b4d8d40a208587e983bcbceee1802361_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b4d8d40a208587e983bcbceee1802361_JaffaCakes118
Size

697KB
MD5

b4d8d40a208587e983bcbceee1802361
SHA1

091d5b5dd67a201a5ed8d1cff4d4ef73396726e7
SHA256

b6d43b1ecedaa562c489e7b80a1ec9aec50883e7e34c40aa791dd1663248e223
SHA512

8186330940dbce237ded7d4497964a17755967b7f2591c12049c04bb60bf8bfbd6d9e2f16ffd63cc388df67ae141f7b4428b35748f5a5323d650d4f0b577998f
SSDEEP

12288:X6Uk5FKIpMIhqsnoi2CaF+cY0ReqNh65wMTq8JQ2EPd4FRM5M0Cs1DIQyz5U5yJC:0ZpMIDoi2Cq5DNh65nI2EPd4FRM5M0C7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4d8d40a208587e983bcbceee1802361_JaffaCakes118

Files

b4d8d40a208587e983bcbceee1802361_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

59a7be369968836837f673f9f8f37cac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wmpmde.pdb

Imports

msvcrt

_unlock
localeconv
isleadbyte
__mb_cur_max
mbtowc
_iob
_lock
isspace
isdigit
calloc
_ismbblead
_mbsdec
wcsrchr
wcscspn
iswxdigit
isxdigit
towupper
towlower
_snprintf
iswdigit
_ultoa
_strnicmp
strncmp
_wcsicmp
_itoa
wctomb
malloc
ferror
iswctype
wcstombs
_ultow
memmove
_wcsnicmp
wcsncmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_CIsqrt
_ftol
_CIpow
_vsnwprintf
_ui64tow
_ltow
__dllonexit
_onexit
_XcptFilter
_initterm
_amsg_exit
_adjust_fdiv
realloc
__badioinfo
__pioinfo
_read
_fileno
_lseeki64
_write
_isatty
ungetc
free
memcpy
_purecall
memset
_pwctype
__lc_collate_cp
_wcsupr
_wcslwr
_strupr
_strlwr
_ecvt
_gcvt
_mbsupr
_errno
_mbslwr
__CxxFrameHandler
iswalpha
_i64tow

mfplat

MFUnlockPlatform
MFGetSockaddrFromNumericName
DestroyPropVariant
CopyPropVariant
PropVariantToStream
PropVariantFromStream
MFCreateFile
MFPutWorkItem
MFCreateCollection
MFUnwrapMediaType
MFStartup
MFShutdown
MFGetPlatform
MFGetConfigurationDWORD
MFHeapAlloc
MFHeapFree
MFGetNumericNameFromSockaddr
MFCancelWorkItem
MFGetSystemTime
MFJoinIoPort
MFScheduleWorkItemEx
MFGetConfigurationStore
MFCreateGuid
MFPutWorkItemEx
MFLockPlatform

ws2_32

inet_addr

kernel32

IsProcessorFeaturePresent
DelayLoadFailureHook
HeapReAlloc
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCurrentProcessId
GetModuleHandleW
GetVersionExA
DeviceIoControl
FreeEnvironmentStringsA
FreeEnvironmentStringsW
lstrlenA
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
GlobalMemoryStatus
GetModuleHandleA
GetFileAttributesExW
GetTickCount
WaitForMultipleObjectsEx
SetEvent
Sleep
GetCurrentThreadId
CreateEventW
ReleaseSemaphore
InterlockedExchange
CreateSemaphoreW
HeapSize
WaitForSingleObjectEx
GetSystemInfo
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
OutputDebugStringA
WideCharToMultiByte
CreateFileW
GetFileSize
CloseHandle
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapFree
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
InterlockedCompareExchange
DisableThreadLibraryCalls
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
lstrlenW
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
lstrcpyW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime

user32

CharNextW

advapi32

TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
GetTraceEnableFlags

ole32

PropVariantCopy
CoTaskMemFree
PropVariantClear
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc

oleaut32

SysStringLen
RegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MFCreateNetVRoot
MFCreateWMPMDEOpCenter

Sections

.text
Size: 557KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59a7be369968836837f673f9f8f37cac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

mfplat

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 557KB - Virtual size: 556KB

.data Size: 15KB - Virtual size: 25KB

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 557KB - Virtual size: 556KB

.data
Size: 15KB - Virtual size: 25KB

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 24KB - Virtual size: 24KB