8af046606277e6a7ec0994bf80dc0945_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8af046606277e6a7ec0994bf80dc0945_JaffaCakes118
Size

590KB
MD5

8af046606277e6a7ec0994bf80dc0945
SHA1

a9a29ea86f3ce72f1877baec175be13ca0c829da
SHA256

d8fb7d32879c163c081846e0d802e2f74abe18ea5d3f3e433e06fd2e4e12c607
SHA512

d42a812f958f481a4bf435cba8d34cb5bb4565986b1b6bcfc3d08a4635e81fa81570fc9363dd90d9bca19dc0bda60b46cad2c6d3d34e0535ffc21cad4e620ae1
SSDEEP

12288:6QEHX36Tr8n4UOaahQDZrlt8amqqP6Npb6CcmidAFJg7hFesUGMUOaDVnL2iyh5:6QEMMBnbXidAFuOsuUOatr+5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8af046606277e6a7ec0994bf80dc0945_JaffaCakes118

Files

8af046606277e6a7ec0994bf80dc0945_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

f050df8e3d7d6547b3972ccc80547920

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\svn\montiera\dvlp\bin\bbyln\escortEng.pdb

Imports

psapi

GetModuleBaseNameA

kernel32

LockResource
FindResourceW
FindResourceExW
GetCurrentProcess
CloseHandle
WaitForSingleObject
FlushInstructionCache
GetCurrentThreadId
SetLastError
CreateFileA
CreateThread
InitializeCriticalSection
GetTickCount
InterlockedExchange
lstrcmpA
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryA
GetDateFormatA
FileTimeToSystemTime
Sleep
ReleaseMutex
SetEvent
ResetEvent
CreateMutexA
CreateEventA
GetEnvironmentVariableA
SetEnvironmentVariableA
WriteFile
FileTimeToLocalFileTime
GetFileTime
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetFileSize
UnmapViewOfFile
ReadFile
SetFilePointer
GetThreadLocale
HeapDestroy
HeapAlloc
GetProcAddress
DeleteCriticalSection
SetThreadLocale
CompareStringW
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetTimeZoneInformation
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
GetLocaleInfoW
HeapCreate
GetModuleFileNameW
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
LCMapStringW
GetTimeFormatA
GetCommandLineA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
LocalFree
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
GetModuleHandleW
GetModuleFileNameA
lstrcmpiA
lstrlenA
CreateDirectoryA
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc

user32

CharNextA
CharNextW
DefWindowProcA
GetWindowLongA
CallWindowProcA
SetWindowTextA
GetWindowRect
GetClientRect
SetWindowLongA
UnregisterClassA
PostMessageA
GetClassInfoExA
LoadCursorA
CreateWindowExA
RegisterClassExA
CharUpperBuffA
IsWindow
SendMessageTimeoutA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
FindWindowExA
EnumChildWindows
GetWindowThreadProcessId
SystemParametersInfoA
InflateRect
SetForegroundWindow
GetWindowTextLengthA
GetWindowTextA
AnimateWindow
GetCursorPos
OffsetRect
ShowWindow
RegisterWindowMessageA
ScreenToClient
GetCaretBlinkTime
CreateAcceleratorTableA
SendMessageA
GetDesktopWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ClientToScreen
SetWindowPos
MoveWindow
GetSysColor
UpdateLayeredWindow
CharLowerBuffA
GetFocus
GetParent
GetWindow
IsChild
SetTimer
IsWindowVisible
DestroyWindow

gdi32

OffsetViewportOrgEx
GetStockObject
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateDIBSection
DeleteObject
SelectObject
DeleteDC
CreateCompatibleDC
GetObjectA

advapi32

RegEnumValueW
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA

shell32

SHGetFileInfoA
SHGetSpecialFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
StringFromCLSID
CoTaskMemAlloc
CoCreateInstance
OleRun
CoInitialize
CoUninitialize
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoGetClassObject
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
GetRunningObjectTable
CreateItemMoniker

oleaut32

SysStringLen
GetErrorInfo
VariantCopy
SafeArrayCopy
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetVartype
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
VarBstrCat
OleCreateFontIndirect
SysFreeString
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VarBstrCmp
SysAllocStringLen
LoadRegTypeLi
VariantInit
DispCallFunc

shlwapi

StrCmpIW
SHSetValueA
SHDeleteValueA
SHGetValueA
StrToIntExA

gdiplus

GdiplusShutdown

ws2_32

WSAStartup
WSACleanup
WSASetLastError
getaddrinfo
freeaddrinfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 361KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f050df8e3d7d6547b3972ccc80547920

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

ws2_32

Exports

Exports

Sections

.text Size: 361KB - Virtual size: 360KB

.rdata Size: 83KB - Virtual size: 82KB

.data Size: 24KB - Virtual size: 37KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 41KB - Virtual size: 40KB

.text Size: 63KB - Virtual size: 64KB

.text
Size: 361KB - Virtual size: 360KB

.rdata
Size: 83KB - Virtual size: 82KB

.data
Size: 24KB - Virtual size: 37KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 41KB - Virtual size: 40KB

.text
Size: 63KB - Virtual size: 64KB