c26c39c519b02b7a193ee390e546154a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c26c39c519b02b7a193ee390e546154a_JaffaCakes118
Size

350KB
MD5

c26c39c519b02b7a193ee390e546154a
SHA1

e4e1a9ac0792ba21c36ac603ce3ab581d1782c83
SHA256

e59940aafe3bf85fa470d3291a455490b6916e5dcf372d41b10e7a463b8fc1ee
SHA512

9ea904e44759fdf14bdac24c1d8de1f481cf8acd862726436332b95b96b639a7ce9130b5aa73ce55c9956fde4ebc52bcf064f68c69322c3cfd0643ca22279422
SSDEEP

6144:KUlhmvdnndKSOmwLIPC1lhXOa5R/ikRPUxpuV743wbIJROAqRej:KQdXfR/iAPUWV7jIJl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c26c39c519b02b7a193ee390e546154a_JaffaCakes118

Files

c26c39c519b02b7a193ee390e546154a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

2f11f30220380afc5a492ed840703be2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\savxp\build\symbols\Release\ICManagement.pdb

Imports

kernel32

SetThreadPriority
LoadLibraryW
FreeLibrary
QueryDosDeviceW
ReadFile
DeleteFileW
CreateFileMappingW
GetFileSize
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetSystemInfo
SignalObjectAndWait
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GlobalMemoryStatusEx
FileTimeToSystemTime
GetLongPathNameW
ExpandEnvironmentStringsW
GetSystemTime
GetProcAddress
DeviceIoControl
SetFilePointer
GetModuleHandleW
WriteFile
CreateFileW
SetLastError
ResetEvent
LoadResource
LockResource
SizeofResource
FormatMessageW
GetCurrentProcess
GetProcessHeap
HeapAlloc
FindResourceW
GetTickCount
GetDriveTypeW
HeapFree
FindResourceExW
SetThreadLocale
GetThreadLocale
CreateEventW
RaiseException
WaitForSingleObject
CreateThread
ResumeThread
GetSystemTimeAsFileTime
SetEvent
WaitForMultipleObjects
MultiByteToWideChar
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
CloseHandle
GetModuleFileNameW
DeleteCriticalSection
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
LocalFree
EnterCriticalSection
GetCurrentThread
InterlockedDecrement
InterlockedIncrement
GetLastError

user32

wsprintfW
UnregisterClassA

advapi32

GetAclInformation
OpenThreadToken
GetLengthSid
LookupPrivilegeValueW
CopySid
IsValidSid
GetTokenInformation
AdjustTokenPrivileges
LookupAccountSidW
RegCloseKey
RegCreateKeyExW
RegNotifyChangeKeyValue
RegQueryValueExW
GetSecurityDescriptorLength
GetSidLengthRequired
GetSecurityDescriptorControl
InitializeSid
MakeSelfRelativeSD
MakeAbsoluteSD
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetSecurityDescriptorDacl
ConvertStringSidToSidW
InitializeAcl
AddAce
SetSecurityDescriptorDacl
GetSidSubAuthority
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
DuplicateTokenEx
EqualSid
RevertToSelf
SetThreadToken
OpenProcessToken

shell32

SHGetFolderPathW

ole32

CLSIDFromString
CoImpersonateClient
CoCreateInstance
CLSIDFromProgID
OleRun
CoInitializeEx
CoUninitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoRevertToSelf

oleaut32

SafeArrayGetDim
SafeArrayLock
SafeArrayUnlock
SysAllocStringLen
VariantCopy
LoadRegTypeLi
SafeArrayGetLBound
VariantInit
LoadTypeLi
SafeArrayGetUBound
VariantCopyInd
SafeArrayGetVartype
SysStringLen
SafeArrayCopy
SafeArrayCreate
SafeArrayDestroy
SafeArrayRedim
SysAllocString
VariantChangeType
SafeArrayAccessData
SafeArrayGetElement
SafeArrayCreateVectorEx
SafeArrayUnaccessData
GetRecordInfoFromGuids
VariantClear
VarBstrCmp
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
SysAllocStringByteLen
SysStringByteLen

atl80

ord11
ord10
ord18
ord15
ord64
ord61
ord23
ord22
ord25
ord31
ord30
ord58
ord32

shlwapi

PathAppendW

userenv

UnloadUserProfile

msvcp80

?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
?reserve@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?at@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
?_Register@facet@locale@std@@QAEXXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?deallocate@?$allocator@G@std@@QAEXPAGI@Z
?allocate@?$allocator@G@std@@QAEPAGI@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?id@?$ctype@G@std@@2V0locale@2@A
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEHPBGH@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??0_Lockit@std@@QAE@H@Z
?str@?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?widen@?$ctype@G@std@@QBEGD@Z
??1locale@std@@QAE@XZ
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??$?6GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??_D?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z

msvcr80

wcsncpy
_time64
wcsspn
_wcsnicmp
wcscspn
swprintf_s
ceil
_wtoi
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
isalpha
sprintf
_CxxThrowException
memset
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
memcpy
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
__CxxFrameHandler3
_localtime64_s
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
memcpy_s
??2@YAPAXI@Z
malloc
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
memmove_s
free
_purecall
_resetstkoflw
??_V@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
calloc
_vswprintf
wcsncmp

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f11f30220380afc5a492ed840703be2

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl80

shlwapi

userenv

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 227KB - Virtual size: 226KB

.rdata Size: 82KB - Virtual size: 81KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 227KB - Virtual size: 226KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 23KB - Virtual size: 23KB