f644de0f72073d67f413f3885cd32cb6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f644de0f72073d67f413f3885cd32cb6_JaffaCakes118
Size

308KB
MD5

f644de0f72073d67f413f3885cd32cb6
SHA1

004ee414a86a3b22b5168b11a022aa550afe697c
SHA256

12604a5bd0cdaba1c5a1bb4c9dea35b2df5be6ea4ef699d517fe50bdcabf0c86
SHA512

0680fb714f1ae063a8e9ba0d7261d102199d1a9a9c698a9d4265dd37aad3881045d61e0be9d6354c372718a7eb8096d8dfe6f23b56a7b2296755cdc2680dc830
SSDEEP

6144:hReuUYI/CiWDTpwhcAOL3+K9E0HEw5Yc/pEsnPqq1:hReuUYWCNDTpwzOz9i0HRYcvqm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f644de0f72073d67f413f3885cd32cb6_JaffaCakes118

Files

f644de0f72073d67f413f3885cd32cb6_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

f145e287031dfbdbda8c13c0f213a48e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sqlxmlx.pdb

Imports

msvcrt

localeconv
_snwprintf
wcsrchr
_wcsicmp
wcstol
_CxxThrowException
_wtol
__CxxFrameHandler
free
_initterm
wcsncmp
swprintf
_itow
_i64tow
strncpy
_snprintf
wcscpy
wcscmp
_purecall
wcsncpy
_wcsnicmp
iswspace
wcschr
_ltow
wcslen
malloc
_adjust_fdiv
__dllonexit
_onexit
?terminate@@YAXXZ
_except_handler3
wcsspn
towlower
memmove

kernel32

LoadLibraryA
GetProcAddress
GetVersionExA
LoadLibraryExA
GetModuleFileNameA
CloseHandle
FreeLibrary
LocalFree
GetUserDefaultLCID
InterlockedDecrement
InterlockedIncrement
CompareFileTime
CreateFileA
GetFileTime
GetFileType
CreateFileW
IsBadCodePtr
GetCurrentProcessId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetFullPathNameW
GetCurrentThreadId
GetTickCount
IsDBCSLeadByteEx
GetLastError
WideCharToMultiByte
GetCPInfo
GetVersion
MultiByteToWideChar
FormatMessageA
SetLastError
LocalAlloc
FormatMessageW
QueryPerformanceCounter

user32

LoadStringA
LoadStringW

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

ole32

CoTaskMemFree
CoGetMalloc
CoCreateInstance
CoGetClassObject

oleaut32

VariantInit
CreateErrorInfo
SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantClear
GetErrorInfo
SetErrorInfo
SysFreeString
SysAllocStringLen

shlwapi

UrlIsW

msdart

mpMalloc
mpFree
?WriteUnlock@CSmallSpinLock@@QAEXXZ
?WriteLock@CSmallSpinLock@@QAEXXZ
MpHeapAlloc
MpHeapReAlloc
?CreateHolder@@YGJPAUIGPDispenser@@HIPAPAUIGPHolder@@@Z
?WriteLock@CReaderWriterLock2@@QAEXXZ
mpRealloc
FXMemDetach
FXMemAttach
MpGetHeapHandle
??1CSmallSpinLock@@QAE@XZ

msdatl3

??1CClassFactory@@QAE@XZ
??0CClassFactory@@QAE@PAJ0@Z
?QueryInterface@CClassFactory@@UAGJABU_GUID@@PAPAX@Z
?AddRef@CClassFactory@@UAGKXZ
?Release@CClassFactory@@UAGKXZ
?LockServer@CClassFactory@@UAGJH@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
ExecuteToStream

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f145e287031dfbdbda8c13c0f213a48e

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msdart

msdatl3

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 178KB

.data Size: 12KB - Virtual size: 8KB

.rsrc Size: 100KB - Virtual size: 98KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 180KB - Virtual size: 178KB

.data
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 100KB - Virtual size: 98KB

.reloc
Size: 12KB - Virtual size: 8KB