9757558b5818767c2109a8b9da9f191c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9757558b5818767c2109a8b9da9f191c_JaffaCakes118
Size

1.0MB
MD5

9757558b5818767c2109a8b9da9f191c
SHA1

43f6815ba659ee2eb5a0b2515e2027ac5874ae78
SHA256

0782a96e1a65db3915a27c083b210088690b95926120901f0bf78f8311ed550d
SHA512

698cd407975ee30b5a6731dafd3e16f1a8a598059ad2a6c97fada407be471a81b9bae3515f62dc288b96f822e637173f5ff4c9e2599af7906f295258c4a9974f
SSDEEP

24576:RtOZUyNomnopNT+I4qyJz62lEcLIv0eb5EUwCtD:RgZOVp88yJONZvT9EUwCtD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9757558b5818767c2109a8b9da9f191c_JaffaCakes118

Files

9757558b5818767c2109a8b9da9f191c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

37bd2b2475d374da238bf48d91883524

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build\ob\bora-4448221\bora-vmsoft\build\release\install\InstUtil\tools\toolsinstutil.pdb

Imports

msi

ord118
ord17
ord125
ord145
ord32
ord47
ord204
ord110
ord120
ord158
ord74
ord103
ord117
ord8
ord121
ord143
ord49
ord31
ord159
ord160
ord116
ord50
ord64
ord171

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

advapi32

AddAccessAllowedAce
SetSecurityDescriptorControl
GetNamedSecurityInfoW
EqualSid
GetSecurityDescriptorControl
GetExplicitEntriesFromAclW
GetTokenInformation
RegEnumKeyExW
RegUnLoadKeyW
RegLoadKeyW
GetUserNameW
RegEnumValueW
RegQueryInfoKeyW
OpenServiceW
DeleteService
EnumDependentServicesA
ControlService
StartServiceA
QueryServiceStatus
RegCloseKey
RegSetValueExA
RegOpenKeyExA
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExA
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExA
CreateProcessAsUserW
CloseServiceHandle
ChangeServiceConfig2A
OpenServiceA
OpenSCManagerA
AccessCheck
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
OpenThreadToken
MapGenericMask
GetFileSecurityW
RevertToSelf
ImpersonateSelf
RegDeleteKeyW
ChangeServiceConfigW
CreateServiceW
QueryServiceLockStatusA
LockServiceDatabase
UnlockServiceDatabase
ChangeServiceConfigA
QueryServiceConfigA

shell32

SHChangeNotify
SHGetFolderPathW
Shell_NotifyIconA

winspool.drv

DeletePrinter
OpenPrinterW
ClosePrinter

ws2_32

WSCDeinstallProvider
WSCInstallProvider

setupapi

SetupDiClassGuidsFromNameA
SetupCloseInfFile
SetupGetLineTextA
SetupOpenInfFileW
SetupDiSetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
SetupCopyOEMInfW
SetupOpenInfFileA
SetupGetInfFileListA
SetupDiGetDriverInfoDetailW
SetupDiEnumDriverInfoW
SetupDiGetDriverInstallParamsW
SetupDiGetDeviceInstallParamsW
CM_Add_IDW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoW
SetupDiOpenDeviceInfoW
SetupDiGetClassDevsW
SetupGetLineTextW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDriverInfoList
SetupDiSetSelectedDevice
SetupDiSetClassInstallParamsW
CM_Get_Device_IDW
CM_Get_Parent
SetupDiGetSelectedDriverW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
CM_Reenumerate_DevNode
SetupDiGetClassDevsA
SetupDiOpenDevRegKey
CM_Get_DevNode_Status
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupDiDeleteDeviceInfo
SetupDiSetDriverInstallParamsW
CM_Locate_DevNodeW
SetupQueryInfOriginalFileInformationW
SetupGetInfInformationW

userenv

CreateEnvironmentBlock
GetProfilesDirectoryW
DestroyEnvironmentBlock

newdev

UpdateDriverForPlugAndPlayDevicesW

shlwapi

SHDeleteEmptyKeyW
StrCmpW

user32

MessageBoxW
SendMessageA
GetWindowThreadProcessId
FindWindowA
wsprintfW
FindWindowW
RegisterWindowMessageW
GetDesktopWindow
SetForegroundWindow
FindWindowExW
BroadcastSystemMessageA
GetWindowInfo
SendMessageW
keybd_event
SetFocus
SetActiveWindow
AttachThreadInput
GetParent
IsWindow
EnumThreadWindows
LoadStringW
LoadStringA
GetWindowTextA

