b1942c051ecde41e4a66d8bbcdf6a3d8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b1942c051ecde41e4a66d8bbcdf6a3d8_JaffaCakes118
Size

428KB
MD5

b1942c051ecde41e4a66d8bbcdf6a3d8
SHA1

173b2c55c33fda4baee5606e237aa030c317690c
SHA256

00ceea90e14e382e2fc6e2f1dda4d4c6d074028336164cc283eed3d6094207c4
SHA512

d13a3a4c0f792d6fd690a86c9f6bd1c0f5e324c53217e19b87250aab791fad70c9ea7a146b69ac307a8103b3d509b006775d5abb38366ae6b0e4eed71b11891e
SSDEEP

6144:xY4UWqtDym8cR48P40WnwIjw8mhkDVTLZFFUurgltnjWQkSUqsWkp:xY4UWqtDye48Pcnwt7Wt8YctJw7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1942c051ecde41e4a66d8bbcdf6a3d8_JaffaCakes118

Files

b1942c051ecde41e4a66d8bbcdf6a3d8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e689e4bc405fced2898f429901c9722f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetThreadPriority
GetCurrentThread
OutputDebugStringW
LocalFree
CreateMutexW
ReleaseMutex
FindClose
FindNextFileW
FindFirstFileW
lstrcpyW
EnterCriticalSection
LeaveCriticalSection
GetLastError
lstrcmpiW
GetModuleFileNameW
GetModuleHandleW
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
lstrcatW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetEvent
CreateEventW
GetProcAddress
LoadLibraryA
SetErrorMode
LoadLibraryW
GetTickCount
QueryPerformanceCounter
ExitProcess
InterlockedCompareExchange
GetCurrentProcessId
GetVersionExA
GetSystemTimeAsFileTime
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
WaitForMultipleObjects
CloseHandle
lstrcpynW
DeleteCriticalSection
GetThreadLocale
GetLocaleInfoA
GetACP
DisableThreadLibraryCalls
InterlockedExchange

user32

PeekMessageW
DispatchMessageW
TranslateMessage
CharToOemW
OemToCharW
LoadStringW
OemToCharA
CharToOemA
LoadStringA
CharNextW
MsgWaitForMultipleObjects

gdi32

DeleteDC
GetDeviceCaps
CreateICW

advapi32

RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
StringFromGUID2
CoInitialize

oleaut32

SysAllocString
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VarBstrCat
VariantInit
CreateErrorInfo
SetErrorInfo
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SafeArrayAccessData
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VariantCopy
VarBstrCmp
VariantClear

rpcrt4

NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrStubCall2

msvcr71

_beginthreadex
memmove
towupper
wcslen
malloc
wcsncpy
realloc
_resetstkoflw
floor
fabs
mktime
localtime
wcscat
wcscpy
_wsplitpath
strchr
strstr
strncmp
wcsstr
strncpy
_CIpow
_errno
isprint
ceil
_CIfmod
towlower
toupper
tolower
strtol
_fpclass
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
??2@YAPAXI@Z
??0exception@@QAE@ABV0@@Z
sprintf
wcschr
atof
_wtol
swprintf
wcscmp
wcsncmp
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_except_handler3
_CxxThrowException
??3@YAXPAX@Z
__CxxFrameHandler
??0exception@@QAE@XZ
??1exception@@UAE@XZ
free
_stricmp
_wcsicmp
memset
__security_error_handler

shlwapi

PathFindExtensionW

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 173B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e689e4bc405fced2898f429901c9722f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

rpcrt4

msvcr71

shlwapi

msvcp71

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 178KB

.orpc Size: 4KB - Virtual size: 173B

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 124KB - Virtual size: 189KB

.rsrc Size: 24KB - Virtual size: 21KB

.reloc Size: 24KB - Virtual size: 21KB

.text
Size: 180KB - Virtual size: 178KB

.orpc
Size: 4KB - Virtual size: 173B

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 124KB - Virtual size: 189KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 24KB - Virtual size: 21KB