b1a6d050aafb763eaa36e2d473954ec1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b1a6d050aafb763eaa36e2d473954ec1_JaffaCakes118
Size

120KB
MD5

b1a6d050aafb763eaa36e2d473954ec1
SHA1

007342b26b4fce02cb7458a80f8431c83521fe9a
SHA256

ca9d580072589ed793e9d60e293feb22d87745f0a36e83e321bf17ad30ab09fc
SHA512

41bc7c36f5ba3fb3f16bd3ac25c3db37c06b7b4ef7ef3acb23a8e3054e89aaefc3e96fd1a8881e55e7f088db8c3038777f7ee7dfc1d38418bb586775fc247b36
SSDEEP

3072:y4gUVdbKItX16OA+WpJK+9TWamAx56Vo:y4gUVpKeMOA+Gc+9qa8V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1a6d050aafb763eaa36e2d473954ec1_JaffaCakes118

Files

b1a6d050aafb763eaa36e2d473954ec1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

28790504bc841795e6d488e948641c4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\perf_rb_2008_07\scout\common\nmlogcxx\release\NMLogCxx.pdb

Imports

log4cxx

?forcedLog@Logger@log4cxx@@QAEXABV?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PBDH@Z
?INFO@Level@log4cxx@@2V?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@B
?isDebugEnabled@Logger@log4cxx@@QBE_NXZ
?isInfoEnabled@Logger@log4cxx@@QBE_NXZ
?getLogger@Logger@log4cxx@@SA?AV?$ObjectPtrT@VLogger@log4cxx@@@helpers@2@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?FATAL@Level@log4cxx@@2V?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@B
?ERROR@Level@log4cxx@@2V?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@B
?isErrorEnabled@Logger@log4cxx@@QBE_NXZ
?configure@PropertyConfigurator@log4cxx@@SAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?isFatalEnabled@Logger@log4cxx@@QBE_NXZ
?WARN@Level@log4cxx@@2V?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@B
?isWarnEnabled@Logger@log4cxx@@QBE_NXZ
?DEBUG@Level@log4cxx@@2V?$ObjectPtrT@VLevel@log4cxx@@@helpers@2@B

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
GetModuleFileNameW
QueryPerformanceCounter
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
InterlockedCompareExchange
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
SetThreadLocale
GetThreadLocale
WideCharToMultiByte
Sleep
InterlockedExchange
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetLocaleInfoA
GetVersionExA
InterlockedIncrement
SizeofResource

user32

UnregisterClassA
CharNextW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

oleaut32

SysFreeString
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
BSTR_UserFree

rpcrt4

IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_Disconnect

msvcr80

_invalid_parameter_noinfo
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
calloc
??2@YAPAXI@Z
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
memset
??_U@YAPAXI@Z
_recalloc
__CxxFrameHandler3
??_V@YAXPAX@Z
wcscat_s
wcsncpy_s
wcscpy_s
_CxxThrowException
memcpy_s
free
malloc
??3@YAXPAX@Z
??0bad_cast@std@@QAE@PBD@Z

shlwapi

PathRemoveFileSpecW
PathAppendW

msvcp80

?allocate@?$allocator@_W@std@@QAEPA_WIPBX@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??_7ios_base@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?init@?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAEXPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?copy@?$char_traits@_W@std@@SAPA_WPA_WPB_WI@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?facet_Register@facet@locale@std@@CAXPAV123@@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_WH@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHPB_WH@Z
?_Xsgetn_s@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHPA_WIH@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHPA_WH@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?underflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?pbackfail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGG@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 267B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28790504bc841795e6d488e948641c4d

Headers

File Characteristics

PDB Paths

Imports

log4cxx

kernel32

user32

advapi32

ole32

oleaut32

rpcrt4

msvcr80

shlwapi

msvcp80

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.orpc Size: 4KB - Virtual size: 267B

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 56KB - Virtual size: 54KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 30KB

.orpc
Size: 4KB - Virtual size: 267B

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 56KB - Virtual size: 54KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB