a1e227ee90f5941ed2b586e1e0d88742_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a1e227ee90f5941ed2b586e1e0d88742_JaffaCakes118
Size

322KB
MD5

a1e227ee90f5941ed2b586e1e0d88742
SHA1

b2eb1d142b87611a47a5910208dbce64c3720de0
SHA256

8528412facbcea1413bd5393a4a04a3af192e7619a38e810274aa00b6097baf0
SHA512

9aa5ef05b8631f1f80875612360d58fb24cb32ec0f0fcccfd09fafaa7a889e1ed3f0b23e049097319a2ecbe0cd4f1e5f2d056b793787e94bca1821f2120cde27
SSDEEP

6144:E6ALLHSft5wNiejETMv3dwItDroK/y7QrTVCpqEmDgTka:EJvHSft5wsAEwfSIdroKVTVCgEmDa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1e227ee90f5941ed2b586e1e0d88742_JaffaCakes118

Files

a1e227ee90f5941ed2b586e1e0d88742_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

5ab8eec2bd1d686e218a946c33aff295

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\svn\montiera\dvlp\bin\bbyln\escortApp.pdb

Imports

iphlpapi

GetAdaptersInfo

kernel32

lstrlenA
MultiByteToWideChar
lstrcmpiA
lstrlenW
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
IsDBCSLeadByte
GetModuleHandleW
FreeLibrary
FindResourceA
LoadLibraryExA
SetThreadLocale
GetThreadLocale
GetCurrentThreadId
LoadLibraryA
InitializeCriticalSection
DeleteFileA
GetVolumeInformationA
WaitForSingleObject
GetTickCount
ReleaseMutex
SetEvent
ResetEvent
CloseHandle
CreateMutexA
CreateEventA
FindResourceExW
Sleep
GetModuleHandleA
ReadFile
WriteFile
SetFilePointer
GetFileSize
VirtualProtect
VirtualQuery
GetCurrentProcess
GetVersionExA
GetEnvironmentVariableA
SetEnvironmentVariableA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
SetLastError
FindFirstFileA
FindNextFileA
FindClose
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
WideCharToMultiByte
CreateFileA
GetProcAddress
GetCurrentProcessId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CompareStringW
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
GetModuleFileNameW
GetStdHandle
ExitProcess
GetCommandLineA
GetSystemTimeAsFileTime
GetSystemInfo
VirtualAlloc
RtlUnwind
EncodePointer
DecodePointer
LocalFree
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetStringTypeW
LCMapStringW
LoadLibraryW
GetTimeZoneInformation

user32

CharNextA
KillTimer
SetTimer
CharNextW
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
GetParent

advapi32

RegQueryValueExA
RegQueryInfoKeyA
RegQueryInfoKeyW
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA

shell32

ord165
SHGetSpecialFolderPathA
SHGetFileInfoA

ole32

OleRun
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateGuid

oleaut32

SysFreeString
SysStringLen
VariantInit
VariantClear
VariantCopy
VarBstrCat
VarBstrCmp
DispCallFunc
SysStringByteLen
SysAllocStringByteLen
RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysAllocString
SysAllocStringLen

shlwapi

StrStrW
StrCmpIW
PathFindNextComponentA
PathAppendA
PathIsURLW
SHSetValueA
SHGetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
newUsrRgstr

Sections

.text
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ab8eec2bd1d686e218a946c33aff295

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 226KB - Virtual size: 225KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 15KB - Virtual size: 27KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 226KB - Virtual size: 225KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 15KB - Virtual size: 27KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 27KB - Virtual size: 27KB