de25ac681b486ed9504894c2f37c7d89_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

de25ac681b486ed9504894c2f37c7d89_JaffaCakes118
Size

327KB
MD5

de25ac681b486ed9504894c2f37c7d89
SHA1

909f65c54c28811066e98370680598b86303fb7d
SHA256

d131a5cfb9086e34a5a5ce9839e3207fa6a386da89759d789436aceb7358a09c
SHA512

672772784ad198a14f5ef65347b4ab9149bc45e7edfbd9d47c9868cc6d9e0894e0bc6ebbc5d847500d07fb45fa23ae83fe6c65a949cd243af8416317d2516dfb
SSDEEP

6144:fATql5jYgi+dMtiL2JMfTZSAaphsgsDlOTbmFjd8NNxn6d/ed0SRdATt3XMoDEnN:fATql5ni+VfFEbve/e2G6ZnDkN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de25ac681b486ed9504894c2f37c7d89_JaffaCakes118

Files

de25ac681b486ed9504894c2f37c7d89_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

745967fc8f648ca76eb6e9324b7148c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\binaries.x86ret\bin\i386\bbt\opt\bin\i386\vspkgs\compsvcspkg.pdb

Imports

advapi32

CryptAcquireContextW
CryptAcquireContextA
CryptCreateHash
RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyW
RegQueryValueExW
CryptReleaseContext
CryptGenKey
CryptDestroyKey
CryptGetUserKey
CryptExportKey
CryptGetProvParam
CryptEnumProvidersW
CryptHashData
CryptGetHashParam
CryptDestroyHash

comctl32

ImageList_LoadImageW
ImageList_Destroy

gdi32

DeleteDC
CreateFontIndirectW
CreatePen
LineTo
MoveToEx
CreateCompatibleBitmap
GetObjectW
GetStockObject
GetDeviceCaps
DeleteObject
SelectObject
BitBlt
CreateSolidBrush
CreateCompatibleDC

kernel32

ReadFile
GetFileSize
WriteFile
DeleteFileW
CloseHandle
GetProcessHeap
LocalAlloc
SearchPathW
HeapFree
CreateFileW
GetFileType
SetEndOfFile
SetFilePointer
FlushFileBuffers
lstrcpyW
CreateDirectoryW
GetVersionExW
GetFileAttributesW
GetFullPathNameW
GetEnvironmentVariableW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
ExpandEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
SetLastError
GetLastError
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
lstrcmpiW
GetModuleFileNameW
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryW
MulDiv
lstrcmpW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
RaiseException
FindClose
FindNextFileW
FindFirstFileW
GetProcAddress

mscoree

StrongNameFreeBuffer
StrongNameErrorInfo
StrongNameKeyGen
StrongNameKeyInstall
GetCORSystemDirectory
LoadLibraryShim
GetFileVersion

msvcr80

qsort
_wsplitpath_s
wcspbrk
_wcsnicmp
memcpy
__CxxFrameHandler3
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
wcstok_s
memmove_s
memcpy_s
_purecall
wcscpy_s
wcsrchr
??_U@YAPAXI@Z
swprintf_s
wcsncpy_s
malloc
??_V@YAXPAX@Z
free
_recalloc
_wtol
wcstoul
iswdigit
_itow_s
wcscat_s
wcsncpy
_wcsicmp
wcschr
_ultow_s
_vscwprintf
vswprintf_s
iswspace
memmove
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
_itow
wcsspn

ole32

CoTaskMemRealloc
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
OleLockRunning
StringFromGUID2
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoCreateGuid

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
OleCreateFontIndirect
SysStringByteLen
VarUI4FromStr
VariantInit
VariantClear
SysStringLen
LoadRegTypeLi
LoadTypeLi
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetElement
SetErrorInfo
GetErrorInfo
SysAllocStringByteLen
VarBstrCat
DispCallFunc
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo

secur32

GetUserNameExW

user32

InvalidateRgn
GetDesktopWindow
GetDlgItem
GetParent
SetCapture
MoveWindow
ScreenToClient
ClientToScreen
CreateAcceleratorTableW
SetWindowPos
GetClassNameW
RedrawWindow
SendMessageW
IsWindow
GetWindow
SetFocus
GetFocus
IsChild
ReleaseDC
GetDC
EndPaint
FillRect
GetClientRect
BeginPaint
GetSysColor
DestroyAcceleratorTable
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
CharNextW
GetWindowLongW
InvalidateRect
CallWindowProcW
DestroyWindow
CreateWindowExW
RegisterClassExW
GetClassInfoExW
LoadCursorW
SetWindowLongW
GetSystemMetrics
PtInRect
ShowWindow
EnableWindow
GetWindowRect
SendDlgItemMessageW
DialogBoxIndirectParamW
EndDialog
DialogBoxParamW
GetDlgCtrlID
SendMessageA
KillTimer
UnhookWindowsHookEx
MapWindowPoints
SystemParametersInfoW
IntersectRect
SetWindowsHookExW
UpdateWindow
SetCursor
GetCursorPos
SetCursorPos
SetTimer
SetDlgItemTextW
PostMessageW
DefWindowProcW
ReleaseCapture
MessageBoxW
GetActiveWindow
IsWindowEnabled
LoadStringW
UnregisterClassA
SetWindowTextW
CallNextHookEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 151KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

745967fc8f648ca76eb6e9324b7148c5

Headers

File Characteristics

PDB Paths

Imports

advapi32

comctl32

gdi32

kernel32

mscoree

msvcr80

ole32

oleaut32

secur32

user32

Exports

Exports

Sections

.text Size: 143KB - Virtual size: 143KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 7KB - Virtual size: 6KB

.text Size: 151KB - Virtual size: 152KB

.text
Size: 143KB - Virtual size: 143KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 151KB - Virtual size: 152KB