2d032a2e54eaa77c02f7c36a224cb60a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d032a2e54eaa77c02f7c36a224cb60a_JaffaCakes118
Size

303KB
MD5

2d032a2e54eaa77c02f7c36a224cb60a
SHA1

995eda5a769bcaeb06509633c23280285df1ddfd
SHA256

e940eaa9fea99e7401887ead00c590cfba1af611fcfd6afce5bf2fe93193ea37
SHA512

10e0f54fe1052450f741cc16bda7a806349cd92c33406f5364fc13e3ae85dd622ba0d39176ab5a6d5c7970779600da049b50db5d19a713ead6f974641693a740
SSDEEP

6144:isonbC09IA787KwECeZYYlnRO1ymyDX4TJhpqCwsCf:i5IADwEhZLlJDqGeCf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d032a2e54eaa77c02f7c36a224cb60a_JaffaCakes118

Files

2d032a2e54eaa77c02f7c36a224cb60a_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

3c41dc8074c81157e765b2e5e0185c61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

s:\common\CtxMgr\Release\hpqcxs08.pdb

Imports

shlwapi

SHDeleteKeyA

shfolder

SHGetFolderPathW

kernel32

FormatMessageA
GetVersion
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetPrivateProfileSectionNamesA
FindClose
FindNextFileA
DeleteFileA
ReleaseMutex
FindFirstFileA
CreateMutexA
ReadFile
LocalReAlloc
LocalSize
LocalUnlock
LocalLock
lstrcpynA
LoadLibraryA
GetWindowsDirectoryW
CreateDirectoryA
GetFileAttributesA
GetShortPathNameA
RemoveDirectoryA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
OutputDebugStringA
InterlockedCompareExchange
GetSystemDirectoryW
GetThreadLocale
SetThreadLocale
SetEvent
LoadLibraryExA
FreeLibrary
IsDBCSLeadByte
CreateEventA
CreateThread
GetModuleHandleA
GetModuleHandleW
GetProcAddress
WaitForSingleObject
CloseHandle
Sleep
lstrcmpiA
FindResourceExA
GetComputerNameA
GlobalAddAtomA
GetLastError
LocalAlloc
GetPrivateProfileStringA
GetPrivateProfileIntA
LocalFree
WritePrivateProfileStringA
SetLastError
GetModuleFileNameA
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalGetAtomNameA
GetSystemTimeAsFileTime
GetCurrentThreadId
MultiByteToWideChar
GetCurrentProcess
FlushInstructionCache
FindResourceA
LoadResource
CreateFileA
SetFilePointer
WriteFile
lstrcpyA
GetTickCount
HeapFree
MulDiv
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
SetErrorMode

user32

ReleaseDC
GetWindow
GetClassNameA
GetWindowTextLengthA
SetWindowLongA
IsWindow
GetClassInfoExA
LoadCursorA
DestroyWindow
DefWindowProcA
RegisterClassExA
CreateWindowExA
GetWindowLongA
CallWindowProcA
RegisterWindowMessageA
PostMessageA
UnregisterClassA
CharNextA
CharNextW
DispatchMessageA
TranslateMessage
GetMessageA
PostThreadMessageA
LoadStringA
MessageBoxA
wsprintfA
EnableWindow
IsWindowEnabled
GetDlgItem
SetRect
GetSystemMetrics
SystemParametersInfoA
SetWindowPos
GetParent
GetWindowRect
GetDC
PeekMessageA
PostQuitMessage
MsgWaitForMultipleObjects
ShowWindow
IsIconic
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
RegisterClassA
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemCount
SetWindowTextA
GetWindowTextA

gdi32

GetObjectA
SelectObject
GetTextMetricsA
GetDeviceCaps
CreateFontIndirectA
GetStockObject

advapi32

GetSecurityDescriptorControl
GetSidSubAuthority
CopySid
IsValidSid
GetLengthSid
SetNamedSecurityInfoA
InitializeAcl
AddAce
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetSidLengthRequired
RegEnumKeyA
RegEnumValueA
GetAce
GetAclInformation
GetNamedSecurityInfoA
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
SetServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
QueryServiceStatus
ControlService
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegEnumKeyExA
CreateServiceA
DeleteService
RegisterServiceCtrlHandlerA
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
InitializeSid

ole32

CoCreateInstance
CLSIDFromString
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoInitialize
CoUninitialize
CoInitializeSecurity
GetRunningObjectTable
MkParseDisplayName
CreateBindCtx
ProgIDFromCLSID
CoGetInstanceFromFile
CreateFileMoniker

oleaut32

CreateErrorInfo
SetErrorInfo
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
VariantInit
VariantCopy
LoadTypeLi
SysStringLen
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VarBstrCmp
SysAllocStringLen
VarBstrCat
SysFreeString
GetErrorInfo

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr90

__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
_except_handler4_common
isxdigit
iswctype
toupper
_chdrive
_chdir
_getcwd
isdigit
_mbschr
atoi
wcscpy_s
_beginthreadex
wcslen
_wtoi
_purecall
vsprintf_s
_vscprintf
_vsnprintf_s
puts
wcscmp
strcat_s
wcsncpy_s
_mbsicmp
_mbsstr
strcpy_s
memmove_s
strlen
_ltoa_s
_mbsnbcpy_s
_invalid_parameter_noinfo
memcmp
_resetstkoflw
malloc
_itoa_s
??_V@YAXPAX@Z
_wcsicmp
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
sprintf_s
memcpy_s
_CxxThrowException
free
??3@YAXPAX@Z
_recalloc
calloc
wcschr
memset
atol

Exports

Exports

?COMWndProc@@YGJPAUHWND__@@IIJ@Z
DllCanUnloadNow
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c41dc8074c81157e765b2e5e0185c61

Headers

File Characteristics

PDB Paths

Imports

shlwapi

shfolder

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 145KB - Virtual size: 144KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 72KB - Virtual size: 74KB

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 145KB - Virtual size: 144KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 72KB - Virtual size: 74KB

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 13KB - Virtual size: 13KB