c07121ee245a0bfc60e66350a75d5f88_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c07121ee245a0bfc60e66350a75d5f88_JaffaCakes118
Size

149KB
MD5

c07121ee245a0bfc60e66350a75d5f88
SHA1

d71a779727badf2e45cabb749d22247be82acdc1
SHA256

c89d6be6959297837bef125aaf63a92f22b71ffd51844a25a2ec24b6916c6a83
SHA512

88b7fbed15dc10e2fb030fe02fe8c99596ff7cad24d50402046a5f1bc59b0ae92996edfc307f865658e5dd2624b0c4d330e655349077c2488b002ded89e50b5e
SSDEEP

1536:4+m9s/CE/BMAKdWNxXj3JOKORwoY21wqBNc1yECwmmcjNjwebvOso5cPqqzJ3eSj:459s0UjpFOFgtHmmJLqzJOD5xCsT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c07121ee245a0bfc60e66350a75d5f88_JaffaCakes118

Files

c07121ee245a0bfc60e66350a75d5f88_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

f6f1a6672d05a246baedc8971b82bdae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\PC_Test\Release\MBIService\BIService.pdb

Imports

kernel32

GetLastError
GetProcAddress
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetTickCount
Sleep
SetEvent
WaitForSingleObject
CloseHandle
CreateEventW
GetPrivateProfileIntW
FindResourceExW
EnterCriticalSection
LeaveCriticalSection
SetThreadLocale
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
SetStdHandle
GetLocaleInfoW
LCMapStringW
LCMapStringA
GetStringTypeW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetCurrentThreadId
lstrlenW
CreateFileA
WriteConsoleW
GetStringTypeA
FlushFileBuffers
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LoadLibraryA
GetConsoleOutputCP
WriteConsoleA
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
VirtualFree
VirtualAlloc
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetModuleHandleA
SetFilePointer
InitializeCriticalSectionAndSpinCount

user32

CharNextW
SendMessageW
PostMessageW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringLen
VarUI4FromStr
SysFreeString
SysAllocStringLen
SysAllocString

shlwapi

PathRemoveFileSpecW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6f1a6672d05a246baedc8971b82bdae

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 104KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 6KB - Virtual size: 15KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 104KB - Virtual size: 104KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 6KB - Virtual size: 15KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 9KB - Virtual size: 8KB