4bcf633e39593f0f23150f354aacc0f6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4bcf633e39593f0f23150f354aacc0f6_JaffaCakes118
Size

193KB
MD5

4bcf633e39593f0f23150f354aacc0f6
SHA1

8230a870987a20c4d315a91eb544b6ddabc59fef
SHA256

1dcfda0b1dbe336030d75300d9a58349491e29b163a73467b7fe2fa2c185a2c1
SHA512

c14555d0d917dd83ecfecbd8c7ac6ba1e0fdf4350cf9f2acfb5144fcb8b50f02882af4774222c8892b87f09f1b9124fb1c4e28ad3406eb9b15297f8e90f55194
SSDEEP

3072:g73MITL/9oSmkbx3ZtffjBTnIwanLMGL99ZgyXf9MWebpjMGlDCdrB:GdTpountf75Iwkz7vBsGdB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bcf633e39593f0f23150f354aacc0f6_JaffaCakes118

Files

4bcf633e39593f0f23150f354aacc0f6_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

cef4fbca5da8f1ceb161e89d7b681856

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\DOCUME~1\bld4act\LOCALS~1\Temp\Hpolaris\optPolaris\baseline\WMPBand.pdb

Imports

msvcrt

_wtoi
towupper
wcsstr
bsearch
iswdigit
wcsncmp
??_U@YAPAXI@Z
wcschr
wcspbrk
wcsrchr
_beginthreadex
_vsnwprintf
_wcsnicmp
towlower
iswspace
_wtol
_wcsicmp
_onexit
_lock
__dllonexit
_unlock
memmove
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
??_V@YAXPAX@Z
memcpy
realloc
malloc
memset
??2@YAPAXI@Z
free
_purecall
??3@YAXPAX@Z

uxtheme

OpenThemeData
DrawThemeParentBackground
CloseThemeData

kernel32

SetErrorMode
CreateThread
WaitForSingleObject
CreateMutexW
DebugBreak
GetDriveTypeW
CreateFileW
WideCharToMultiByte
CloseHandle
DeviceIoControl
CreateFileA
GetVersion
GetLastError
lstrcpyW
InitializeCriticalSection
QueryDosDeviceW
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
lstrlenW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MultiByteToWideChar
lstrcmpiW
RaiseException
lstrcpynW
lstrcatW
GlobalAddAtomW
GlobalDeleteAtom
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
InterlockedExchange
Sleep
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileAttributesW
SetLastError
GetExitCodeThread
DeleteCriticalSection
ExpandEnvironmentStringsW
CompareStringW
CompareStringA

advapi32

RegQueryValueExW
TraceMessage
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoInitializeEx
CoUninitialize
CoMarshalInterface
CoUnmarshalInterface
RegisterDragDrop
RevokeDragDrop
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VariantInit
VariantClear
SysStringLen
RegisterTypeLi
VarUI4FromStr
SysAllocString
SysFreeString
SysAllocStringLen
LoadRegTypeLi
VariantCopy
VariantChangeType
LoadTypeLi

user32

FillRect
SetForegroundWindow
CharPrevW
SetWindowPos
SendMessageW
EnumWindows
GetClassNameW
GetParent
FindWindowW
IsWindowVisible
ShowWindow
PostMessageW
CharNextW
LoadCursorW
RegisterClassW
CreateWindowExW
SetLayeredWindowAttributes
SetWindowLongW
BeginPaint
EndPaint
UnregisterClassW
DestroyAcceleratorTable
GetClientRect
CreateAcceleratorTableW
IsWindow
DestroyWindow
DefWindowProcW
InvalidateRgn
InvalidateRect
GetTopWindow
GetDC
SetFocus
GetFocus
KillTimer
IntersectRect
SetTimer
GetDesktopWindow
MonitorFromRect
GetMonitorInfoW
GetWindowLongW
GetWindow
GetWindowRect
EqualRect
SetRect
UnregisterHotKey
GetClassNameA
GetWindowThreadProcessId
SendMessageTimeoutA
GetAsyncKeyState
CharNextA
RegisterHotKey
IsIconic
ReleaseDC
GetCursorPos

gdi32

GetDeviceCaps

shell32

ShellExecuteExW

shlwapi

PathGetCharTypeW
PathGetCharTypeA

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetGetConnectionW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 99KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cef4fbca5da8f1ceb161e89d7b681856

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

uxtheme

kernel32

advapi32

ole32

oleaut32

user32

gdi32

shell32

shlwapi

mpr

Exports

Exports

Sections

.text Size: 81KB - Virtual size: 81KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 5KB - Virtual size: 4KB

.text Size: 99KB - Virtual size: 100KB

.text
Size: 81KB - Virtual size: 81KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 99KB - Virtual size: 100KB