8a8ba8a42ad69dd4e8c9125533fb7820_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a8ba8a42ad69dd4e8c9125533fb7820_JaffaCakes118
Size

93KB
MD5

8a8ba8a42ad69dd4e8c9125533fb7820
SHA1

ec4d714c978cc66ebab89e799e5aca0a66492c18
SHA256

ec85ebea041b4e34ef5582b7480b34c345f6a1952bc62e84638c6b732b9af5da
SHA512

a161761060bbf3f5c99a9af6321d9e45c6af152e93e361bee95b82d402bd37f200e6b7785d418d722614c12289d052bf7728054383f766b7d4cc03ac8130fa9f
SSDEEP

1536:X3/WWrazwVLhl/mJAfr1ulSIqYpb5sRdhd6vXqjE8iqQVpeQFmSYml6:X3/WWr9VLhIWswYp9s/rGbvLpeQFmSYf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a8ba8a42ad69dd4e8c9125533fb7820_JaffaCakes118

Files

8a8ba8a42ad69dd4e8c9125533fb7820_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

c16753374807065599dd76bca6ad8be7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

iaspolcy.pdb

Imports

msvcrt

wcschr
_wtol
?terminate@@YAXXZ
_except_handler4_common
??1type_info@@UAE@XZ
_amsg_exit
_initterm
_XcptFilter
memmove
memset
??0exception@@QAE@XZ
_wcsicmp
qsort
_purecall
__CxxFrameHandler3
memcpy
free
_CxxThrowException
malloc
_callnewh
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ

atl

ord21
ord18
ord22
ord23
ord15
ord32
ord16

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlImageNtHeader

rtutils

TraceVprintfExA
TracePutsExA

advapi32

CreateWellKnownSid
RegQueryInfoKeyW
AddAccessAllowedAce
InitializeAcl
SetSecurityDescriptorDacl
RegEnumKeyExW
GetLengthSid
InitializeSecurityDescriptor
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

UnmapViewOfFile
SetUnhandledExceptionFilter
InterlockedCompareExchange
QueryPerformanceCounter
UnhandledExceptionFilter
GetCurrentProcessId
MapViewOfFile
TerminateProcess
GlobalFree
GetLastError
GlobalAlloc
CreateMutexW
CreateFileMappingW
GetVersion
DeleteCriticalSection
InterlockedDecrement
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
InterlockedExchange
GetTickCount
WaitForSingleObject
ReleaseMutex
InterlockedIncrement
InitializeCriticalSection
CloseHandle
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetCurrentProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
Sleep

ole32

CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

LoadRegTypeLi
SetErrorInfo
SafeArrayCopy
SafeArrayDestroy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c16753374807065599dd76bca6ad8be7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

ntdll

rtutils

advapi32

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 20KB

.data Size: 60KB - Virtual size: 61KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 21KB - Virtual size: 20KB

.data
Size: 60KB - Virtual size: 61KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 3KB - Virtual size: 3KB