df83d9201bb6774cd9c254e12e968ffd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df83d9201bb6774cd9c254e12e968ffd_JaffaCakes118
Size

121KB
MD5

df83d9201bb6774cd9c254e12e968ffd
SHA1

e39fcce2a3a0595a299756e12ce238559092dd81
SHA256

d54acb7c202107573f244e9019945ddb198dd7ca7e7266a22dbbb93417d4e3ee
SHA512

04cfe3920403c51cd346759a23a5f21c06e1f21a078db808abaacb27f24767670a771c1b5db2b3b430468cbb57a68ad1849c2827b5751b07edc1d735b84db023
SSDEEP

1536:El/dwojaWYJisxnBN+IbGophVOeoLE6H4dDsCZTGiJIf8uXaFt6YxO1IuTtZhAfc:E19SlysFpsyDvGieXaFtVxO13pgkplp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df83d9201bb6774cd9c254e12e968ffd_JaffaCakes118

Files

df83d9201bb6774cd9c254e12e968ffd_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

45eeff942e6ead7cc40a769f0cf103ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\_VSS\Products\DriveCleanerInc\DriveCleaner2006\_Release\UDCShell.pdb

Imports

shlwapi

SHDeleteKeyA
PathRenameExtensionA
StrRetToStrA

kernel32

GetLocaleInfoA
GetThreadLocale
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
lstrcpynW
lstrcatA
FindFirstFileA
FindNextFileA
FindClose
GetFileAttributesExA
GetCurrentThreadId
CreateThread
TerminateThread
GlobalLock
GlobalUnlock
SetLastError
CreateEventA
GetLastError
CloseHandle
GetLogicalDriveStringsA
GetDriveTypeA
GetComputerNameA
LocalFree
GetLogicalDrives
GetModuleFileNameA
CreateFileA
GetFileSize
SetFilePointer
WriteFile
GetACP
MultiByteToWideChar
lstrlenW
FlushFileBuffers
lstrcmpiA
RemoveDirectoryA
SetFileAttributesA
DeleteFileA
InterlockedDecrement
WriteProcessMemory
GetCurrentProcess
VirtualProtect
FindResourceW
FindResourceExW
GetModuleHandleA
InterlockedExchange
WideCharToMultiByte
FindResourceExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
ExitProcess
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LoadResource
FreeLibrary
GetProcAddress
LocalAlloc
LockResource
SizeofResource
FindResourceA
RaiseException
lstrcpyA
lstrlenA
lstrcpynA
LoadLibraryA

user32

RemoveMenu
GetWindowLongA
SetWindowLongA
RedrawWindow
BeginPaint
EndPaint
DefWindowProcA
LoadImageW
LoadImageA
LoadCursorW
LoadCursorA
LoadIconW
LoadBitmapW
LoadBitmapA
LoadStringW
LoadStringA
CopyImage
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
GetDesktopWindow
PostQuitMessage
TranslateAcceleratorA
SetWindowTextA
SetMenuItemInfoA
FindWindowA
SetMenuItemBitmaps
InsertMenuA
LoadIconA
GetMenuStringA
DispatchMessageA
TranslateMessage
DestroyWindow
GetMessageA
ShowWindow
PostThreadMessageA
SetWindowPos
GetSystemMetrics
GetWindowDC
CreateWindowExA
RegisterClassExA
GetKeyState
GetCursorPos
SetCapture
ReleaseDC
GetDC
GetWindowRect
DrawTextA
DestroyAcceleratorTable
SetWindowRgn

gdi32

CreateCompatibleDC
SetBkMode
SetTextColor
DeleteObject
GetStockObject
CreateDIBitmap
CreatePolygonRgn
BitBlt
CreateFontIndirectA
GetObjectA
SelectObject
DeleteDC

shell32

SHChangeNotify
DragQueryFileA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHEmptyRecycleBinA

ole32

ReleaseStgMedium
CoTaskMemFree
CoUninitialize
OleRun
CoCreateInstance
CoInitialize

oleaut32

SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SysFreeString
SysAllocString
SysStringLen
VariantInit
VariantCopy
VariantClear
VariantChangeType
SafeArrayGetUBound

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr71

??0exception@@QAE@ABV0@@Z
wcslen
_CxxThrowException
_except_handler3
__CxxFrameHandler
??0exception@@QAE@XZ
??1exception@@UAE@XZ
time
srand
rand
??_V@YAXPAX@Z
_mbschr
strchr
malloc
vsprintf
_vscprintf
_mbsrchr
_mbsstr
_vscwprintf
vswprintf
memset
_callnewh
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_adjust_fdiv
__CppXcptFilter
__security_error_handler
??3@YAXPAX@Z
free
memmove
_mbscmp
_stricmp

imagehlp

ImageDirectoryEntryToData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllOptions
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 533B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45eeff942e6ead7cc40a769f0cf103ce

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

shell32

ole32

oleaut32

msvcp71

msvcr71

imagehlp

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1KB - Virtual size: 13KB

.tls Size: 1024B - Virtual size: 533B

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1KB - Virtual size: 13KB

.tls
Size: 1024B - Virtual size: 533B

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 8KB - Virtual size: 7KB