c216b6b227ddf65b9d7e2a8492272396_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c216b6b227ddf65b9d7e2a8492272396_JaffaCakes118
Size

164KB
MD5

c216b6b227ddf65b9d7e2a8492272396
SHA1

db2ac32c6f98c5382b914fbf843803136c827407
SHA256

c39bce26d2f199809249287c0c6f6bdd5e3585165c1eae753cb18847b8f3ae53
SHA512

a572ead664e83114eb1f4f30c74a376dd06ea8f2dbb6b69fa26b8698633b2b03e3ae6f6e5fd61d67003f53f066d4e556ee39f236bd0a80fa696b3dbe5a8630d1
SSDEEP

3072:qBen+zcWvaHgOlsGjfiPPRt5LmMSV9LQuHEgQd:HnyyHgOls8iPPD5LmrVx8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c216b6b227ddf65b9d7e2a8492272396_JaffaCakes118

Files

c216b6b227ddf65b9d7e2a8492272396_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ee176334bed8710f7b619b2105e1cf60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\devel\projects\xpcombridge\xpatlcom\release\XPATLCOM.pdb

Imports

xpcom

NS_Alloc

kernel32

LoadLibraryA
GetProcAddress
GetLastError
lstrcmpiW
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
FreeLibrary
LeaveCriticalSection
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
WideCharToMultiByte
SetThreadLocale
GetThreadLocale
InterlockedExchange
GetLocaleInfoA
EnterCriticalSection
RaiseException
lstrlenW
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SizeofResource
GetACP
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
GetVersionExA
Sleep

user32

CharNextW
UnregisterClassA

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

ole32

CLSIDFromString
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
VariantClear
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi
VarUI4FromStr
SysStringLen
SysAllocStringLen
SysFreeString

msvcr80

__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??3@YAXPAX@Z
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
malloc
free
memcpy_s
_CxxThrowException
wcsncpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
_purecall
_recalloc
??_U@YAPAXI@Z
??2@YAPAXI@Z
memset
wcscpy_s
wcscat_s
memcpy
strcpy
strlen
_except_handler4_common
?terminate@@YAXXZ
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer

nspr4

PR_AtomicDecrement
PR_AtomicIncrement

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NSGetModule

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee176334bed8710f7b619b2105e1cf60

Headers

File Characteristics

PDB Paths

Imports

xpcom

kernel32

user32

advapi32

ole32

oleaut32

msvcr80

nspr4

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 108KB - Virtual size: 104KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 108KB - Virtual size: 104KB

.reloc
Size: 4KB - Virtual size: 3KB