3b29a07810e7f9fe77cb11258183963a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b29a07810e7f9fe77cb11258183963a_JaffaCakes118
Size

626KB
MD5

3b29a07810e7f9fe77cb11258183963a
SHA1

5c2002e3aacb05cb5c872cb9e54147683d5fc9dc
SHA256

e35a7e0859c6458812b4a12abc1edb5a7edb9edc1d7c5176905755c8a3a04f24
SHA512

209d4071af9c23f1c810494ed103150a74a5699fa38f3937d4e3d3eab716aaf34fdc1e5b09c1acc5753bbde3b83ccaf2ed558f393d001c87bfffd6a3e95cd250
SSDEEP

12288:ZaWH/oSbfJXnA8P5f8bXYCjHiYcNuo2Sx+SA:ZaWHwSbhXnJP5f8bXYzNB3x+3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b29a07810e7f9fe77cb11258183963a_JaffaCakes118

Files

3b29a07810e7f9fe77cb11258183963a_JaffaCakes118
.dll windows:6 windows x86 arch:x86

888b07711749348d7e7c4ceedffe1678

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

XPSSHHDR.pdb

Imports

msvcrt

_unlock
?terminate@@YAXXZ
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
abort
_fsopen
__crtLCMapStringW
__crtGetStringTypeW
isupper
__crtLCMapStringA
__mb_cur_max
__pctype_func
setlocale
___lc_handle_func
___lc_codepage_func
_callnewh
__dllonexit
__badioinfo
??1bad_cast@@UAE@XZ
_isatty
__CxxFrameHandler
wcstombs
fclose
fsetpos
fseek
fgetpos
fwrite
_lock
_onexit
??1type_info@@UAE@XZ
realloc
__uncaught_exception
memcpy
memmove
isdigit
isspace
isleadbyte
_iob
_snprintf
_itoa
free
malloc
fgetc
ungetc
___mb_cur_max_func
setvbuf
fflush
ungetwc
fputwc
fgetwc
mbstowcs
strcspn
_CxxThrowException
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
__pioinfo
_strtoi64
_strtoui64
_wcsnicmp
wcsncmp
_vsnwprintf
toupper
_wasctime
gmtime
time
tolower
islower
isalnum
_fileno
_lseeki64
_errno
_write
wctomb
_purecall
memchr
localeconv
memset
??0exception@@QAE@ABQBD@Z

user32

GetSysColor
UnregisterClassA
CharNextW
LoadStringW

rpcrt4

UuidFromStringW
UuidToStringW
RpcStringFreeW

oleaut32

SysAllocStringLen
GetErrorInfo
SysAllocString
SysStringLen
SetErrorInfo
VarUI4FromStr
SysFreeString

ole32

CreateStreamOnHGlobal
PropVariantClear
PropVariantCopy
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid

kernel32

FileTimeToSystemTime
SystemTimeToFileTime
LocalFree
TlsFree
SetLastError
TlsGetValue
TlsSetValue
TlsAlloc
QueryPerformanceFrequency
FormatMessageW
GetFullPathNameW
ReplaceFileW
CreateFileW
DuplicateHandle
DeleteFileW
CloseHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
Sleep
WideCharToMultiByte
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
QueryPerformanceCounter
GetTickCount
lstrcmpiW
GetLastError
InitializeCriticalSection
RaiseException
lstrlenW
InterlockedExchange
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

gdiplus

GdipCloneBrush
GdipDrawImageRect
GdipFillRectangleI
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipGetImageRawFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDeleteGraphics
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage

advapi32

GetUserNameW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegDeleteKeyW

xpssvcs

CreateStreamSenderOnFileHandle
CreateStreamReceiverOnFileHandle
CreateContainerProducer
DDLogHelper
CreateContainerConsumer

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

888b07711749348d7e7c4ceedffe1678

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

rpcrt4

oleaut32

ole32

kernel32

gdiplus

advapi32

xpssvcs

version

Exports

Exports

Sections

.text Size: 500KB - Virtual size: 500KB

.data Size: 66KB - Virtual size: 68KB

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 31KB - Virtual size: 30KB

.text
Size: 500KB - Virtual size: 500KB

.data
Size: 66KB - Virtual size: 68KB

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 31KB - Virtual size: 30KB