de8e21cb424ecd5c5397d41949899dc6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de8e21cb424ecd5c5397d41949899dc6_JaffaCakes118
Size

148KB
MD5

de8e21cb424ecd5c5397d41949899dc6
SHA1

8791b38358453e75d693c8d0e1d0d0f72ccbe7c5
SHA256

5de187f4fc0076c8f56f99228be44acfb974a5bb7e4496d09a147506876ff700
SHA512

af78d8948ddbd9497f5ac0c3388f460a9abc26d876b89a5ea0a6f68026f5073c152190d3acba23dd513df7c05552dc056862dc0537aa56745187501649eb746a
SSDEEP

3072:Z7GmE8O106p/Ua5HIE8cxcajpaIwg9DfiJ4McPeSh/JdE6uB6M:Z7S8O1hfJB8G5paIjbMclS6uT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de8e21cb424ecd5c5397d41949899dc6_JaffaCakes118

Files

de8e21cb424ecd5c5397d41949899dc6_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

030767992750047feae6db31f3ec991d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\02. Projects\Output\Release(x86)\Program Files\Common files\CmdAgent.pdb

Imports

kernel32

LoadLibraryA
FlushFileBuffers
WriteFile
CreateFileW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
CopyFileExW
MoveFileWithProgressW
CopyFileW
MoveFileExW
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetFullPathNameW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
CloseHandle
WaitForSingleObject
GetExitCodeProcess
OutputDebugStringW
lstrcpyW
lstrlenW
Sleep
InterlockedExchange
lstrcmpW
lstrcatW
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
FindNextFileW
DeleteFileW
FindClose
GetThreadLocale
SetThreadLocale
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
GetSystemTimeAsFileTime

user32

CharNextW
wsprintfW

advapi32

RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

shell32

ord165

ole32

CoCreateInstance

oleaut32

SysStringLen
SysFreeString
UnRegisterTypeLi
RegisterTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
LoadRegTypeLi
LoadTypeLi
SysAllocString
VariantInit
VariantClear

atl90

ord32
ord30
ord67
ord31
ord64
ord49
ord56
ord68
ord61
ord58
ord15
ord23

shlwapi

SHDeleteKeyW

msvcr90

_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??3@YAXPAX@Z
_CxxThrowException
wcsncpy_s
_wcsnicmp
memcpy
memset
printf
free
__CxxFrameHandler3
??_V@YAXPAX@Z
_purecall
_recalloc
calloc
malloc
_resetstkoflw
??_U@YAPAXI@Z
??2@YAPAXI@Z
__dllonexit
_except_handler4_common
?terminate@@YAXXZ
_unlock
__CppXcptFilter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

030767992750047feae6db31f3ec991d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl90

shlwapi

msvcr90

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 108KB - Virtual size: 108KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 108KB - Virtual size: 108KB

.reloc
Size: 3KB - Virtual size: 3KB