3b468931d3f8a843b64ccd733d2b66b0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b468931d3f8a843b64ccd733d2b66b0_JaffaCakes118
Size

599KB
MD5

3b468931d3f8a843b64ccd733d2b66b0
SHA1

3c857026c1da7150115b8876120fdcdb72348fa6
SHA256

d589f5753a08a3c4a78ac85b956f164badb9412439ff35728ae3ece07451e408
SHA512

29835d6e024a2a161528817502892afb463a1bb9cd84b7d3e0994ebaf2fb7c989731b78f84830b81d57da38fb1c3932739be275f5d248c03f76eadc851b904b2
SSDEEP

12288:XzYoGcphF1/8rgapsyNjimwEw11IfzwD1IJ2zd8Ya:kchF1/8rgqsyNjijEw11IfI1IJG2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b468931d3f8a843b64ccd733d2b66b0_JaffaCakes118

Files

3b468931d3f8a843b64ccd733d2b66b0_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

a46931712764c82e68e10bd426083f98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ieapfltr.pdb

Imports

msvcrt

_resetstkoflw
calloc
_purecall
_errno
_gcvt
_strlwr
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
iswalpha
iswprint
iswalnum
_vsnwprintf
iswascii
iswdigit
iswxdigit
iswlower
wcstol
iswcntrl
rand
srand
time
wcschr
_wcsicmp
strncmp
_wtoi
_snwprintf
_ui64toa
_msize
_i64toa
_ultoa
_fpclass
iswspace
wcstod
wcsncmp
_HUGE
_wcstoi64
_wcstoui64
_callnewh
_XcptFilter
_initterm
_amsg_exit
_adjust_fdiv
_unlock
__dllonexit
wcsncpy
_lock
_onexit
realloc
memcpy
memmove
??1type_info@@UAE@XZ
malloc
free
memset
_CIexp

kernel32

HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LoadLibraryA
SetFileAttributesW
CreateDirectoryW
CreateFileMappingW
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetFileSize
GetVersionExW
GetStringTypeW
FindResourceExW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
FreeLibrary
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RaiseException
lstrlenW
GetModuleFileNameW
FindResourceW
SizeofResource
LoadResource
GetLastError
CloseHandle
CreateEventW
SetEvent
GetVersionExA
InterlockedExchange
WideCharToMultiByte
HeapSize
lstrlenA
GetEnvironmentVariableW
Sleep
InterlockedCompareExchange
OutputDebugStringA
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedExchangeAdd
GetSystemInfo
FileTimeToSystemTime
GetLocalTime
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
LocalFree
LocalAlloc
SetLastError
GetSystemDirectoryW
QueueUserWorkItem
ReleaseMutex
OpenMutexW
CreateMutexW
CreateFileW
VirtualProtect
LockResource
GetProcAddress
LCMapStringW
GetProcessHeap

ole32

CoInitializeEx
CoUninitialize
CoWaitForMultipleHandles
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromCLSID

oleaut32

SafeArrayUnlock
SafeArrayCreateVector
SysFreeString
VarUI4FromStr
SysStringLen
SysAllocString
VariantClear
VariantInit
SafeArrayCreate
SafeArrayDestroy
SafeArrayLock
SysAllocStringLen

user32

UnregisterClassA
CharNextW

advapi32

RegDeleteKeyW
RegOpenKeyW
RegCreateKeyW
ConvertSidToStringSidW
RegQueryValueExW
IsValidSid
MakeAbsoluteSD
SetSecurityDescriptorDacl
LookupAccountNameW
CopySid
SetSecurityDescriptorSacl
GetLengthSid
MakeSelfRelativeSD
AddAce
InitializeAcl
GetSecurityDescriptorLength
GetAce
ConvertStringSidToSidW
InitializeSecurityDescriptor
GetAclInformation
AddAccessAllowedAceEx
TraceMessage
TraceEvent
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle

shlwapi

ord15
UrlApplySchemeW
UrlEscapeW
UrlCanonicalizeW
UrlGetPartW
PathAppendW
UrlCombineW

rpcrt4

MesHandleFree
MesDecodeBufferHandleCreate

ws2_32

freeaddrinfo
WSAGetLastError
getaddrinfo
WSAStartup
WSACleanup
inet_ntoa

shell32

SHGetFolderPathW

secur32

GetUserNameExW

dnsapi

DnsQuery_W
DnsFree

crypt32

CryptUnprotectData
CryptProtectData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a46931712764c82e68e10bd426083f98

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

ole32

oleaut32

user32

advapi32

shlwapi

rpcrt4

ws2_32

shell32

secur32

dnsapi

crypt32

Exports

Exports

Sections

.text Size: 412KB - Virtual size: 411KB

.data Size: 165KB - Virtual size: 165KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 412KB - Virtual size: 411KB

.data
Size: 165KB - Virtual size: 165KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB