53ddffe12c16e94ebe894b5937c3ec89_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

53ddffe12c16e94ebe894b5937c3ec89_JaffaCakes118
Size

1.0MB
MD5

53ddffe12c16e94ebe894b5937c3ec89
SHA1

a19403841fc32c9b696e3a355f02f3f402d0e290
SHA256

aef1c00c819ad816df32573ed64bb8ed3e210e09818eeb682d29a1703de09359
SHA512

d75ce453bc4ae25e4f80838793dde9bf1b68f9c3d15846b83e5a38277e06b9acf01dbcd8faa81f415b7f71a755616f36e6a42cd1670e4ddb45084c26f440bf61
SSDEEP

1536:P1miSx4ftVPg4IN4IZfRWaQC9Uux20nJIiUt2lh3iT//h7BJPTU0eBb4A00piFr1:P9SWvPg9N4IZfgOT20nJIPtC5Y7fRbT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53ddffe12c16e94ebe894b5937c3ec89_JaffaCakes118

Files

53ddffe12c16e94ebe894b5937c3ec89_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

97c745bad511daf9c4d08fa79c73efa4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocaleInfoA
GetThreadLocale
GetVersionExA
WideCharToMultiByte
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
CreateMutexA
GetModuleFileNameA
CreateFileA
WriteFile
GetFileSize
CreateFileMappingA
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
lstrcpyA
RaiseException
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GetLastError
GetLocalTime
SystemTimeToFileTime
GetTempPathA
GetACP
GlobalAlloc
GlobalFree
lstrlenW
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcatA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
InterlockedExchange
OpenFileMappingA
OpenEventA
CloseHandle
OpenMutexA
ResetEvent
SetEvent
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
WaitForSingleObject
LocalFree
MultiByteToWideChar
HeapDestroy
GetPrivateProfileStringA

user32

LoadStringA
CharNextA

advapi32

RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyA

shell32

SHGetFileInfoA

ole32

CoCreateInstance
StringFromGUID2
CreateStreamOnHGlobal
StringFromCLSID
CoTaskMemFree

oleaut32

VarUI4FromStr
SysAllocString
VariantChangeType
SysStringLen
SysFreeString
LoadRegTypeLi
LoadTypeLi
VariantInit
VariantClear
DispCallFunc
VariantCopy
RegisterTypeLi
UnRegisterTypeLi

shlwapi

PathAppendA
SHDeleteKeyA
PathFindExtensionA

msvcp71

?_Nomemory@std@@YAXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

msvcr71

_resetstkoflw
_onexit
__dllonexit
_callnewh
memset
_except_handler3
_CxxThrowException
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
__CxxFrameHandler
wcsncpy
_purecall
??_V@YAXPAX@Z
free
vswprintf
_vscwprintf
__security_error_handler
__CppXcptFilter
_adjust_fdiv
_initterm
?terminate@@YAXXZ
??3@YAXPAX@Z
malloc
atoi
_mbsnbcpy
sprintf
memchr
_mbsinc
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
memmove
_mbsicmp
realloc
_mbschr
_atoi64
mbstowcs
wcslen
wcscpy
wcsstr
_mbslwr
_mbscmp
_mbsstr
_mbsrchr
??1type_info@@UAE@XZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1003KB - Virtual size: 1002KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97c745bad511daf9c4d08fa79c73efa4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1003KB - Virtual size: 1002KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1003KB - Virtual size: 1002KB

.reloc
Size: 9KB - Virtual size: 9KB