72d563fe5133fc167b6b0516c66f6ecb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

72d563fe5133fc167b6b0516c66f6ecb_JaffaCakes118
Size

45KB
MD5

72d563fe5133fc167b6b0516c66f6ecb
SHA1

b5d2a602b346cabbcedfe672859b06ea24a61065
SHA256

6c0ffc0cb2a09a720ce834a153c12ae218abb2e2ae0d4518ec8fbb34a7c052f8
SHA512

88901e0578362402395d80a712c511b1a8d58188467301e59ffbcae730cb6abb53f2721d654f84231fb03332f915bbf2868eca1c8a0190e37ecde9e3e43ee8c2
SSDEEP

768:UdezPrfvVNIywt3d91fy7L3JFArOQatBW7Bctrvlq3nS8ZWZl5zC:Ie7rVjG3oL0rO5uBct7lq3nS8Zou

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72d563fe5133fc167b6b0516c66f6ecb_JaffaCakes118

Files

72d563fe5133fc167b6b0516c66f6ecb_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

6c18c9c9a548dcdd554eefb0c609c42e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

acppage.pdb

Imports

msvcrt

memcpy
_wcsicmp
??_U@YAPAXI@Z
malloc
_wcsupr
_XcptFilter
_initterm
_amsg_exit
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
wcsstr
??3@YAXPAX@Z
??2@YAPAXI@Z
memset
_vsnwprintf
??_V@YAXPAX@Z
wcscat_s
wcsncpy_s
wcscpy_s
free

kernel32

ReleaseActCtx
CreateActCtxW
DeactivateActCtx
FreeLibrary
CreateDirectoryW
ActivateActCtx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
LoadLibraryW
GetProcAddress
GetModuleHandleW
RegCloseKey
RegOpenKeyExW
GetModuleFileNameW
RegQueryInfoKeyW
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
SetThreadLocale
GetThreadLocale
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
CreateProcessW
ExpandEnvironmentStringsW
lstrcmpiA
RegQueryValueExW
DecodePointer
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
CheckElevationEnabled
EncodePointer
GetSystemDirectoryW
LocalFree
GetBinaryTypeW
GetVersionExA
InterlockedExchange

user32

EnableWindow
UnregisterClassA
SetWindowLongW
GetParent
SendMessageW
SendDlgItemMessageW
GetDlgItem
IsWindowEnabled
LoadStringA
GetWindowLongW
LoadStringW
InsertMenuW
SetProcessDPIAware
CharNextW
GetSystemMetrics

shlwapi

PathFindFileNameW
PathFindExtensionW
PathFileExistsW
StrCmpIW
ord16

shell32

DragQueryFileW
SHParseDisplayName
ord155
SHGetNameFromIDList
SHGetPathFromIDListW
SHChangeNotify

ole32

HWND_UserFree
HWND_UserUnmarshal
CoTaskMemFree
CoGetObject
CoInitializeEx
CoUninitialize
ReleaseStgMedium
CoCreateInstance
StringFromGUID2
CoCreateGuid
HWND_UserSize
HWND_UserMarshal

rpcrt4

CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrStubForwardingFunction
NdrStubCall2
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrOleFree
NdrOleAllocate
CStdStubBuffer_Connect
IUnknown_AddRef_Proxy

oleaut32

LoadRegTypeLi
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SysStringLen
RegisterTypeLi

sfc

SfcIsFileProtected

msi

ord173
ord201

ntdll

NtOpenThreadToken
NtOpenProcessToken
NtClose
NtQueryInformationToken
RtlStringFromGUID
RtlFreeUnicodeString

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wer

WerReportAddFile
WerReportCloseHandle
WerReportSubmit
WerReportSetParameter
WerReportCreate

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetExeFromLnk

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c18c9c9a548dcdd554eefb0c609c42e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

shlwapi

shell32

ole32

rpcrt4

oleaut32

sfc

msi

ntdll

version

wer

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 35KB

.orpc Size: 512B - Virtual size: 184B

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 35KB - Virtual size: 35KB

.orpc
Size: 512B - Virtual size: 184B

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB