d74686bb10073876998b136bfd1f1eff_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d74686bb10073876998b136bfd1f1eff_JaffaCakes118
Size

219KB
MD5

d74686bb10073876998b136bfd1f1eff
SHA1

10827e13b704e963e7bd99111a638c50a2b3aa29
SHA256

1b7920e131de0bc72ebab25fc3179bccefca44bc524b2024afa9d6530db4b408
SHA512

05e6c06f9c1b12b9bafdaabfd1e0c29014169604fefce366a39a99d81050b2f172354b77f0939560699e317501207c774ceba1b6c0b5d78b590de256a0c2b9f8
SSDEEP

6144:dtfzZTPrxCtYBPtKWOhBkmpGDlTiCubcYTzlx5:d/9PMTWLu4izl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d74686bb10073876998b136bfd1f1eff_JaffaCakes118

Files

d74686bb10073876998b136bfd1f1eff_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

1c88dd4eda8b39f5ad38133ac04423f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ServDeps.pdb

Imports

mfc42u

ord823
ord825

msvcrt

_onexit
__dllonexit
wcscpy
swprintf
_except_handler3
__CxxFrameHandler
_wcsicmp
_CxxThrowException
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_adjust_fdiv
malloc
_initterm
_purecall
free
wcsncmp
realloc
_endthread
_beginthread
mbstowcs

atl

ord16
ord58
ord32
ord15
ord23
ord22
ord18
ord43
ord44
ord21

mmfutil

?DisplayAVIBox@@YGHPAUHWND__@@PBG1PAPAU1@@Z
?DisplayUserMessage@@YGHPAUHWND__@@PAUHINSTANCE__@@IIW4ERROR_SRC@@JI@Z

kernel32

MultiByteToWideChar
lstrlenA
GetModuleHandleA
GetLastError
GetModuleHandleW
GetProcAddress
FlushInstructionCache
GetCurrentProcess
InterlockedIncrement
lstrlenW
LoadLibraryW
SetLastError
OutputDebugStringA
LoadLibraryA
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
GetShortPathNameW
lstrcmpiW
lstrcpyW
GlobalFree
GlobalAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
GetProcessHeap
HeapAlloc
VirtualFree
VirtualAlloc
CloseHandle
GetCurrentThread
CreateEventW
SetEvent
SetThreadPriority
LocalFree
GetVersionExW
GetModuleFileNameW
WaitForSingleObject

user32

GetDlgItem
MsgWaitForMultipleObjects
LoadStringW
SendMessageW
EnableWindow
PeekMessageW
DispatchMessageW
IsWindow
GetSystemMetrics
ShowCursor
LoadCursorW
SetCursor
LoadImageW
LoadBitmapW
RegisterClipboardFormatW
GetParent
wsprintfW
LoadIconW
PostMessageW
SetDlgItemTextW
SetFocus
InvalidateRect
UpdateWindow
WinHelpW
SetWindowLongW

advapi32

RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW

oleaut32

SysAllocStringByteLen
SysStringLen
VariantClear
VariantCopy
VariantInit
SysAllocString
SysFreeString
VariantChangeType

ole32

CoCreateInstance
OleRun
CoQueryProxyBlanket
CoInitialize
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoGetInterfaceAndReleaseStream

gdi32

DeleteObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c88dd4eda8b39f5ad38133ac04423f2

Headers

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

atl

mmfutil

kernel32

user32

advapi32

oleaut32

ole32

gdi32

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 166KB - Virtual size: 166KB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 166KB - Virtual size: 166KB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 5KB - Virtual size: 4KB