8cb9453923e5968cde2213a2d06845df_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8cb9453923e5968cde2213a2d06845df_JaffaCakes118
Size

672KB
MD5

8cb9453923e5968cde2213a2d06845df
SHA1

bb55e48d97d27dd226c8cc24f64cd362af76a56f
SHA256

63bb3840e8c8c2dad097caae421284f3cb6d12d738a088ba0fd5b64e90e3a8b1
SHA512

fec4f9a895611290fdd1fe38d3fb72841b30679dcfc603664d3d9829ff3e6594a32e163bae2ffa69951059ac1edaa9fa76011a4fb02ae2018ab3c6179f3e68f4
SSDEEP

12288:vHspIYxxf9UBhlOtU6GsQP66Sq/y7bnjImwYAOxjpR:vHspt11mP662XjIFYv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8cb9453923e5968cde2213a2d06845df_JaffaCakes118

Files

8cb9453923e5968cde2213a2d06845df_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8c150ff7041a3316224baab2b688b5c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\NPS_VSS_ROOT\NPS\bin\release\program files\NPSDCACHINAHSP.pdb

Imports

kernel32

FindClose
FindFirstFileW
CloseHandle
ReadFile
CreateFileW
OutputDebugStringW
FlushFileBuffers
WriteFile
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryW
lstrlenA
CopyFileW
GetTimeZoneInformation
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetPrivateProfileStringW
InitializeCriticalSection
GetThreadLocale
RaiseException
GetSystemTimeAsFileTime
GetCurrentProcessId
GetModuleFileNameW
DeleteCriticalSection
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
Sleep
InterlockedDecrement
lstrlenW
InterlockedIncrement
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
SetThreadLocale
MultiByteToWideChar

user32

UnregisterClassA

gdi32

DeleteObject

shell32

SHGetSpecialFolderPathW

ole32

OleRun
CoCreateInstance
CoCreateGuid
StringFromGUID2

oleaut32

SetErrorInfo
GetErrorInfo
LoadTypeLi
LoadRegTypeLi
VariantChangeType
VariantCopy
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayLock
SafeArrayUnlock
SysFreeString
SafeArrayCreate
SafeArrayDestroy
SafeArrayRedim
SafeArrayCopy
VariantTimeToSystemTime
SystemTimeToVariantTime

atl80

ord32
ord61
ord30
ord58
ord31
ord10
ord11
ord15
ord18
ord22
ord64
ord23

msvcp80

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

msvcr80

_encoded_null
_initterm
_initterm_e
_amsg_exit
_malloc_crt
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_decode_pointer
_onexit
_encode_pointer
_adjust_fdiv
_lock
??3@YAXPAX@Z
_CxxThrowException
_invalid_parameter_noinfo
memmove_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
__CxxFrameHandler3
memcpy_s
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
??_V@YAXPAX@Z
memcpy
calloc
free
memset
_vscprintf
vsprintf_s
_recalloc
iswspace
_wcsicmp
wcsstr
wcsrchr
_wcsupr_s
_vscwprintf
vswprintf_s
_localtime64_s
malloc
_time64
_wtoi
_i64tow
wcscpy_s
_purecall
_wtol
_resetstkoflw
_CIpow
_wcsicoll
_vsnwprintf_s
__RTDynamicCast
wcsspn
wcscspn
ceil
floor
fclose
fprintf
fopen
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit

gdiplus

GdipGetImageEncodersSize
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageEncoders
GdipSaveImageToFile
GdipDisposeImage
GdipAlloc
GdipFree
GdipCloneImage
GdiplusShutdown
GdipGetImageWidth
GdiplusStartup
GdipGetImageThumbnail

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 332KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8c150ff7041a3316224baab2b688b5c7

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

atl80

msvcp80

msvcr80

gdiplus

Exports

Exports

Sections

.text Size: 332KB - Virtual size: 329KB

.rdata Size: 100KB - Virtual size: 97KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 72KB - Virtual size: 70KB

.reloc Size: 36KB - Virtual size: 35KB

.text Size: 116KB - Virtual size: 116KB

.text
Size: 332KB - Virtual size: 329KB

.rdata
Size: 100KB - Virtual size: 97KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 72KB - Virtual size: 70KB

.reloc
Size: 36KB - Virtual size: 35KB

.text
Size: 116KB - Virtual size: 116KB