d49f4c48948c786e8056a3a524167ff3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d49f4c48948c786e8056a3a524167ff3_JaffaCakes118
Size

836KB
MD5

d49f4c48948c786e8056a3a524167ff3
SHA1

31b24f8c4453dab33caf4f0772f0174506f9b553
SHA256

31c98e51ba992b75a0e140f74734f48642572525be279c355bf6aedbd45467cd
SHA512

5cf5da9e71c48dd86b30c0b011d786dc4e603ea38ca821d84f0f612c9212e039c5a9d85391ac8244c7fc5d4071672a0814c21421db7674368b21355178e59edc
SSDEEP

12288:/QhrMuWApktHeq5Z5vgHSw1HF0UVWmk4+IX28l7wcqBcaRKUwLVM7:KrM+ktHbgHSqF3OSl7ACaR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d49f4c48948c786e8056a3a524167ff3_JaffaCakes118

Files

d49f4c48948c786e8056a3a524167ff3_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

ac64d5c37964e1669cfd480e8230d628

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

oledb32.pdb

Imports

msvcrt

_purecall
memset
memcpy_s
__CxxFrameHandler3
_CxxThrowException
wcschr
_vsnprintf
_vsnwprintf
iswdigit
iswspace
swscanf_s
towlower
ceil
_controlfp
floor
_ftol2_sse
_ecvt_s
_finite
_ui64tow
_i64tow
_ui64toa
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler4_common
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memmove_s
memcpy
time
iswlower
towupper
wcsrchr
_wcsicmp
_wmakepath_s
memmove
_errno
wcstol
_ltow
_wsplitpath_s
_wcsnicmp
_wcslwr
_itoa
_itow
_ultoa
_ultow
_i64toa

msdart

MPInitializeCriticalSection
GetIUMS
??1CReaderWriterLock3AR@@QAE@XZ
??0CReaderWriterLock3AR@@QAE@XZ
?WriteLock@CReaderWriterLock3AR@@QAEXXZ
?ConvertSharedToExclusive@CReaderWriterLock3AR@@QAEXXZ
?ReadUnlock@CReaderWriterLock3AR@@QAEXXZ
?WriteUnlock@CReaderWriterLock3AR@@QAEXXZ
?ReadLock@CReaderWriterLock3AR@@QAEXXZ
UMSEnterCSWraper
MPInitializeCriticalSectionAndSpinCount
MPDeleteCriticalSection
MpGetHeapHandle
FXMemAttach
FXMemDetach
mpRealloc
MpHeapFree
mpMalloc
mpFree
MpHeapAlloc

kernel32

ExpandEnvironmentStringsA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
OutputDebugStringA
VirtualFree
HeapAlloc
GetProcessHeap
HeapFree
GetUserDefaultUILanguage
GetShortPathNameW
MultiByteToWideChar
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
lstrlenW
GetLastError
CloseHandle
GetCurrentProcess
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
lstrcmpiW
lstrlenA
SetLastError
VirtualQuery
GetVersion
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExW
VirtualProtect
VirtualAlloc
GetSystemInfo
lstrcpyW
RaiseException
InterlockedIncrement
InterlockedDecrement
FlushInstructionCache
GetModuleFileNameW
lstrcatW
lstrcpynW
GetModuleHandleW
GetCurrentThread
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetFileSize
CreateFileW
DisableThreadLibraryCalls
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
InterlockedExchange
Sleep
ResetEvent
CreateEventW
CreateDirectoryW
InterlockedCompareExchange
GetLongPathNameW
LoadLibraryW
LockResource
GetThreadLocale
LocalFree
LocalLock
FormatMessageW
ExpandEnvironmentStringsW
MulDiv
SetEvent
TerminateThread
CreateThread
InitializeSListHead
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
GetUserDefaultLCID
InterlockedCompareExchange64
GetComputerNameW
ReadFile
GetFileType
SetEndOfFile
WriteFile

user32

GetDialogBaseUnits
WinHelpW
GetCursorPos
ScreenToClient
SetCursor
DialogBoxParamW
SetFocus
SendDlgItemMessageW
IsWindowEnabled
SetDlgItemTextW
CheckRadioButton
GetActiveWindow
LoadIconW
EnableWindow
SetWindowTextW
PostMessageW
MessageBoxW
GetSystemMetrics
GetDC
ReleaseDC
CharNextExA
GetWindowTextLengthW
GetWindowTextW
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SendMessageW
GetDlgItem
GetTopWindow
LoadStringW
CharNextW
EndDialog
GetWindow
GetParent
GetWindowLongW
SetWindowLongW
SetWindowPos
LoadCursorW

gdi32

SelectObject
GetTextMetricsW
GetTextExtentPointW
DeleteObject
CreateFontIndirectW
GetDeviceCaps

