db895f460a50a067cd570cde6634c216_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db895f460a50a067cd570cde6634c216_JaffaCakes118
Size

249KB
MD5

db895f460a50a067cd570cde6634c216
SHA1

152f6aeaa75f1305a673580d7b4f3b9e7b7c102e
SHA256

e4951ad6f48c35947903a60371869fc1af8e8e70b7adf7062d8b98c4fff5238b
SHA512

7375849e6fa9c13719a9252c3f8c5ba049e05c2ddf0a527be857b14903e4a54b7404869722c22e059e3038213c4bd0ed5d360832e9557857ba8f0ee92af0b512
SSDEEP

6144:ba20Iak9LaMoH9sHTgdxQrarhqrkYHjRS6d:mWEPsHTDrKf8h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db895f460a50a067cd570cde6634c216_JaffaCakes118

Files

db895f460a50a067cd570cde6634c216_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

c8aaaf762dc674214c3927cbf1674d60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

qutil.pdb

Imports

msvcrt

wcsrchr
_CxxThrowException
?what@exception@@UBEPBDXZ
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
realloc
malloc
__CxxFrameHandler
free
wcslen
_except_handler3
??0exception@@QAE@ABV0@@Z

ntdll

RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
wcscpy
memset
wcsncpy
memcmp
_vsnwprintf
_snprintf
memmove

advapi32

OpenThreadToken
RevertToSelf
SetThreadToken
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegNotifyChangeKeyValue
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegCreateKeyExW
RegSetValueExW
RegCloseKey

kernel32

GetModuleHandleExW
HeapSize
InterlockedExchangeAdd
HeapDestroy
HeapCreate
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
CloseHandle
TerminateThread
HeapAlloc
SetEvent
WaitForMultipleObjects
GetLastError
CreateThread
CreateEventW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
lstrcpynW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
GetVersionExA
lstrlenA
GetModuleFileNameA
UnmapViewOfFile
VirtualAlloc
IsBadReadPtr
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
GetVersion
HeapFree
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
FileTimeToSystemTime

ole32

CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VarUI4FromStr

rpcrt4

NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
NdrCStdStubBuffer_Release
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
NdrDllCanUnloadNow
CStdStubBuffer_CountRefs

user32

CharNextW

msvcp60

?length@?$char_traits@G@std@@SAIPBG@Z
??0bad_alloc@std@@QAE@ABV01@@Z
??_7bad_alloc@std@@6B@
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@PBD@Z
?_Doraise@bad_alloc@std@@MBEXXZ
?_Xlen@std@@YAXXZ
?copy@?$char_traits@G@std@@SAPAGPAGPBGI@Z
?nothrow@std@@3Unothrow_t@1@B

Exports

Exports

ServiceMain
AllocCountedString
AllocFixupInfo
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FreeConnections
FreeCountedString
FreeFixupInfo
FreeIsolationInfo
FreeIsolationInfoEx
FreeNapComponentRegistrationInfoArray
FreeNetworkSoH
FreePrivateData
FreeSoH
FreeSoHAttributeValue
FreeSystemHealthAgentState
InitializeNapAgentNotifier
UninitializeNapAgentNotifier

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 107B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8aaaf762dc674214c3927cbf1674d60

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

kernel32

ole32

oleaut32

rpcrt4

user32

msvcp60

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.orpc Size: 512B - Virtual size: 107B

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 176KB - Virtual size: 176KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 59KB

.orpc
Size: 512B - Virtual size: 107B

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 176KB - Virtual size: 176KB

.reloc
Size: 7KB - Virtual size: 6KB