b271bcb6ec8a536ece2f775d11e18849_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b271bcb6ec8a536ece2f775d11e18849_JaffaCakes118
Size

142KB
MD5

b271bcb6ec8a536ece2f775d11e18849
SHA1

153ed27b0e90c39b28f3ad597d8cc90bd32690f6
SHA256

6874eb77ca52d11ebd33e4842f8945e177f6973b894b64b8b5b6e33dd34d3d4f
SHA512

842a3c8a78247ade18597154eae613fb7c557372ba14d1b8b08229f3e2574ca154494a4d2862c57dab1b522086eba6b8aa841e266646dd0d49fb1ddc22bf855e
SSDEEP

1536:jgwvjMPYnetWzOvQQ5VngghIKkV4EgPnjTKcDtjGz4350eaEr5vJEGxk1AeOAwI6:jXMaOuVKj+cDVX5J5s1AeOAwSAMcqwtL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b271bcb6ec8a536ece2f775d11e18849_JaffaCakes118

Files

b271bcb6ec8a536ece2f775d11e18849_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

cd9ebe45353680b2cf81c9e5a847b50a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\savxp\build\symbols\Release\DCManagement.pdb

Imports

kernel32

GetProcessHeap
FormatMessageW
CloseHandle
GetTickCount
TerminateProcess
SetEvent
WaitForSingleObject
HeapAlloc
CreateEventW
ResetEvent
CreateThread
WaitForMultipleObjects
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentThread
GetCurrentProcess
Sleep
FreeLibrary
GetModuleFileNameW
InterlockedDecrement
lstrcmpiW
GetLastError
InterlockedIncrement
LeaveCriticalSection
InitializeCriticalSection
lstrlenW
LoadLibraryExW
FindResourceW
LoadResource
EnterCriticalSection
SizeofResource
GetModuleHandleW
MultiByteToWideChar
RaiseException
DeleteCriticalSection
SetThreadLocale
TerminateThread
GetThreadLocale
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA

user32

CharNextW
wsprintfW
LoadStringW
UnregisterClassA

advapi32

OpenSCManagerW
ControlService
QueryServiceStatusEx
StartServiceW
CloseServiceHandle
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
OpenThreadToken
OpenProcessToken
EqualSid
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW
OpenServiceW

ole32

CoRevertToSelf
CoImpersonateClient
CoGetInterfaceAndReleaseStream
ProgIDFromCLSID
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoTaskMemRealloc
CoInitializeEx
CoUninitialize
CoMarshalInterThreadInterfaceInStream
OleRun

oleaut32

SetErrorInfo
CreateErrorInfo
VariantChangeType
VariantCopyInd
LoadRegTypeLi
VariantClear
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetVartype
VariantCopy
SafeArrayUnlock
VariantInit
SafeArrayDestroy
SafeArrayCopy
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringLen
VarBstrCmp
SafeArrayCreate
SafeArrayRedim
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysStringLen
SysFreeString
RegisterTypeLi
VarUI4FromStr

msvcp80

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z

msvcr80

??0exception@std@@QAE@XZ
__CxxFrameHandler3
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_purecall
_vscwprintf
vswprintf_s
_vswprintf
_CxxThrowException
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
??3@YAXPAX@Z
memcpy_s
_recalloc
wcsncpy_s
malloc
wcscat_s
wcscpy_s
??_V@YAXPAX@Z
free
swprintf_s
_resetstkoflw
??2@YAPAXI@Z

userenv

UnloadUserProfile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd9ebe45353680b2cf81c9e5a847b50a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp80

msvcr80

userenv

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 92KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 92KB - Virtual size: 92KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 10KB - Virtual size: 10KB