aee0421a7e7185498f2aa33acec191bd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aee0421a7e7185498f2aa33acec191bd_JaffaCakes118
Size

512KB
MD5

aee0421a7e7185498f2aa33acec191bd
SHA1

76fedd4ffc7272ebf8f5a3260734cace617dc429
SHA256

555eeec1bafb06d761e20d696b03004a623675f7469263754c87cda468a47650
SHA512

eced7361cd807472c65edceb0170310bcf614dcf5fe3914555c955d7c42c282c00d3ce41c2a73e3c7ac5f2ec3ce53ef7e05f8560618af6a6df5230218bb628a1
SSDEEP

12288:ACo3SjdfybLmyRqoXNRS7osBUxRQrJnZVEPL:KSjdfyvHgifpnxRQ9nZiP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aee0421a7e7185498f2aa33acec191bd_JaffaCakes118

Files

aee0421a7e7185498f2aa33acec191bd_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

b4d5fb434625a297d0a5019d6672f4f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

imapi2fs.pdb

Imports

msvcrt

_stricmp
_wremove
_wtoi
malloc
iswspace
_ftol
_wcsupr
wcscmp
__RTtypeid
?name@type_info@@QBEPBDXZ
_time64
_gmtime64
_localtime64
_wstat
_wcsicmp
iswdigit
rand
_vsnprintf
wcsrchr
wcschr
wcsstr
_resetstkoflw
__RTDynamicCast
vswprintf
_vscwprintf
memset
memmove
free
_CxxThrowException
_except_handler3
??3@YAXPAX@Z
wcslen
__CxxFrameHandler
wcstol
_wcslwr
_wcsnicmp
srand
wcsncmp
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
realloc
wcsncpy
??2@YAPAXI@Z

user32

CharNextW
UnregisterClassW
wsprintfW

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

shlwapi

PathFindExtensionW

ole32

CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
CreateErrorInfo
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SafeArrayUnlock
SafeArrayLock
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
VariantInit
GetErrorInfo
VariantClear
BSTR_UserFree
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
SafeArrayCreateVector
SetErrorInfo

kernel32

CreateFileW
GetFileAttributesExW
ReadFile
FindNextFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
GetFileSize
GlobalFree
GlobalAlloc
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
FindFirstFileW
lstrcmpiW
FileTimeToSystemTime
Sleep
GetTempPathW
CloseHandle
GetDiskFreeSpaceExW
WideCharToMultiByte
GetFullPathNameW
LocalFree
FormatMessageW
LocalAlloc
FindResourceExW
LockResource
GetVersionExA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
lstrlenW
lstrcpyW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
QueryPerformanceCounter
GetModuleFileNameW
lstrcpynW
lstrcatW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
SystemTimeToFileTime

rpcrt4

NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrClientCall2

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 393B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4d5fb434625a297d0a5019d6672f4f2

Headers

File Characteristics

PDB Paths

Imports

msvcrt

user32

advapi32

shlwapi

ole32

oleaut32

kernel32

rpcrt4

Exports

Exports

Sections

.text Size: 366KB - Virtual size: 366KB

.orpc Size: 512B - Virtual size: 393B

.data Size: 67KB - Virtual size: 67KB

.rsrc Size: 48KB - Virtual size: 47KB

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 366KB - Virtual size: 366KB

.orpc
Size: 512B - Virtual size: 393B

.data
Size: 67KB - Virtual size: 67KB

.rsrc
Size: 48KB - Virtual size: 47KB

.reloc
Size: 28KB - Virtual size: 28KB