b8f0ff7ee25533854025493ec3c9f1d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b8f0ff7ee25533854025493ec3c9f1d7_JaffaCakes118
Size

38KB
MD5

b8f0ff7ee25533854025493ec3c9f1d7
SHA1

0849d17e9406d2c3d0c3d2c51387d32046f4e4d7
SHA256

231787d33581c08f162016862300fa677127ece3ae0cfbc8196286be612a4555
SHA512

24f3c942b63399a0c18ab3f9771fb072b99dcf5880fdff3be4a18b876f8295522f82c35663f1c3b7ce66c8bdb3dad7d945eef60fa3985d45aec21660c0468206
SSDEEP

768:uTERvKYRgrpRqt6LuSBQ6qRD549AFlgsQAygevZRsp:FKsgFRqtAuS66q/49AwsQAygevZRsp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8f0ff7ee25533854025493ec3c9f1d7_JaffaCakes118

Files

b8f0ff7ee25533854025493ec3c9f1d7_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

9dc396059509745dce5e957b04ff53af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

acppage.pdb

Imports

msvcrt

_wcsicmp
memset
??_U@YAPAXI@Z
??2@YAPAXI@Z
malloc
??3@YAXPAX@Z
_XcptFilter
_initterm
_amsg_exit
_adjust_fdiv
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_wcsupr
wcsstr
_vsnwprintf
??_V@YAXPAX@Z
wcscat_s
wcsncpy_s
wcscpy_s
free

kernel32

CreateDirectoryW
GetModuleHandleW
CreateActCtxW
ReleaseActCtx
ActivateActCtx
FreeLibrary
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeactivateActCtx
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
GetModuleFileNameW
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
SetThreadLocale
GetThreadLocale
HeapAlloc
GetProcessHeap
DecodePointer
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
LocalFree
EncodePointer
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
HeapFree
CheckElevationEnabled
GetBinaryTypeW
GetVersionExA
InterlockedExchange

user32

GetDlgItem
EnableWindow
SetWindowLongW
GetSystemMetrics
GetParent
GetWindowLongW
SendMessageW
LoadStringW
SendDlgItemMessageW
UnregisterClassA
CharNextW

shlwapi

PathFindFileNameW
PathFindExtensionW
PathFileExistsW

advapi32

RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey

shell32

ord155
SHParseDisplayName
DragQueryFileW
SHGetNameFromIDList
SHChangeNotify

ole32

HWND_UserFree
HWND_UserUnmarshal
ReleaseStgMedium
CoTaskMemFree
CoGetObject
CoCreateInstance
StringFromGUID2
CoCreateGuid
HWND_UserSize
HWND_UserMarshal

rpcrt4

IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrStubForwardingFunction
NdrStubCall2
NdrOleAllocate
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllUnregisterProxy

oleaut32

SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
SysFreeString

sfc

SfcIsFileProtected

ntdll

NtOpenThreadToken
NtOpenProcessToken
NtClose
NtQueryInformationToken
RtlStringFromGUID
RtlFreeUnicodeString

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wer

WerReportAddFile
WerReportCloseHandle
WerReportSubmit
WerReportSetParameter
WerReportCreate

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9dc396059509745dce5e957b04ff53af

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

shlwapi

advapi32

shell32

ole32

rpcrt4

oleaut32

sfc

ntdll

version

wer

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.orpc Size: 512B - Virtual size: 51B

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 29KB - Virtual size: 29KB

.orpc
Size: 512B - Virtual size: 51B

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 3KB