6a4b14cd89f3a3f1b54f745db157ca29_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a4b14cd89f3a3f1b54f745db157ca29_JaffaCakes118
Size

271KB
MD5

6a4b14cd89f3a3f1b54f745db157ca29
SHA1

c8a744b9662fd7fb6b7fe9afc1656a9c5c655b1f
SHA256

69d8b1c110bd17eaab62216bdeec902fe3c0e86b090ae91a8d362b3e68ba227e
SHA512

b086ead90f97e936d6e3603354f48558c0ef399f309adbf042a735cc3cdb9d19a1e47207bd0b4618a40cbed66343d2089197f30a0a1f35055d35413db2bf2238
SSDEEP

6144:tyoAWKXx/Boyq4QkdP71/gCym5wvPksYNI3neU8+HPfitqnM4xyGRNU:Dzy3Qx+fUlP1nM4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a4b14cd89f3a3f1b54f745db157ca29_JaffaCakes118

Files

6a4b14cd89f3a3f1b54f745db157ca29_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

e0f6321b1b1c398f494c20ae29874974

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dxtrans.pdb

Imports

msvcrt

floor
_CIsin
_CIcos
_CIsqrt
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_onexit
_lock
__dllonexit
_unlock
memcpy
memset
iswspace
wcschr
ceil
__CxxFrameHandler
realloc
_purecall
malloc
free

atl

ord30
ord15
ord32
ord21
ord16
ord23

kernel32

ReleaseSemaphore
GetLastError
VirtualAlloc
EnterCriticalSection
CreateSemaphoreW
LeaveCriticalSection
GetSystemInfo
VirtualProtect
GetCurrentThreadId
CloseHandle
HeapAlloc
HeapFree
CreateIoCompletionPort
CreateThread
WaitForMultipleObjects
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetEvent
QueueUserAPC
ExitThread
ResetEvent
FreeLibrary
LoadLibraryW
GetProcAddress
GetCurrentDirectoryW
GetProcessHeap
GetVersion
RtlUnwind
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetVersionExW
GetCurrentProcessId
GetSystemTimeAsFileTime
IsBadCodePtr
IsBadReadPtr
GetCurrentThread
GetModuleHandleW
GetCurrentProcess
VirtualQuery
DeleteCriticalSection
DisableThreadLibraryCalls
IsBadWritePtr
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
CreateEventW
WaitForSingleObject
GetTickCount

ole32

CreateFileMoniker
CreateBindCtx
CLSIDFromString
CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitialize
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantInit
SysAllocStringLen
VariantChangeType
SetErrorInfo
SysFreeString
LoadRegTypeLi
VariantChangeTypeEx
VariantClear
SysStringLen
SysAllocString
VariantCopy

user32

SetRect
GetDC
ReleaseDC
IsCharAlphaW
GetDesktopWindow
IntersectRect

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

gdi32

DeleteObject
CreateBrushIndirect
DeleteDC
SetMapMode
GetPaletteEntries
GetKerningPairsW
GetGlyphOutlineW
GetTextMetricsW
CreateCompatibleDC
GetObjectW
CreateFontIndirectW
FillPath
StrokePath
StrokeAndFillPath
SetPolyFillMode
BitBlt
SelectObject
ExtCreatePen
EndPath
PolyBezierTo
LineTo
MoveToEx
BeginPath

shlwapi

StrCmpIW
SHRegGetValueW
ord158
StrCmpNIW
ord154

urlmon

CompatFlagsFromClsid
ord414

iertutil

ord172

Exports

Exports

?DXConstOverArray@@YGXPAVDXPMSAMPLE@@ABV1@K@Z
?DXConstUnderArray@@YGXPAVDXPMSAMPLE@@ABV1@K@Z
?DXDitherArray@@YGXPBUDXDITHERDESC@@@Z
?DXLinearInterpolateArray@@YGXPBVDXBASESAMPLE@@PAUDXLIMAPINFO@@PAV1@K@Z
?DXOverArray@@YGXPAVDXPMSAMPLE@@PBV1@K@Z
?DXOverArrayMMX@@YGXPAVDXPMSAMPLE@@PBV1@K@Z
DllCanUnloadNow
DllEnumClassObjects
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0f6321b1b1c398f494c20ae29874974

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

kernel32

ole32

oleaut32

user32

advapi32

gdi32

shlwapi

urlmon

iertutil

Exports

Exports

Sections

.text Size: 161KB - Virtual size: 161KB

.data Size: 68KB - Virtual size: 72KB

.rsrc Size: 34KB - Virtual size: 33KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 161KB - Virtual size: 161KB

.data
Size: 68KB - Virtual size: 72KB

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 6KB - Virtual size: 6KB