52f1fff7fb07f7cccc2d7111b39e91a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

52f1fff7fb07f7cccc2d7111b39e91a1_JaffaCakes118
Size

251KB
MD5

52f1fff7fb07f7cccc2d7111b39e91a1
SHA1

47fd8095d68e732ac5e8bf08b97130f370a2ab75
SHA256

d713b0fd864be0af7a2a4370500d5a61b5ae5a08279f6d963bce85202aebf293
SHA512

94b0c8085a5082d5c6e1b91d2e5c5bf8b262d11b699a122ccd234a5c4a654ba21646bd53154200a206b4c5b1f8a60b14b25977853e837997726712a239358d59
SSDEEP

3072:5YhDKZmeXYCd/YUV2nQAEa2YTuy0LzgndSIO9Vx6kC5h4mKwl6gkbNLA3x:CDWm/s/rkQFcuhsdSIIbsKmKwl/3x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52f1fff7fb07f7cccc2d7111b39e91a1_JaffaCakes118

Files

52f1fff7fb07f7cccc2d7111b39e91a1_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

9ef5f509326ff0d46c470bedc2442854

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wmpnssci.pdb

Imports

msvcrt

iswdigit
_onexit
_lock
__dllonexit
_unlock
realloc
?terminate@@YAXXZ
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
??3@YAXPAX@Z
_CxxThrowException
_wcslwr
wcsncmp
_wcsnicmp
_errno
calloc
__CxxFrameHandler
_purecall
_wtoi
??2@YAPAXI@Z
memmove
memset
??_U@YAPAXI@Z
memcpy
free
malloc
??_V@YAXPAX@Z
wcstol

ntdll

RtlUnwind

kernel32

GetCurrentThreadId
lstrcpyW
SetLastError
CreateThread
WaitForSingleObject
SetEvent
CloseHandle
WaitForMultipleObjects
CreateEventW
GetProcAddress
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
CompareStringW
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LoadLibraryA
VirtualFree
VirtualAlloc
Sleep
InterlockedCompareExchange
OutputDebugStringA
LocalFree
ResetEvent
OpenEventW
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentProcess
FlushInstructionCache
FindResourceExW
LockResource
GetThreadLocale
SetThreadLocale
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
DisableThreadLibraryCalls
lstrcmpiW
GetLastError
DeleteCriticalSection
SetUnhandledExceptionFilter

user32

EndPaint
BeginPaint
GetSysColor
GetFocus
GetCursorPos
PtInRect
SetCursor
CallWindowProcW
GetDlgCtrlID
SetFocus
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
DrawFocusRect
FillRect
DialogBoxParamW
SetRectEmpty
GetClassNameW
LoadCursorW
wvsprintfW
OffsetRect
ReleaseDC
GetDC
SetWindowPos
IsWindow
GetDlgItem
EnableWindow
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetWindowLongW
CreateWindowExW
SetWindowLongW
SendMessageW
DrawTextW
DrawIconEx
EndDialog
InflateRect
CopyRect
GetParent
CharNextW
DefWindowProcW
UnregisterClassA
CharUpperBuffW
GetActiveWindow
GetSystemMetrics
GetCapture
DestroyIcon
ReleaseCapture
LoadImageW
ScreenToClient

advapi32

TraceMessage
ConvertSidToStringSidW
LookupAccountNameW
RegEnumValueW
GetSecurityInfo
EqualSid
GetAclInformation
GetAce
SetSecurityInfo
InitializeAcl
AddAce
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
CopySid
GetLengthSid
IsValidSid
LookupAccountSidW
ConvertStringSidToSidW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx

oleaut32

RegisterTypeLi
VarUI4FromStr
VariantInit
VariantClear
UnRegisterTypeLi
SysAllocStringLen
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
LoadTypeLi
SysStringLen
SysAllocString
SysFreeString
VariantChangeType

ole32

StringFromGUID2
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
CoTaskMemFree
CoCreateInstance

secur32

GetUserNameExW

comctl32

_TrackMouseEvent

gdi32

CreateFontW
SelectObject
SetBkColor
SetBkMode
SetTextColor
SetMapMode
ExtTextOutW
DeleteObject
GetObjectW
DeleteDC
CreateFontIndirectW
GetStockObject
GetTextMetricsW

shell32

ShellExecuteW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9ef5f509326ff0d46c470bedc2442854

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

advapi32

oleaut32

ole32

secur32

comctl32

gdi32

shell32

Exports

Exports

Sections

.text Size: 110KB - Virtual size: 109KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 8KB - Virtual size: 7KB

.text Size: 108KB - Virtual size: 112KB

.text
Size: 110KB - Virtual size: 109KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 108KB - Virtual size: 112KB