c86da38016aa84d876c11dc7484a3cbb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c86da38016aa84d876c11dc7484a3cbb_JaffaCakes118
Size

232KB
MD5

c86da38016aa84d876c11dc7484a3cbb
SHA1

4c9f23d94efe4a71c2e0fc887d246cc58d7bce15
SHA256

fa75c82e453b6925b598ef97d5c7c7c140c594124e67b6f0f9dfed7df50d7821
SHA512

73a4fde77b21c688f132b0ae3001ff6379854409aeb273be7674d541ef4a6d765133c3a23592760d2bf986d0019803001612d48e13c657c00e5e06e9bfc7e901
SSDEEP

3072:bdb7z76JVhTDyGTMFYlePHZAqrB9woxBt0nIOXe3VFekN0g7gPlftvFW:8BTsZRN9jxrOXe3ukOmklftQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c86da38016aa84d876c11dc7484a3cbb_JaffaCakes118

Files

c86da38016aa84d876c11dc7484a3cbb_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

55b506eb312f20225488aef6f725667d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\depot\workscd\Common\Components\wksprint\Release\wkpr80.pdb

Imports

wkwbl

?_WksHeapDestroy@@YAPAXPAX@Z
?Init@CWblMessages@@QAEXPAUHINSTANCE__@@@Z
?_WksHeapCreate@@YAPAXKKK@Z
??0CWblMessages@@QAE@XZ
?NCompareRgwch@MWblStrings@@SAHPBGH0H_N@Z
?CbRgwchToRgch@MWblStrings@@SAHPBGHPADH@Z
?CwchRgchToRgwch@MWblStrings@@SAHPBDHPAGH@Z
?CchFromSz@MWblStrings@@SAHPBD@Z
?BOsIsWide@@YG_NXZ
?CbWzToSz@MWblStrings@@SAHPBGPADH@Z
?CwchSzToWz@MWblStrings@@SAHPBDPAGH@Z
?CwchIntToWz@MWblStrings@@SAHHHPAGI@Z
?CwchFromWz@MWblStrings@@SAHPBG@Z
?NCompareWz@MWblStrings@@SAHPBG0_N@Z
?Failure@CWblMessages@@QAEXPAUHWND__@@PBG@Z
?FailureF@CWblMessages@@QAAXPAUHWND__@@PBGZZ
?NCompareLocRgwch@MWblStrings@@SAHPBGH0HW4EStringCompareType@@@Z
?LoadUIResourceDLL@MWblIntl@@SAPAUHINSTANCE__@@PBGPAU2@@Z
?ProcessWindowMessage@CWfxContextHelp@@QAEHPAUHWND__@@IIJAAJK@Z
?CwchLoadWz@MWblIntl@@SAHPAUHINSTANCE__@@IPAGH@Z
??3@YAXPAX0K@Z
?OperatorNew@@YAPAXIPAXK@Z
??2@YAPAXIPAXK@Z
?Failure@CWblMessages@@QAEXPAUHWND__@@H@Z
?NMessageBox@CWblMessages@@QAEHPAUHWND__@@IH@Z
?FailureFormatWz@CWblMessages@@QAEXPAUHWND__@@HPAPAG@Z
?OperatorDelete@@YAXPAX@Z

wkwat

?HrInitWksGen@@YAJK@Z
?CleanUpWksGen@@YAXXZ

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
ExitProcess
GetVersionExA
LoadLibraryA
GetProcAddress
LocalAlloc
DisableThreadLibraryCalls
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GlobalSize
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InitializeCriticalSection
DeleteCriticalSection
RaiseException
GetProcessHeap
GlobalLock
GlobalUnlock
GlobalFree
HeapFree
GetCurrentProcess
FlushInstructionCache
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
GetLastError
MulDiv
GlobalAlloc

user32

MessageBeep
TranslateMessage
IsWindowVisible
SetActiveWindow
UpdateWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
IsChild
GetFocus
RedrawWindow
SetCapture
ReleaseCapture
InvalidateRgn
GetDesktopWindow
CheckRadioButton
MoveWindow
ScreenToClient
CallNextHookEx
GetActiveWindow
EndDialog
UnhookWindowsHookEx
GetKeyState
GetWindow
GetWindowRect
MapWindowPoints
GetClientRect
SetWindowPos
IsWindow
ShowWindow
SetFocus
DestroyWindow
ReleaseDC
GetDC
FrameRect
FillRect
GetSysColor
InflateRect
OffsetRect
EnableWindow
InvalidateRect
GetDlgItem
GetParent

gdi32

CreateSolidBrush
CreatePen
MoveToEx
LineTo
DeleteDC
SelectObject
CreateCompatibleBitmap
GetStockObject
GetDeviceCaps
BitBlt
CreateCompatibleDC
DeleteObject

winspool.drv

ClosePrinter

advapi32

RegCloseKey

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromCLSID
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemAlloc

oleaut32

SafeArrayAccessData
SysFreeString
SysAllocString
SysAllocStringLen
OleCreateFontIndirect
VariantInit
SafeArrayCreateVector
LoadRegTypeLi
LoadTypeLi
SysStringLen
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SafeArrayDestroy
SafeArrayUnaccessData
VariantClear
SysStringByteLen

wkwinuni

ord220
ord179
ord110
ord56
ord87
ord139
ord31
ord2
ord136
ord53
ord165
ord101
ord124
ord35
ord13
ord122
ord319
ord34
ord326
ord167
ord128
ord134
ord109
ord112
ord45
ord104
ord68
ord133
ord141
ord108
ord111
ord67
ord72
ord144
ord145
ord143
ord113
ord129
ord140
ord102
ord26
ord126
ord157
ord83
ord155
ord156
ord12
ord173
ord241
ord177
ord137
ord149
ord148
ord88
ord166

shlwapi

PathFindExtensionW

msvcr71

_CxxThrowException
free
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
strlen
memmove
abs
_purecall
_vsnwprintf
wcslen
memcmp
realloc
malloc
_initterm
_adjust_fdiv
__CppXcptFilter
__security_error_handler
memcpy
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
wcsncpy
__CxxFrameHandler
_except_handler3
memset

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55b506eb312f20225488aef6f725667d

Headers

File Characteristics

PDB Paths

Imports

wkwbl

wkwat

kernel32

user32

gdi32

winspool.drv

advapi32

ole32

oleaut32

wkwinuni

shlwapi

msvcr71

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 112KB - Virtual size: 110KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 112KB - Virtual size: 110KB

.reloc
Size: 8KB - Virtual size: 6KB