c87b39bf9cfb5ab9f316f8c57dcbf4fb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c87b39bf9cfb5ab9f316f8c57dcbf4fb_JaffaCakes118
Size

444KB
MD5

c87b39bf9cfb5ab9f316f8c57dcbf4fb
SHA1

e9c2b58d99d42c12a72debe36a4d228d26b22f01
SHA256

e7f79b625aed0c903aac849853581172a5b58d8aaebd33e987133e6ad2fd4b85
SHA512

8c2b008a5974e41cd8123b4052d46c6ef1600f2e3b416d332522c82e8b43f9e9a48081920e743c001351dd76b5f88ea80c54196b67a103fca90226a55a7eb44e
SSDEEP

12288:VnTX//ekbE1XW58wV8nyMeao5dfQq0cH+5/bNiVd6iZlo:9TX//ekbE1pyqoCG2mdxo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c87b39bf9cfb5ab9f316f8c57dcbf4fb_JaffaCakes118

Files

c87b39bf9cfb5ab9f316f8c57dcbf4fb_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

bde53be99e85961e67dbdc6fb3ac1f5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

FindResourceExW
GetLastError
lstrcmpiW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
ReleaseSemaphore
SetFileTime
CreateFileW
WriteFile
MulDiv
ReadFile
GetFileSizeEx
FormatMessageW
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetFileAttributesW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
Sleep
GetLocalTime
DeleteFileW
GetTempPathW
ExitThread
ReleaseMutex
CreateMutexW
RemoveDirectoryW
GetExitCodeProcess
CreateProcessW
FileTimeToSystemTime
FileTimeToLocalFileTime
SetThreadPriority
OpenMutexW
FindResourceW
TerminateThread
GetExitCodeThread
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
GetLocaleInfoW
FindNextFileW
WideCharToMultiByte
GetProcAddress
LoadLibraryW
HeapValidate
GetProcessHeap
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
LocalFileTimeToFileTime
SystemTimeToFileTime
GetDiskFreeSpaceW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess
LockResource
LoadResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
CreateSemaphoreW
CloseHandle
GetVersionExA
InterlockedCompareExchange
TerminateProcess
CreateThread

user32

MessageBoxW
DefWindowProcW
RegisterClassW
LoadCursorW
CharNextW
LoadIconW
SetTimer
ShowWindow
KillTimer
IsWindow
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterWindowMessageW
PostMessageW
UnregisterClassA

gdi32

GetStockObject

advapi32

RegOpenKeyW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

StringFromGUID2
CoInitialize
CLSIDFromProgID
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
SysAllocStringLen
SysFreeString

msvcp80

??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ

msvcr80

_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_adjust_fdiv
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
_recalloc
??3@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
__CxxFrameHandler3
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??2@YAPAXI@Z
memcpy_s
memmove_s
malloc
free
wcsncpy_s
memset
_mktime64
iswspace
wcscmp
_wcsicmp
wcschr
wcsrchr
_vscwprintf
vswprintf_s
wcslen
_wsplitpath_s
??_V@YAXPAX@Z
_purecall
memcmp
_wstat64i32
wcsstr
_wcsupr_s
wcscpy_s
wcscat_s
_wtoi
_time64
_localtime64_s
fread
fseek
fclose
_wfopen_s
_wtoi64
wcstombs_s
sprintf_s
strlen
mbstowcs_s
__clean_type_info_names_internal

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bde53be99e85961e67dbdc6fb3ac1f5b

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 170KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 172KB - Virtual size: 172KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 172KB - Virtual size: 172KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 20KB - Virtual size: 16KB