b4e148c786b5d5f5c186634b61ec5f97_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b4e148c786b5d5f5c186634b61ec5f97_JaffaCakes118
Size

193KB
MD5

b4e148c786b5d5f5c186634b61ec5f97
SHA1

e9f7488d6b066351a24ec803470a4b7ff1a12e41
SHA256

1135101e0acdf179672a05c6317c2f4cf0e9ff94b7cd2c0cb83573bbc71bf336
SHA512

a70538390ce2e4a6f828b4e1102d8af2f6909d616e68163278a1330d38d6e6ef1fdba9af19499eeba75c2f7981a08c586c4c747a3468bef8ad2fc17a7604ae93
SSDEEP

3072:/73MITL/9oSmkbx3ZtffjBTnIwanLMvt8qY1w6MQY0Dzx:TdTpountf75Iwk7qyMQT9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4e148c786b5d5f5c186634b61ec5f97_JaffaCakes118

Files

b4e148c786b5d5f5c186634b61ec5f97_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

cef4fbca5da8f1ceb161e89d7b681856

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\DOCUME~1\bld4act\LOCALS~1\Temp\Hpolaris\optPolaris\baseline\WMPBand.pdb

Imports

msvcrt

_wtoi
towupper
wcsstr
bsearch
iswdigit
wcsncmp
??_U@YAPAXI@Z
wcschr
wcspbrk
wcsrchr
_beginthreadex
_vsnwprintf
_wcsnicmp
towlower
iswspace
_wtol
_wcsicmp
_onexit
_lock
__dllonexit
_unlock
memmove
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
??_V@YAXPAX@Z
memcpy
realloc
malloc
memset
??2@YAPAXI@Z
free
_purecall
??3@YAXPAX@Z

uxtheme

OpenThemeData
DrawThemeParentBackground
CloseThemeData

kernel32

SetErrorMode
CreateThread
WaitForSingleObject
CreateMutexW
DebugBreak
GetDriveTypeW
CreateFileW
WideCharToMultiByte
CloseHandle
DeviceIoControl
CreateFileA
GetVersion
GetLastError
lstrcpyW
InitializeCriticalSection
QueryDosDeviceW
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
lstrlenW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MultiByteToWideChar
lstrcmpiW
RaiseException
lstrcpynW
lstrcatW
GlobalAddAtomW
GlobalDeleteAtom
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
InterlockedExchange
Sleep
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileAttributesW
SetLastError
GetExitCodeThread
DeleteCriticalSection
ExpandEnvironmentStringsW
CompareStringW
CompareStringA

advapi32

RegQueryValueExW
TraceMessage
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoInitializeEx
CoUninitialize
CoMarshalInterface
CoUnmarshalInterface
RegisterDragDrop
RevokeDragDrop
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VariantInit
VariantClear
SysStringLen
RegisterTypeLi
VarUI4FromStr
SysAllocString
SysFreeString
SysAllocStringLen
LoadRegTypeLi
VariantCopy
VariantChangeType
LoadTypeLi

user32

FillRect
SetForegroundWindow
CharPrevW
SetWindowPos
SendMessageW
EnumWindows
GetClassNameW
GetParent
FindWindowW
IsWindowVisible
ShowWindow
PostMessageW
CharNextW
LoadCursorW
RegisterClassW
CreateWindowExW
SetLayeredWindowAttributes
SetWindowLongW
BeginPaint
EndPaint
UnregisterClassW
DestroyAcceleratorTable
GetClientRect
CreateAcceleratorTableW
IsWindow
DestroyWindow
DefWindowProcW
InvalidateRgn
InvalidateRect
GetTopWindow
GetDC
SetFocus
GetFocus
KillTimer
IntersectRect
SetTimer
GetDesktopWindow
MonitorFromRect
GetMonitorInfoW
GetWindowLongW
GetWindow
GetWindowRect
EqualRect
SetRect
UnregisterHotKey
GetClassNameA
GetWindowThreadProcessId
SendMessageTimeoutA
GetAsyncKeyState
CharNextA
RegisterHotKey
IsIconic
ReleaseDC
GetCursorPos

gdi32

GetDeviceCaps

shell32

ShellExecuteExW

shlwapi

PathGetCharTypeW
PathGetCharTypeA

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetGetConnectionW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 99KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cef4fbca5da8f1ceb161e89d7b681856

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

uxtheme

kernel32

advapi32

ole32

oleaut32

user32

gdi32

shell32

shlwapi

mpr

Exports

Exports

Sections

.text Size: 81KB - Virtual size: 81KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 5KB - Virtual size: 4KB

.text Size: 99KB - Virtual size: 100KB

.text
Size: 81KB - Virtual size: 81KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 99KB - Virtual size: 100KB