByteLen
SetErrorInfo
RegisterTypeLi
LoadTypeLi
CreateErrorInfo
SafeArrayUnlock
SafeArrayLock
SafeArrayCreateVector
SafeArrayCopy
SafeArrayDestroy

msdart

CharNextI
MPInitializeCriticalSection
MPDeleteCriticalSection
RegDeleteKeyI
RegCreateKeyExI
RegOpenKeyExI
RegQueryValueExI
RegSetValueExI
lstrlenI
_LoadVersionedResourceEx@16
lstrcatI
GetModuleFileNameI
RegEnumKeyExI
MessageBoxI
GetVersionExI
UMSEnterCSWraper
LoadStringI
GetModuleHandleI
lstrcmpiI
MpHeapAlloc
MpGetHeapHandle
MpHeapFree
lstrcpyI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be1beadc63c29df64184bbd8d290066d

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

msdart

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 95KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 96KB - Virtual size: 95KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 8KB - Virtual size: 7KB