da0ce05d2a98e232488a534b51c9c90a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

da0ce05d2a98e232488a534b51c9c90a_JaffaCakes118
Size

67KB
MD5

da0ce05d2a98e232488a534b51c9c90a
SHA1

263c59720c8deaaeeabf6ae90d17a86e96704d22
SHA256

bbed0059968ef4d131369db9af75e4616aa9fdf33750988a8b34e46e3fb7e1d9
SHA512

ca09e8ea0b51e02c086dc873499b606ce843e276b759eaf44e98ae0b1eabea9cd5916106258a64a1728c6b58c540f4a2db445a5f0aa328bafb7203865bdde768
SSDEEP

1536:5qicVL4ojSOrHltdxl/o2P6Uk/9P/lEaoOgIlbQ:5zcVbjFt7JpHgtENOgIO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da0ce05d2a98e232488a534b51c9c90a_JaffaCakes118

Files

da0ce05d2a98e232488a534b51c9c90a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1db79e7d8901bb2ee9207a1ca81cc1e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\savxp\build\symbols\Release\ComponentManager.pdb

Imports

kernel32

GetCurrentProcessId
RaiseException
GetProcessHeap
HeapFree
MultiByteToWideChar
lstrlenA
GetModuleFileNameW
FormatMessageW
HeapAlloc
CloseHandle
lstrlenW
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
HeapSize
HeapReAlloc
HeapDestroy
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetCurrentThread
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
GetLastError
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
SetThreadLocale
GetSystemTimeAsFileTime
GetThreadLocale

user32

UnregisterClassA

advapi32

ReportEventW
IsValidSid
OpenProcessToken
EqualSid
OpenThreadToken
DeregisterEventSource
RegisterEventSourceW
GetTokenInformation
CopySid
GetLengthSid

ole32

CoRevertToSelf
CoImpersonateClient
CoCreateInstance

oleaut32

SysFreeString
LoadTypeLi
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SysAllocString
SafeArrayDestroy
SafeArrayGetVartype
LoadRegTypeLi
SysStringLen
SafeArrayUnlock
SafeArrayLock
SafeArrayRedim
SysAllocStringByteLen
VariantCopyInd
SysStringByteLen
VariantClear
VarBstrCmp
SafeArrayCopy

atl80

ord32
ord25
ord31
ord58
ord22
ord18
ord61
ord64
ord15
ord30
ord23

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr80

_encoded_null
_CxxThrowException
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
??3@YAXPAX@Z
malloc
free
??_V@YAXPAX@Z
_recalloc
calloc
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
_purecall
swprintf_s
memcpy_s
_resetstkoflw
??1exception@std@@UAE@XZ
??2@YAPAXI@Z
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
__CxxFrameHandler3
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv

userenv

UnloadUserProfile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1db79e7d8901bb2ee9207a1ca81cc1e2

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

atl80

msvcp80

msvcr80

userenv

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 5KB - Virtual size: 5KB