abb512be108b076fa0e88ef1d92ca725_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

abb512be108b076fa0e88ef1d92ca725_JaffaCakes118
Size

232KB
MD5

abb512be108b076fa0e88ef1d92ca725
SHA1

2da39d6d710427aafd009452d280db0e7a0d45f1
SHA256

17a23d0b6f387c8260631a5a6f70d5ffb1e82a5b0ee52963eaffc81198b5a4a4
SHA512

5bb958c80c9da658e3982bf317928f8e4b5e725b7e605e0bdee571936ef5117d0deb0d514f43439abf85988a89f318ee5dc44040e872313edc4fb0fc77ed253e
SSDEEP

3072:VNrcFup2lTkIZbFYLeTjwu0kCbaX46DdgXXqj1UmUanT9AeWVCc2mv:LrcFC21kIhFYLeD5FbT9ABVz2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abb512be108b076fa0e88ef1d92ca725_JaffaCakes118

Files

abb512be108b076fa0e88ef1d92ca725_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

94b68942a192dcfb582819100488db53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
InterlockedIncrement
InterlockedDecrement
FlushInstructionCache
GetCurrentProcess
LocalFree
FormatMessageA
FreeResource
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
GetTempPathA
LockResource
GetPrivateProfileIntA
DeleteFileA
GetPrivateProfileStringA
OutputDebugStringA
GetTickCount
GetSystemPowerStatus
GetProfileStringA
GetProfileIntA
IsDBCSLeadByte
WritePrivateProfileStringA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetPrivateProfileSectionNamesA
ReleaseMutex
FindClose
FindNextFileA
FindFirstFileA
WaitForSingleObject
CreateMutexA
SetFilePointer
CreateDirectoryA
GetFileAttributesA
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetModuleFileNameA
GetShortPathNameA
DisableThreadLibraryCalls
WideCharToMultiByte
lstrlenW
lstrlenA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
InitializeCriticalSection
LocalAlloc

user32

DefWindowProcA
GetWindowLongA
wsprintfA
CharNextA
LoadStringA

advapi32

RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CLSIDFromString
ProgIDFromCLSID

oleaut32

CreateErrorInfo
SetErrorInfo
SysAllocStringByteLen
LoadRegTypeLi
DispCallFunc
SysAllocStringLen
SysStringLen
SysAllocString
SysFreeString
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantClear
SafeArrayUnlock
SafeArrayLock
VarUI4FromStr
LoadTypeLi
RegisterTypeLi

rpcrt4

NdrStubForwardingFunction
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
_mbsicmp
isdigit
calloc
_ltoa
__mb_cur_max
_isctype
_pctype
iswctype
atoi
__CxxFrameHandler
time
localtime
_mbsrchr
strcat
sprintf
_mbschr
strcpy
strlen
wcscmp
_itoa
realloc
malloc
free
memset
_mbstok
atol
??2@YAPAXI@Z
memcpy
??3@YAXPAX@Z
memcmp

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

Exports

Exports

?COMWndProc@@YGJPAUHWND__@@IIJ@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 43B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94b68942a192dcfb582819100488db53

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

rpcrt4

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 60KB

.orpc Size: 4KB - Virtual size: 43B

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 132KB - Virtual size: 131KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 64KB - Virtual size: 60KB

.orpc
Size: 4KB - Virtual size: 43B

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 132KB - Virtual size: 131KB

.reloc
Size: 8KB - Virtual size: 7KB