4163fd4aabb3cdb52ff71c12fff86d25_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4163fd4aabb3cdb52ff71c12fff86d25_JaffaCakes118
Size

313KB
MD5

4163fd4aabb3cdb52ff71c12fff86d25
SHA1

90c8ce95340cd9aa97e8cff55b2ebe28969189a9
SHA256

9b89f37ef51e0707cf3cdec6138b11f9809dcb4f02cba6d2f1de38e798fb2c9f
SHA512

e70230a68c7392ee1e2d545feeae120940c26853abf6b1e009150b46ea5cb35148f6e9ed0dd2eda46d757861cf0509f1cc36771674063ec107e6ef54d035b2ca
SSDEEP

6144:OQvWNC9VB3U/HRc3FSamYamL7VhzLEHHY+h3gqxMfBvWwiiWDtfXQkUk4C:OvCV34HRUSamYamL7Vh3EHHY+h3gqxMw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4163fd4aabb3cdb52ff71c12fff86d25_JaffaCakes118

Files

4163fd4aabb3cdb52ff71c12fff86d25_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

73cbb2848370646245b7b6bde0815e32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Dev\CfxClientServer62\BinDll\release\ChartFX.ClientServer.Data.pdb

Imports

chartfx.clientserver.core

ord3745
ord3380
ord2013
ord1683
ord1146
ord281
ord3338
ord1418
ord3765
ord2033
ord3400
ord774
ord1703
ord2653
ord2383
ord3109
ord4091
ord2960
ord2962
ord4089
ord2905
ord2906
ord2142
ord3478
ord4457
ord2809
ord2816
ord2907
ord2847
ord3043
ord2841
ord2846
ord2959
ord2963
ord822
ord153
ord801
ord15
ord4769
ord5231
ord186
ord5379
ord113
ord156
ord4079
ord861
ord1187
ord4759
ord4989
ord934
ord4747
ord4754
ord4794
ord5246
ord542
ord848
ord905
ord1750
ord1767
ord2682
ord2691
ord4810
ord4102
ord567
ord3558
ord1494
ord2824
ord1826
ord2445
ord396
ord1220
ord4870
ord4636
ord4914
ord1734
ord4573
ord4756
ord840
ord2714
ord2761
ord2766
ord4350
ord1088
ord4111
ord2454
ord3567
ord576
ord1505
ord2833
ord1835
ord1419
ord4916
ord1736
ord4434
ord775
ord2034
ord1704
ord3070
ord2654
ord3766
ord832
ord825
ord834
ord829
ord4181
ord5422
ord3116
ord4777
ord4803
ord393
ord3899
ord1729
ord4779
ord4946
ord4626
ord547
ord912
ord3928
ord807
ord4816
ord5258
ord446
ord3943
ord3166
ord3806
ord1473
ord1787
ord4132
ord4223
ord4090
ord4094
ord4086
ord4087
ord394
ord53
ord2848
ord2957
ord2958
ord3041
ord3042
ord2839
ord2840
ord2844
ord2845
ord1805
ord1801
ord507
ord4874
ord2814
ord5040
ord4784
ord4499
ord4601
ord4555
ord4785
ord4641
ord2159
ord2153
ord2135
ord2136
ord2145
ord2147
ord4736
ord11
ord3445
ord3485
ord4413
ord3173
ord3172
ord4392
ord528

kernel32

GetLastError
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
SetThreadLocale
GetThreadLocale
LockResource
FindResourceExW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrcpyW
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
lstrcmpW
lstrlenW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetOEMCP
ExitProcess

user32

UnregisterClassA
CharNextW

advapi32

RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW

shell32

SHGetFileInfoW

ole32

CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
StringFromCLSID
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
LoadTypeLi
GetErrorInfo
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73cbb2848370646245b7b6bde0815e32

Headers

File Characteristics

PDB Paths

Imports

chartfx.clientserver.core

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 121KB - Virtual size: 121KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 13KB - Virtual size: 16KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 121KB - Virtual size: 121KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 13KB - Virtual size: 16KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 15KB - Virtual size: 15KB