3d7430bb917c41f7c29e60868e33d009_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d7430bb917c41f7c29e60868e33d009_JaffaCakes118
Size

244KB
MD5

3d7430bb917c41f7c29e60868e33d009
SHA1

777fbca782dda593cafd407deaba7cb2d017a3af
SHA256

1bcba4b9ef8d1a74dd2f2e28f2cf6b99d212d185f5e6f0596543bb1c1a28de30
SHA512

7a2e760adada8782346863733ea58b6b35f172e806e4e2c6089b26c07802055165f46df4a03ed80d7ca07b6bc84a5ef70c619ada3c527542c2e59f7cb6b8964e
SSDEEP

6144:X1G9PbV9eSY2hHjyMOlnMxHrAV+mdp4KL:XmpY2BjrH8V+md

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d7430bb917c41f7c29e60868e33d009_JaffaCakes118

Files

3d7430bb917c41f7c29e60868e33d009_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7b7af3e02f830ca0277cb96af66bd513

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
GetModuleHandleA
InterlockedExchange
LocalFree
LocalAlloc
GetTickCount
GetCurrentThreadId
FormatMessageA
LoadResource
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
SizeofResource
FreeLibrary
IsDBCSLeadByte
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrcmpiA
GetSystemTimeAsFileTime
RaiseException
GetModuleFileNameA
GetProfileStringA
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar

user32

wsprintfA
CharNextA
DefWindowProcA
GetWindowLongA
UnregisterClassA
LoadStringA

advapi32

RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA

ole32

CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
ProgIDFromCLSID
CoCreateInstance

oleaut32

CreateErrorInfo
SetErrorInfo
VarBstrCmp
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
VariantCopy
VariantClear
VariantInit
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
VarBstrCat
SysFreeString
RegisterTypeLi

msvcr80

strcpy_s
wcsncpy_s
strcat_s
_purecall
_recalloc
memset
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
floor
memcpy_s
memmove_s
?terminate@@YAXXZ
_except_handler4_common
_unlock
_invalid_parameter_noinfo
__dllonexit
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
malloc
??2@YAPAXI@Z
??_V@YAXPAX@Z
atoi
_localtime64_s
__CxxFrameHandler3
_CxxThrowException
free
??3@YAXPAX@Z
_mbsnbcpy_s
??_U@YAPAXI@Z
_resetstkoflw
atol
_encode_pointer

mfc80

ord3948
ord3683
ord1917
ord304
ord2468
ord765
ord315
ord1084
ord1037
ord1092
ord1206
ord1208
ord1098
ord371
ord1167
ord1120
ord1201
ord1175
ord1177
ord1209
ord581
ord2248
ord1049
ord3830
ord1185
ord757
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord4568
ord5230
ord5213
ord5566
ord2537
ord2731
ord2835
ord4307
ord2714
ord2838
ord2540
ord2646
ord2533
ord5226
ord3718
ord3719
ord3709
ord2644
ord3949
ord4481
ord4261
ord5403
ord6099
ord781
ord578
ord876
ord566
ord314
ord6754
ord1187
ord3333

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

Exports

Exports

?COMWndProc@@YGJPAUHWND__@@IIJ@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b7af3e02f830ca0277cb96af66bd513

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcr80

mfc80

msvcp80

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 120KB - Virtual size: 118KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 120KB - Virtual size: 118KB

.reloc
Size: 12KB - Virtual size: 10KB