e2347dcbc83bd7c431a1099bccfd52ad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e2347dcbc83bd7c431a1099bccfd52ad_JaffaCakes118
Size

291KB
MD5

e2347dcbc83bd7c431a1099bccfd52ad
SHA1

dcd0c4e385dad06448f43fd38795b832f569cbd3
SHA256

9864d997d5993e3c9d172996ed6f589b4770791d0a66eec37f485765d543950f
SHA512

ce5fb91b9fad10986e88e5d3093151a7def0d408750e169fc7aa7614dcd6be748350b6123a411d421fd6ebd47dfbf2edab4d6bbb873b9b0091b95355e3f242b5
SSDEEP

3072:zhLnPtM20fBO2QlzMjZ7BXiX28MytrpLyFlSdBxbBB2dGSjc3atZfEfAn/DOYUPO:BnPtMllQlzUZ78M8p2lSHxbBBUL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2347dcbc83bd7c431a1099bccfd52ad_JaffaCakes118

Files

e2347dcbc83bd7c431a1099bccfd52ad_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

2fc8103d647a5e23a6064be1105ca8fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wbemcntl.pdb

Imports

msvcrt

_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_adjust_fdiv
malloc
_initterm
_CxxThrowException
_wcsupr
_itow
_wcsicmp
_purecall
wcsncpy
mbstowcs
_errno
iswalpha
wcstoul
wcscmp
wcsncat
swprintf
realloc
free
iswdigit
vswprintf
_ltow
swscanf
_wtol
_wcsnicmp
wcsspn
_except_handler3
_wsplitpath
wcscat
_beginthread
wcscpy
_endthread
atof
wcstombs
wcslen
??2@YAPAXI@Z
_wtoi
wcsncmp
??3@YAXPAX@Z
__CxxFrameHandler

atl

ord18
ord44
ord43
ord35
ord31
ord30
ord58
ord32
ord47
ord16
ord21
ord22
ord23
ord15

kernel32

InterlockedDecrement
WideCharToMultiByte
SetThreadPriority
GetCurrentThread
GetVersionExW
GetLastError
CloseHandle
lstrcpyW
lstrlenW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
InterlockedIncrement
GetComputerNameW
LoadLibraryA
GetCurrentProcess
FreeLibrary
lstrcatW
LocalAlloc
GetWindowsDirectoryW
CreateThread
Sleep
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
GetShortPathNameW
lstrcmpiW
GetSystemWindowsDirectoryW
GlobalFree
GlobalAlloc
FlushInstructionCache
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MultiByteToWideChar
lstrlenA
LocalFree
HeapFree
GetProcessHeap
HeapAlloc
VirtualFree
VirtualAlloc
LCMapStringW
CreateEventW
WaitForSingleObject
SetEvent
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation

user32

GetSysColor
FrameRect
GetSysColorBrush
GetDC
InflateRect
MapWindowPoints
GetWindowRect
GetSystemMetrics
GetClientRect
SetScrollInfo
RegisterClassW
CreateWindowExW
SetFocus
GetFocus
GetMessagePos
SetCursor
LoadCursorW
DrawFocusRect
LoadIconW
DestroyIcon
MessageBeep
EndDialog
DialogBoxParamW
LoadBitmapW
GetWindowTextLengthW
SetForegroundWindow
RegisterClipboardFormatW
DestroyMenu
GetMenuItemInfoW
GetSubMenu
LoadMenuW
GetActiveWindow
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
ReleaseDC
DestroyWindow
SetScrollRange
MoveWindow
GetWindowLongW
GetScrollInfo
SetScrollPos
ScrollWindow
GetDlgCtrlID
DefWindowProcW
MapDialogRect
SystemParametersInfoW
SetWindowPos
PostMessageW
GetParent
LoadStringW
EnableWindow
MessageBoxW
IsWindowEnabled
WinHelpW
IsDlgButtonChecked
GetWindowTextW
ShowWindow
SetDlgItemTextW
CheckRadioButton
GetDlgItem
SetWindowTextW
SendDlgItemMessageW
SendMessageW
SetWindowLongW

advapi32

RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenThreadToken
ImpersonateSelf
IsValidSid
LookupAccountSidW
GetTokenInformation
GetLengthSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
MakeSelfRelativeSD
GetSecurityDescriptorLength
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSidLengthRequired
CopySid
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
MapGenericMask
OpenProcessToken

oleaut32

SysStringLen
VariantInit
VariantCopy
SysFreeString
VariantChangeType
VariantClear
SysAllocStringByteLen
SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringLen
SysAllocString
GetErrorInfo
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate

ole32

OleRun
CoQueryProxyBlanket
CoMarshalInterThreadInterfaceInStream
StringFromCLSID
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoCreateInstanceEx
CoUninitialize
CoTaskMemAlloc
CoGetInterfaceAndReleaseStream

gdi32

SetBkMode
SetTextColor
SetBkColor

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW

shlwapi

PathAddBackslashW
PathIsUNCW
PathCompactPathExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fc8103d647a5e23a6064be1105ca8fa

Headers

File Characteristics

PDB Paths

Imports

msvcrt

atl

kernel32

user32

advapi32

oleaut32

ole32

gdi32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 129KB - Virtual size: 129KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 144KB - Virtual size: 144KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 129KB - Virtual size: 129KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 144KB - Virtual size: 144KB

.reloc
Size: 11KB - Virtual size: 11KB