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
CopySid
GetLengthSid
RegSetValueW
RegEnumValueW
RegNotifyChangeKeyValue
OpenThreadToken
RegDeleteValueW
RegQueryInfoKeyW
EqualSid
GetTokenInformation
RegEnumKeyExW
RegDeleteKeyW
OpenProcessToken

shell32

DragQueryFileW

ole32

CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
ProgIDFromCLSID
CoCreateInstance
StringFromCLSID
CoGetClassObject
CreatePointerMoniker
CLSIDFromString
StringFromGUID2
PropVariantCopy
CoUninitialize
CoInitialize
CLSIDFromProgID
CoGetMalloc

oleaut32

VarI1FromUI4
VarUI1FromUI4
VarI2FromUI4
VarUI2FromUI4
VarCyFromUI4
VarDecFromUI4
VarI1FromStr
VarUI1FromStr
VarI2FromStr
VarUI2FromStr
VarBoolFromStr
VarUI4FromStr
VarR4FromStr
VarR8FromStr
VarDecFromUI2
VarDecFromStr
VarDateFromStr
SafeArrayCreate
SafeArrayLock
SafeArrayUnlock
SystemTimeToVariantTime
VariantChangeTypeEx
VariantTimeToSystemTime
SafeArrayCopy
GetErrorInfo
VarI4FromStr
LoadTypeLi
RegisterTypeLi
CreateErrorInfo
VariantCopy
VariantInit
SysAllocStringLen
SysStringLen
SetErrorInfo
LoadRegTypeLi
VariantChangeType
VariantClear
SysStringByteLen
SysFreeString
SysAllocString
VarCyFromUI1
VarR8FromUI1
VarR4FromUI1
VarUI4FromUI1
VarI4FromUI1
VarCyFromUI2
VarUI1FromUI2
VarI1FromUI2
VarCyFromStr
VarDecFromI2
VarCyFromI2
VarUI1FromBool
VarI1FromBool
VarBstrFromDate
VarBstrFromCy
VarR8FromCy
VarR4FromCy
VarUI4FromCy
VarI4FromCy
VarBoolFromCy
VarDecFromCy
VarUI2FromCy
VarI2FromCy
VarUI1FromCy
VarI1FromCy
VarR4FromR8
VarUI4FromR8
VarI4FromR8
VarUI2FromR8
VarI2FromR8
VarUI1FromR8
VarI1FromR8
VarCyFromR8
VarDecFromR8
VarCyFromR4
VarDecFromR4
VarUI4FromR4
VarI4FromR4
VarUI2FromR4
VarI2FromR4
VarUI1FromR4
VarI1FromR4
VarDecFromI4
VarCyFromI4
VarUI2FromI4
VarI2FromI4
VarUI1FromI4
VarI1FromI4
VarUI1FromI2
VarI1FromI2
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetDim
VarUI2FromUI1
VarI2FromUI1
VarI1FromDec
VarUI1FromDec
VarI2FromDec
VarUI2FromDec
VarBoolFromDec
VarI4FromDec
VarUI4FromDec
VarR4FromDec
VarR8FromDec
VarCyFromDec
VarBstrFromDec
VarI2FromI1
VarUI2FromI1
VarI4FromI1
VarUI4FromI1
VarR4FromI1
VarR8FromI1
VarCyFromI1
VarDecFromI1
VarDecFromUI1

comctl32

CreatePropertySheetPageW
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
ImageList_LoadImageW
DestroyPropertySheetPage
PropertySheetW

comdlg32

CommDlgExtendedError
GetOpenFileNameW

wininet

InternetCrackUrlA
InternetCrackUrlW
InternetCanonicalizeUrlW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
OpenDSLFile

Sections

.text
Size: 520KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdbid
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac64d5c37964e1669cfd480e8230d628

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

msdart

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

wininet

Exports

Exports

Sections

.text Size: 520KB - Virtual size: 516KB

.data Size: 12KB - Virtual size: 12KB

.sdbid Size: 168KB - Virtual size: 166KB

.rsrc Size: 96KB - Virtual size: 93KB

.reloc Size: 36KB - Virtual size: 34KB

.text
Size: 520KB - Virtual size: 516KB

.data
Size: 12KB - Virtual size: 12KB

.sdbid
Size: 168KB - Virtual size: 166KB

.rsrc
Size: 96KB - Virtual size: 93KB

.reloc
Size: 36KB - Virtual size: 34KB