5c776975bc6a936266d9d5e00c0165c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5c776975bc6a936266d9d5e00c0165c9_JaffaCakes118
Size

203KB
MD5

5c776975bc6a936266d9d5e00c0165c9
SHA1

c1371a9c901953f56d4addbb42e6e8adcf32def2
SHA256

0964f981aeea78fbbc0aeec6402d07797b2b0bd76b08ff83f1eb34ef3d57a06d
SHA512

68d1c8d5202733db3af97485e886908b0f0ccac3df995410750de83a0ef84164c9ed0c033800fb99d2270d338f7192bf89d94d967bad20ae9de6d7dcf605874e
SSDEEP

3072:j+AUXJMn7bFFZHhGHg5CAu8zCZ+TNxpgkKmeVUtZsmMQcyx5mJNg:j+Dyn7bbyHgzu8zCATjpgv4GmFcn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c776975bc6a936266d9d5e00c0165c9_JaffaCakes118

Files

5c776975bc6a936266d9d5e00c0165c9_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

13ffdc640db7d672eda3d1fff7d36fce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\src\ierjplug\rel32\ierjplug.pdb

Imports

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

kernel32

MultiByteToWideChar
WideCharToMultiByte
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetLastError
lstrlenA
lstrcmpiA
DisableThreadLibraryCalls
InterlockedIncrement
lstrcpynA
lstrcpyA
InterlockedDecrement
lstrcatA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetModuleFileNameA
ExitProcess
QueryPerformanceCounter
LocalFree
GetTickCount

user32

CharNextA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegQueryValueExA

oleaut32

SysFreeString
SysStringByteLen
LoadRegTypeLi
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
VariantClear
SysAllocStringByteLen
RegisterTypeLi

shlwapi

PathFindExtensionA

msvcr71

??_U@YAPAXI@Z
??1type_info@@UAE@XZ
__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit
__security_error_handler
_CxxThrowException
_except_handler3
??2@YAPAXI@Z
??_V@YAXPAX@Z
strchr
atol
free
??3@YAXPAX@Z
malloc
_resetstkoflw
_purecall
wcsncpy
realloc
strncpy
_snprintf
memset
?terminate@@YAXXZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13ffdc640db7d672eda3d1fff7d36fce

Headers

File Characteristics

PDB Paths

Imports

ole32

kernel32

user32

advapi32

oleaut32

shlwapi

msvcr71

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 168KB - Virtual size: 168KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 168KB - Virtual size: 168KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 2KB