JaffaCakes118_01a2063c679a332a0423095e402a6040

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_01a2063c679a332a0423095e402a6040
Size

1.4MB
MD5

01a2063c679a332a0423095e402a6040
SHA1

c1f2bc24f5e71b54bd103f2210bb7ca1bf923d3e
SHA256

03717cab343d5f85fcebd7a1460c5c29b07ab7564bfc0bdcd7db4b6a64464247
SHA512

35aabc3b5fc9b2681d1577cd88470556377adc9c856749846ea851f5124a5bcf8086dfa62dc8b794c641916a62674214a297a47a8e6eb8f6fb9236bd47f318fa
SSDEEP

24576:ny4KEYSSEJoZcpdZjb72f8VDviIZ33bI/bnvzmIdp:vKEYk7iM3oDzm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_01a2063c679a332a0423095e402a6040

Files

JaffaCakes118_01a2063c679a332a0423095e402a6040
.dll regsvr32 windows:6 windows x86 arch:x86

7f9d296247639ae21c9d5eb556ee8f13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wmvsdecd.noobfus.warbird.pdb

Imports

msvcrt

wctomb
_itoa
_snprintf
_iob
isleadbyte
_onexit
_lock
__dllonexit
_unlock
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
??3@YAXPAX@Z
_vsnwprintf
fopen
fflush
fprintf
abort
fclose
printf
??2@YAPAXI@Z
fwprintf
asctime
localtime
_CIsqrt
_wfopen
time
_beginthreadex
floor
_ftol
_errno
_purecall
memcpy
memset
puts
perror

mfplat

MFHeapAlloc
MFHeapFree

user32

IsRectEmpty

kernel32

VirtualAlloc
VirtualFree
VirtualProtect
DelayLoadFailureHook
SetThreadAffinityMask
GetProcessAffinityMask
GetSystemInfo
LocalAlloc
SetEvent
LoadLibraryW
GetCurrentThread
GetThreadPriority
SetThreadPriority
InterlockedExchangeAdd
SignalObjectAndWait
GetSystemPowerStatus
LocalFree
ResetEvent
CreateEventW
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
GetProcAddress
LoadLibraryA
DeleteCriticalSection
QueryPerformanceCounter
InitializeCriticalSection
FreeLibrary
InterlockedCompareExchange
InterlockedIncrement
GetModuleFileNameA
InterlockedExchange
Sleep
OutputDebugStringA
RtlUnwind
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
GetModuleHandleW
GetVersionExA
DeviceIoControl
FreeEnvironmentStringsA
FreeEnvironmentStringsW
lstrlenA
lstrlenW
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
GetVersion
GetComputerNameA
GetEnvironmentVariableW
QueryPerformanceFrequency
GetVersionExW
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
WaitForMultipleObjects
CreateThread
ExitProcess
InitializeCriticalSectionAndSpinCount
GetLastError
SetLastError

ole32

CoTaskMemAlloc
CoTaskMemFree

advapi32

GetTraceLoggerHandle
RegCreateKeyW
RegSetValueExA
RegSetValueA
RegQueryValueExW
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
RegOpenKeyW
UnregisterTraceGuids
RegCreateKeyExA
RegQueryValueExA
RegCreateKeyExW
TraceEvent
RegCloseKey
RegSetValueExW
RegOpenKeyExW

msdmo

DMOUnregister
DMORegister
MoFreeMediaType
MoCopyMediaType
MoInitMediaType

ws2_32

ntohl
htonl

Exports

Exports

CreateInstance
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.no_bbt
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7f9d296247639ae21c9d5eb556ee8f13

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

mfplat

user32

kernel32

ole32

advapi32

msdmo

ws2_32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.no_bbt Size: 512B - Virtual size: 376B

RT_CODE Size: 4KB - Virtual size: 4KB

.data Size: 139KB - Virtual size: 138KB

RT_DATA Size: 512B - Virtual size: 296B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 15KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.no_bbt
Size: 512B - Virtual size: 376B

RT_CODE
Size: 4KB - Virtual size: 4KB

.data
Size: 139KB - Virtual size: 138KB

RT_DATA
Size: 512B - Virtual size: 296B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB

.rmnet
Size: 56KB - Virtual size: 60KB