6a484cb3eb43d77468c1a413c3472e00_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a484cb3eb43d77468c1a413c3472e00_JaffaCakes118
Size

100KB
MD5

6a484cb3eb43d77468c1a413c3472e00
SHA1

a9154131703cc6145177385d8db163a5914ea3a3
SHA256

aa2551a7b5dd1ec27389cc38eaf51dedffaee748bfb6de2907a736405ba2bcfd
SHA512

c96d13ad2c1a0745b75d289d976dfa832b3f495076526bea7ebfbca82efdcd93584f8aca64be2ea8ad3c470e5342113321347ada13e2e5390c6ba9ba1371b57a
SSDEEP

1536:avaY9/4DudHhtUQji3EGlg2OwlHYFKV6EfwBeAecvXQI3oLseSUtHS2SBQOt0OjH:H6Bm7HYMAecvF3/eSUt3XOt0OjgT

Score

1^/10

Malware Config

Signatures

Files

6a484cb3eb43d77468c1a413c3472e00_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

a522e8230c7f00daa4297d6d718c90e7

Code Sign

46:02:8d:84:ac:b6:1d:8f:b0:44:89:73:ed:48:bb:55:4d:d3:62:e6
Signer

Actual PE Digest

46:02:8d:84:ac:b6:1d:8f:b0:44:89:73:ed:48:bb:55:4d:d3:62:e6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AcroRdIF.pdb

Imports

kernel32

GetModuleFileNameW
OutputDebugStringA
CloseHandle
WaitForSingleObject
SetEvent
CreateEventW
SwitchToThread
ResumeThread
RaiseException
InitializeCriticalSection
DeleteCriticalSection
TlsAlloc
TlsFree
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
SetLastError
GetThreadLocale
GetVersionExW
GetSystemDefaultLCID
GetCurrentThread
lstrcmpiW
MultiByteToWideChar
LoadLibrar�ExW
SizeofResource
LoadResource
FindResourceW
LocalFree
IsProcessInJob
GetCurrentProcess
GetCurrentProcessId
GetTickCount
GetLastError
LoadLibraryW
GetCurrentDirectoryA
lstrlenW
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetCurrentThreadId
OutputDebugStringW
FreeLibrary
SetCurrentDirectoryW
SetThreadLocale
GetCurrentDirectoryW
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

user32

CharNextW

advapi32

GetTokenInformation
EqualSid
CreateRestrictedToken
SetThreadToken
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
ImpersonateSelf
OpenThreadToken
IsTokenRestricted
RevertToSelf
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CreateWellKnownSid

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarUI4FromStr
SysAllocStringLen
SysAllocString
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysFreeString
VarBstrCat

msvcp90

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

msvcr90

_amsg_exit
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_adjust_fdiv
__CppXcptFilter
_lock
??3@YAXPAX@Z
wcsrchr
_snwprintf_s
memset
malloc
reallo|
free
_CxxThrowException
wcscat_s
wcscpy_s
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
__CxxFrameHandler3
strcpy_s
_beginthreadex
wcsncpy_s
_wcsicmp
wcsstr
??_V@YAXPAX@Z
memcpy
memcpy_s
memmove_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
memmove
??0exception@std@@QAE@ABV01@@Z
std@@QAE@XZ
_recalloc
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_initterm_e
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
__clean_type_info_names_internal

rpcrt4

CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStd�tubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrOleFree
NdrOleAllocate
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_CountRefs

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a522e8230c7f00daa4297d6d718c90e7

Code Sign

46:02:8d:84:ac:b6:1d:8f:b0:44:89:73:ed:48:bb:55:4d:d3:62:e6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp90

msvcr90

rpcrt4

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 52KB

.orpc Size: 512B - Virtual size: 51B

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 9KB - Virtual size: 8KB

46:02:8d:84:ac:b6:1d:8f:b0:44:89:73:ed:48:bb:55:4d:d3:62:e6
Signer

.text
Size: 53KB - Virtual size: 52KB

.orpc
Size: 512B - Virtual size: 51B

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 9KB - Virtual size: 8KB