46ea045e563497115b2b66056d09ca0e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46ea045e563497115b2b66056d09ca0e_JaffaCakes118
Size

150KB
MD5

46ea045e563497115b2b66056d09ca0e
SHA1

3bf4267b5588be143e60892382613c80e1f053a1
SHA256

d33dcde63816b53b5b66fedc945c400fa4ecbed8f72ceb688f8efa4e26572c1f
SHA512

a44eeac69b8f990e066de2ca0a43b47a1181b028901b0ebb612127b44302710fa6b86f555978a3a82348c4dbd7aba82081138262a355c872de44e5b7a2fccad7
SSDEEP

3072:bQTsJQmdadrZI5bUbk5wLakAq0XYllLB7q3BC0/:03Z6sl97q3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46ea045e563497115b2b66056d09ca0e_JaffaCakes118

Files

46ea045e563497115b2b66056d09ca0e_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

f93637da0a00aab66e89548fc390145f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\OUT\Release\PDB\ObjectDataServer3.pdb

Imports

usft_ext

ord1403
ord981
ord1406
ord145
ord1405
ord90
ord1404
ord567
ord288
ord96
ord281
?isalpha@ExtSTL@@YG_N_WABVlocale@1@@Z
ord1952
ord1951
ord2006
?getline@?$basic_istream@DU?$char_traits@D@ExtSTL@@@ExtSTL@@QAEAAV12@PAD_JD@Z
ord1953
ord1971
ord679
ord1208
ord98
ord101
ord1130
ord549
ord312
ord16
ord47
ord295
ord72
ord151
ord232
ord999
ord1811
ord973
ord142
ord347
ord279
ord421
ord242
ord1223
ord203
ord1490
ord269
ord569
ord20
ord67
ord68
ord427
ord306
ord213
ord689
ord292
ord742
ord276
ord194
ord273
ord270
ord366
ord260
ord424
ord158
??BCRegistryValue@Ext@@QAE?AV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@XZ
?Init@CRegistryValue@Ext@@AAEXABV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@@Z
ord431
ord1127
ord1091
ord163
ord913
ord1116
ord1382
ord31
ord316
ord1384
ord1383
ord224
ord227
ord767
ord1391
ord131
ord50
ord24
ord1022
ord265
ord28
ord27
ord26
ord1255
ord383
ord1343
ord189
ord397
ord89
ord220
ord329
ord186
ord498
ord676
ord197
ord395
ord984
ord330
ord255
ord414
ord394
ord393
ord1330
ord75
ord209
ord1821
ord82
ord353
ord352
ord351
ord183
ord387
ord371
ord785
ord61
ord55
ord59
ord53
ord52
ord340
ord51
ord1642
ord57
ord58
ord338
ord1637
ord997
ord783
ord777
ord342
ord1656
ord373
ord374
ord753
ord1654
ord1646
?AsVariant@Ext@@YG?AVCOleSafeArray@1@ABV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@@Z
ord1648
ord726
ord249
ord191
ord247
ord645
ord1643
ord345
ord349
ord341
ord1804
ord62
ord63
ord1638
ord582
ord580
ord581
ord405
ord403
ord494
ord1823
ord407
ord408
ord409
ord1816
ord1812
ord512
ord577
ord254
ord680
ord786
ord239
ord240
ord169
ord415
ord297
ord1803
ord1814
ord1332
ord43
ord44
ord261
ord21
ord23
ord22
ord262
ord1309
ord1308
ord25
ord640
ord977
ord539
ord1594
ord1129
ord339
ord841
ord1418
ord468
ord291
ord1118
ord1493
ord717
ord700
ord772
ord69
ord570
ord289
ord290
ord600
ord546
ord243
ord526
ord97
?Insert@CBinaryTree@Ext@@IAE?AU?$pair@Viterator@CBinaryTree@Ext@@_N@ExtSTL@@PBX@Z
ord282
ord293
__CxxFrameHandler3
ord1140
ord769
ord1008
ord54
ord175
ord1305
ord60
ord949
ord1165
ord562
ord1540
ord311
ord401
ord343
ord94
ord116
ord15
ord332
ord1131
ord100
ord527
ord263
ord779
ord71
ord666
ord222
ord1607
ord706
ord214
ord697
ord337
ord477
ord708
ord716
ord410
ord705
ord773
ord712
ord473
ord561
My_except_handler3
_My_CxxThrowException@8

msvcrt

_initterm
memcpy
_purecall
iswalnum
memset
qsort
__dllonexit
_onexit
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_EH_prolog
free
__lconv_init

user32

MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
GetMessageW
PostQuitMessage

ole32

CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream

oleaut32

SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantCopy
VariantCopyInd
VariantChangeType
VariantInit

kernel32

GetModuleFileNameW
TlsGetValue
SetEvent
FlushViewOfFile

Exports

Exports

?GetODEngine@@YG?AV?$CComPtr@UIODEngine@@$1?_GUID_00000001_0001_0002_0002_0044534f4654@@3U__s_GUID@@B@Ext@@XZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f93637da0a00aab66e89548fc390145f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

usft_ext

msvcrt

user32

ole32

oleaut32

kernel32

Exports

Exports

Sections

.text Size: 91KB - Virtual size: 90KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 22KB - Virtual size: 21KB

.text
Size: 91KB - Virtual size: 90KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 22KB - Virtual size: 21KB