604b863391c3f62b901b379edb190aed_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

604b863391c3f62b901b379edb190aed_JaffaCakes118
Size

193KB
MD5

604b863391c3f62b901b379edb190aed
SHA1

f9e91c7a6c542140753763ffb9a4c8bd01eb12a8
SHA256

0bf850e64b031147ebe7e68085833129bc3179eca034c041a528e403a527a4b6
SHA512

d30cad3516dcb67bc66eb57ecce0cf6ed9742d6f35b79ad89285627072a5a0afa1cc89f6ca6a98112a95d224cb2948a202daa928a43b103e7eea11f071657416
SSDEEP

3072:DVCIZa+/3ncvv9TFqwddin7NWL+8UWBoMS3OgppjPPA:Do4x3fwddinsLkpMS3Ogp2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
604b863391c3f62b901b379edb190aed_JaffaCakes118

Files

604b863391c3f62b901b379edb190aed_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

5946bae98fa301ccfd0f5f678490b4a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\savxp\build\symbols\Release\BHOManagement.pdb

Imports

kernel32

HeapFree
InterlockedExchange
CreateEventW
GetCurrentThreadId
GetTickCount
SetEvent
ResetEvent
FindResourceExW
LockResource
GetCurrentThread
GetCurrentProcess
GetProcessHeap
HeapAlloc
LocalFree
GetSystemTimeAsFileTime
InterlockedExchangeAdd
InterlockedCompareExchange
FormatMessageW
CloseHandle
lstrlenW
EnterCriticalSection
FreeLibrary
lstrcmpiW
InterlockedDecrement
RaiseException
InitializeCriticalSection
LoadLibraryExW
InterlockedIncrement
FindResourceW
DeleteCriticalSection
LoadResource
SetThreadLocale
SizeofResource
GetThreadLocale
GetModuleHandleW
LeaveCriticalSection
GetModuleFileNameW
MultiByteToWideChar
GetLastError
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetLocaleInfoA
GetACP

user32

LoadStringW
wsprintfW
UnregisterClassA
CharNextW

advapi32

GetAclInformation
InitializeSecurityDescriptor
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeSid
GetSidLengthRequired
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetSecurityDescriptorOwner
AddAce
InitializeAcl
OpenThreadToken
OpenProcessToken
EqualSid
ConvertStringSidToSidW
LookupAccountSidW
GetSidSubAuthorityCount
IsValidSid
GetLengthSid
ConvertSidToStringSidW
GetTokenInformation
CopySid
GetSidSubAuthority
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW

ole32

CoCreateInstance
CoTaskMemRealloc
StringFromGUID2
CoTaskMemAlloc
CoImpersonateClient
CoRevertToSelf
ProgIDFromCLSID
CoTaskMemFree

oleaut32

VarCmp
CreateErrorInfo
SetErrorInfo
VariantInit
SysAllocStringByteLen
VarBstrCmp
SysStringByteLen
SysAllocStringLen
VariantCopy
SafeArrayCreate
SafeArrayCopy
VariantClear
VariantChangeType
SafeArrayGetVartype
LoadRegTypeLi
SafeArrayUnlock
VariantCopyInd
SafeArrayLock
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
VarUI4FromStr
LoadTypeLi
SysAllocString
RegisterTypeLi
SysFreeString
SysStringLen
UnRegisterTypeLi
SafeArrayRedim

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

msvcr80

_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_amsg_exit
__dllonexit
_unlock
memset
_CxxThrowException
wcschr
calloc
_resetstkoflw
vswprintf_s
memmove_s
_adjust_fdiv
__CppXcptFilter
memcpy
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_encode_pointer
__CxxFrameHandler3
??3@YAXPAX@Z
??_V@YAXPAX@Z
malloc
free
wcsncpy_s
memcpy_s
wcscat_s
wcscpy_s
_recalloc
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
_purecall
?what@exception@std@@UBEPBDXZ
swprintf_s
_vscwprintf
??0exception@std@@QAE@XZ

userenv

UnloadUserProfile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5946bae98fa301ccfd0f5f678490b4a4

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp80

msvcr80

userenv

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 13KB - Virtual size: 13KB