081d7932fdfd1c6e2f03e54d6801d834_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

081d7932fdfd1c6e2f03e54d6801d834_JaffaCakes118
Size

512KB
MD5

081d7932fdfd1c6e2f03e54d6801d834
SHA1

ca129e5770b645c32f4d87a47769bbf202d533df
SHA256

6634d71af54b5e057e60c5af2cc72dd6f18787ad0874588f65ca78509f854a68
SHA512

224c3c95f815036efeb3e7ce430d344eb530348d0fb1d7e0dfb4a74b5ba3b1dcd3ae86361d1baea6366974d4111de8a6894dbd996f1baabcf471b3fd9165f4e1
SSDEEP

12288:eUtj4Nsg0cqjvpUl2VONS8Y4QsMPC2z2:eUtESg0coRnVOo8Y4QsUZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
081d7932fdfd1c6e2f03e54d6801d834_JaffaCakes118

Files

081d7932fdfd1c6e2f03e54d6801d834_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

3fd4ca55a09a08751d0d665a24df2c46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

\\cpvsbuild\drops\v7.0evewin\raw\3052\vsbuilt\bbt\bin\i386\complus\diasymreader.pdb

Imports

mscoree

GetCORVersion

kernel32

SetFileAttributesW
GetFileAttributesW
CopyFileW
SetFileAttributesA
CopyFileA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
VirtualAlloc
VirtualFree
DeviceIoControl
GetFileType
CreateFileMappingW
LCMapStringW
UnmapViewOfFile
GetDriveTypeW
GetDriveTypeA
CreateFileA
SetEndOfFile
SetFilePointer
MapViewOfFileEx
CreateFileMappingA
FlushViewOfFile
GetFileSize
GetSystemInfo
MapViewOfFile
InitializeCriticalSection
RaiseException
GetModuleFileNameA
GetFileAttributesA
lstrlenA
GetProcAddress
GetTickCount
GetCurrentProcessId
MultiByteToWideChar
SetLastError
CreateFileW
WriteFile
CloseHandle
GetLastError
FormatMessageW
LoadLibraryA
lstrlenW
FreeLibrary
DisableThreadLibraryCalls
WideCharToMultiByte
GetCurrentThreadId
LocalAlloc
InterlockedDecrement
InterlockedIncrement
Sleep
LocalFree
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime

user32

PostThreadMessageA

advapi32

RegSetValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegCloseKey
RegDeleteKeyA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegQueryValueExW

ole32

StringFromGUID2

msvcr71

time
_adjust_fdiv
_initterm
strncmp
wcstol
_wfopen
_snwprintf
__unDName
wcsncmp
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__security_error_handler
??3@YAXPAX@Z
??_V@YAXPAX@Z
wcsncpy
wcslen
??_U@YAPAXI@Z
??2@YAPAXI@Z
__CxxFrameHandler
qsort
_purecall
wcscmp
_wmakepath
_wsplitpath
wcscat
wcscpy
wcsncat
swprintf
_wcsdup
free
_wgetenv
towlower
wcstombs
fclose
fprintf
fopen
getenv
_CxxThrowException
_stricmp
malloc
_splitpath
strrchr
strncpy
_mbsnbcpy
fflush
_iob
strchr
wcsrchr
_osver
fread
fseek
sprintf
_wcsnicmp
ftell
_mbsicmp
_wcsicmp
printf
_fullpath
_access
bsearch
strstr
_fsopen
_wfsopen
_sopen
_wsopen
_wfullpath
_except_handler3
memmove
_read
_write
_lseeki64
_chsize
_close
_get_osfhandle
_open_osfhandle
_winminor
_winmajor
_itoa
_mbscmp
_memicmp
strncat
wprintf
__CppXcptFilter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetClassObjectInternal
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 468KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fd4ca55a09a08751d0d665a24df2c46

Headers

File Characteristics

PDB Paths

Imports

mscoree

kernel32

user32

advapi32

ole32

msvcr71

Exports

Exports

Sections

.text Size: 468KB - Virtual size: 464KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 960B

.reloc Size: 28KB - Virtual size: 26KB

.text
Size: 468KB - Virtual size: 464KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 960B

.reloc
Size: 28KB - Virtual size: 26KB