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

kernel32

SetEnvironmentVariableA
GetLocaleInfoW
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
HeapSize
GetConsoleOutputCP
WriteConsoleA
GetCurrentDirectoryA
GetStringTypeA
GetExitCodeThread
CreateToolhelp32Snapshot
GetOEMCP
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CompareStringW
CompareStringA
GetStringTypeW
LCMapStringW
LCMapStringA
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
HeapReAlloc
SetStdHandle
PeekNamedPipe
FileTimeToLocalFileTime
ExitProcess
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetCommandLineA
RaiseException
InterlockedExchange
GetLocaleInfoA
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
InitializeCriticalSection
GetACP
MultiByteToWideChar
GetStdHandle
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
lstrcmpiA
WideCharToMultiByte
GetDriveTypeA
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
GetComputerNameExW
GetFullPathNameW
GetModuleFileNameW
LoadLibraryA
WriteConsoleW
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DosDateTimeToFileTime
GetVersionExW
SetEvent
CreateEventA
CreateThread
GetCurrentThreadId
GetEnvironmentVariableW
GetProcessHeap
HeapAlloc
HeapFree
FileTimeToSystemTime
GetSystemInfo
GetModuleHandleA
GetLastError
CloseHandle
Process32NextW
Process32FirstW
OpenThread
LocalFree
GetCurrentProcess
GetSystemDirectoryW
MoveFileExW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
CopyFileW
GetTempFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
ProcessIdToSessionId
GetCurrentProcessId
OpenProcess
FindClose
FindNextFileW
GetModuleHandleW
GetVersionExA
DeviceIoControl
CreateFileW
WaitForSingleObject
SizeofResource
FindResourceA
Sleep
TerminateProcess
MoveFileW
SetFileAttributesA
GetFileAttributesA
GetSystemDirectoryA
SetCurrentDirectoryA
GetTempFileNameA
GetTempPathA
OutputDebugStringA
GetCurrentThread
SetLastError
SetFilePointer
WriteFile
ReadFile
SetEndOfFile
FlushFileBuffers
GetFileInformationByHandle
DuplicateHandle
FindFirstFileW
CreateDirectoryW
RemoveDirectoryW
GetFileType
GetFileAttributesExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
GetVolumeInformationW
LocalAlloc
LoadLibraryExW
GetExitCodeProcess
FormatMessageW
CreateProcessW

wintrust

WinVerifyTrust

Exports

Exports

VMCheckReboot
VMCheckRequirements
VMCleanLegacyTools
VMCleanOldPerUserMSITools
VMClearUninstallProps
VMConfigRunRegistry
VMCopyInstallVMWSU
VMCopyVGAuthConf
VMDeleteFiles
VMDisableUSBSelectiveSuspendPwrSettings
VMDisplayVSSRqdSvcsWarning
VMEnableUSBSelectiveSuspendPwrSettings
VMEtcHostsCleanup
VMHandleFeatureNameChanges
VMInitializeVGAuthConf
VMInstallAudioDriver
VMInstallBuslogicDriver
VMInstallHgfsDriver
VMInstallLsiDriver
VMInstallPS2MouseDriver
VMInstallPVSCSIDriver
VMInstallThinPrint
VMInstallUSBMouseDriver
VMInstallVMCIDriver
VMInstallVMToolsService
VMInstallVMXNet3Driver
VMInstallVMXNetDriver
VMInstallVideoDriver
VMInstallVmLocationDriver
VMInstallVmscsiPlugDriver
VMInstallVmwVaudioDriver
VMInstallVmwVaudioInDriver
VMLegacyOrMinorUpgradeMigrateToolsConf
VMLogEnd
VMLogStart
VMMinorUpgradeMigrateHGFS
VMMofCompile
VMPassUninstallProps
VMPredictInstallSessionReboot
VMRemoveVMDesched
VMReportExpectedTicks
VMResetIconCache
VMResetOldProductFeatureStates
VMRollbackRunRegistry
VMRun
VMScheduleRebootPrompt
VMServiceConfigRestart
VMSetDiskTimeOut
VMSetPerfSettings
VMSetToolsUninstalled
VMStartStopServices
VMStartVMToolsService
VMStartVMwareProcesses
VMStopVMToolsService
VMStopVMwareProcesses
VMStopVMwareProcesses2kXp
VMUninstallAudioDriver
VMUninstallBuslogicDriver
VMUninstallGHIRestoreGuestHandlers
VMUninstallHgfsDriver
VMUninstallLegacySyncDriver
VMUninstallOldHgfsDriver
VMUninstallPS2MouseDriver
VMUninstallPVSCSIDriver
VMUninstallPerUserHgfsSharedFolders
VMUninstallThinPrint
VMUninstallUSBMouseDriver
VMUninstallVMCIDriver
VMUninstallVMToolsService
VMUninstallVMXNet3Driver
VMUninstallVMXNetDriver
VMUninstallVideoDriver
VMUninstallVmLocationDriver
VMUninstallVmscsiPlugDriver
VMUninstallVmwVaudioDriver
VMUninstallVmwVaudioInDriver
VMUnmountImageCancel
VMUnmountImageFailure
VMUnmountImageSuccess
VMUpdateManifestFile
VMVerifyCertHint

Sections

.text
Size: 674KB - Virtual size: 674KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37bd2b2475d374da238bf48d91883524

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

version

advapi32

shell32

winspool.drv

ws2_32

setupapi

userenv

newdev

shlwapi

user32

ole32

kernel32

wintrust

Exports

Exports

Sections

.text Size: 674KB - Virtual size: 674KB

.rdata Size: 236KB - Virtual size: 236KB

.data Size: 47KB - Virtual size: 65KB

.rsrc Size: 45KB - Virtual size: 44KB

.reloc Size: 52KB - Virtual size: 52KB

.text
Size: 674KB - Virtual size: 674KB

.rdata
Size: 236KB - Virtual size: 236KB

.data
Size: 47KB - Virtual size: 65KB

.rsrc
Size: 45KB - Virtual size: 44KB

.reloc
Size: 52KB - Virtual size: 52KB