0211c9af6d77df5b8b764b7a8165ad45_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0211c9af6d77df5b8b764b7a8165ad45_JaffaCakes118
Size

302KB
MD5

0211c9af6d77df5b8b764b7a8165ad45
SHA1

54cd16f5ceb6b6d0c60c8cf9cdcf4cd9d7d903c6
SHA256

d99ac41d420be15494bdfeb623569099cb5d5a74c060742442d5199b19c43c22
SHA512

33ca0008a7305ffc7c437c5aa339fe4492003e2b7efe71cb69fac629d05fdf3bb6c2ec4f3ab99e308b050804e835c012f1769f9331b8351caaa5ff74134d3e64
SSDEEP

6144:mNOr2mknpWDFv1XMD+/mA28WJHAzQeKLk:mNZyDFv1Xm+/mAvQeKLk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0211c9af6d77df5b8b764b7a8165ad45_JaffaCakes118

Files

0211c9af6d77df5b8b764b7a8165ad45_JaffaCakes118
.dll windows:6 windows x86 arch:x86

b2c65641567da7afdef02b2371caa789

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wevtfwd.pdb

Imports

msvcrt

__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
??0exception@@QAE@XZ
_purecall
ferror
wctomb
_CxxThrowException
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
_vsnwprintf
memchr
wcschr
wcstoul
strcspn
_wcstoi64
_wcstoui64
_ultow
bsearch
__pctype_func
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
setlocale
__crtGetStringTypeW
__crtLCMapStringW
abort
__uncaught_exception
iswspace
_wcsicmp
memset
_wcsnicmp
__CxxFrameHandler
_errno
_itoa
_snprintf
_iob
localeconv
isleadbyte
__mb_cur_max
mbtowc
memmove
memcpy
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
??0exception@@QAE@ABV0@@Z

ntdll

RtlUnwind

kernel32

MultiByteToWideChar
WideCharToMultiByte
FileTimeToSystemTime
ExpandEnvironmentStringsW
LoadLibraryExW
FreeLibrary
FormatMessageW
DuplicateHandle
GetThreadLocale
CreateThread
GetComputerNameW
GetSystemTime
LocalFree
GetSystemDefaultLCID
OutputDebugStringW
WaitForSingleObject
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
InitializeCriticalSection
DebugBreak
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
HeapFree
GetProcessHeap
HeapAlloc
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
CloseHandle
GetCurrentThread
DeleteCriticalSection
LeaveCriticalSection
GetLastError
UnregisterWaitEx
Sleep
GetTickCount
SetThreadPriority
GetThreadPriority
WaitForMultipleObjects
CreateEventW
SetEvent
InterlockedExchange
RegisterWaitForSingleObject
InterlockedCompareExchange
OutputDebugStringA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId

advapi32

UnregisterTraceGuids
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
SetThreadToken
OpenThreadToken
RegEnumKeyExW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegQueryValueExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegEnumValueW
NotifyChangeEventLog
GetLengthSid
IsValidSid
ConvertSidToStringSidW
ReadEventLogW
OpenEventLogW
CloseEventLog
RegCloseKey
RegOpenKeyExW
TraceMessage

wsmsvc

WSManConstructError
WSManDeliverEvent
WSManDeliverEndSubscriptionNotification
WSManEnumeratorAddEvent
WSManClosePublisherHandle
WSManEncodeObject
WSManAddSubscriptionManagerInternal
WSManRemoveSubscriptionManagerInternal
WSManCloseObjectHandle
WSManDecodeObject

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

userenv

UnregisterGPNotification
RegisterGPNotification

Exports

Exports

WSManPluginShutdown
WSManPluginStartup
WSManProvPullEvents
WSManProvSubscribe
WSManProvUnsubscribe

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2c65641567da7afdef02b2371caa789

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

wsmsvc

oleaut32

ole32

rpcrt4

userenv

Exports

Exports

Sections

.text Size: 150KB - Virtual size: 149KB

.data Size: 133KB - Virtual size: 133KB

.rsrc Size: 8KB - Virtual size: 12KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 150KB - Virtual size: 149KB

.data
Size: 133KB - Virtual size: 133KB

.rsrc
Size: 8KB - Virtual size: 12KB

.reloc
Size: 9KB - Virtual size: 9KB