9df97808362f701e24a8bd48fe643922_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9df97808362f701e24a8bd48fe643922_JaffaCakes118
Size

1.4MB
MD5

9df97808362f701e24a8bd48fe643922
SHA1

7b44e8dbb5a67e1ef68f2606a21bcf6c3d2b1624
SHA256

dd906b59d30ea2011038399a4c3d63cd6dde81eb1cf340af7c2499ec851d5388
SHA512

e3b27b20cdf7b1ddc99dccf2625d3f7cf236df47c5d43ab3f478d7e97a184573e922653224b9de32c87f3b32861fce198422895518ede78e8ea56d6bd6ce1900
SSDEEP

24576:0jzhvQnxGdYO4A8uXdLrkhXIcBjts0Tl19B3jZFEMFjG2QAk6I4eplKh/H2s6OwP:0jzhvQn0y5AtLIhXIcBDTf9Jj3rR+61a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9df97808362f701e24a8bd48fe643922_JaffaCakes118

Files

9df97808362f701e24a8bd48fe643922_JaffaCakes118
.dll windows:5 windows x64 arch:x64

2fed9092bb8766ac2efdce376ff727ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\build\ob\bora-3214119\bora-vmsoft\build\release-x64\install\InstUtil\tools\toolsinstutil.pdb

Imports

msi

ord118
ord17
ord145
ord158
ord32
ord47
ord171
ord74
ord103
ord160
ord159
ord8
ord121
ord204
ord110
ord120
ord64
ord143
ord117
ord116
ord50
ord49
ord31
ord125

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

AddAccessAllowedAce
SetSecurityDescriptorControl
GetNamedSecurityInfoW
EqualSid
GetSecurityDescriptorControl
GetExplicitEntriesFromAclW
GetTokenInformation
RegEnumKeyExW
RegUnLoadKeyW
RegLoadKeyW
GetUserNameW
RegEnumValueW
RegQueryInfoKeyW
OpenServiceW
DeleteService
EnumDependentServicesA
ControlService
StartServiceA
QueryServiceStatus
RegCloseKey
RegSetValueExA
RegOpenKeyExA
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExA
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExA
CreateProcessAsUserW
CloseServiceHandle
ChangeServiceConfig2A
OpenServiceA
OpenSCManagerA
AccessCheck
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
OpenThreadToken
MapGenericMask
GetFileSecurityW
RevertToSelf
ImpersonateSelf
RegDeleteKeyW
ChangeServiceConfigW
CreateServiceW
QueryServiceLockStatusA
LockServiceDatabase
UnlockServiceDatabase
ChangeServiceConfigA
QueryServiceConfigA

shell32

SHGetFolderPathW
Shell_NotifyIconA
SHChangeNotify

winspool.drv

ClosePrinter
OpenPrinterW
DeletePrinter

ws2_32

WSCDeinstallProvider32
WSCInstallProvider64_32
WSCDeinstallProvider

setupapi

SetupDiClassGuidsFromNameA
SetupCloseInfFile
SetupGetLineTextA
SetupOpenInfFileW
SetupDiSetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
SetupCopyOEMInfW
SetupOpenInfFileA
SetupGetInfFileListA
SetupDiGetDriverInfoDetailW
SetupDiEnumDriverInfoW
SetupDiGetDriverInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiDeleteDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoW
SetupDiOpenDeviceInfoW
SetupDiGetClassDevsW
SetupGetLineTextW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDriverInfoList
SetupDiSetSelectedDevice
SetupDiGetSelectedDriverW
SetupDiSetClassInstallParamsW
CM_Get_Device_IDW
CM_Get_Parent
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
CM_Reenumerate_DevNode
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
CM_Get_DevNode_Status
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
CM_Add_IDW
SetupDiSetDriverInstallParamsW
CM_Locate_DevNodeW
SetupQueryInfOriginalFileInformationW
SetupGetInfInformationW

userenv

GetProfilesDirectoryW
DestroyEnvironmentBlock
CreateEnvironmentBlock

newdev

UpdateDriverForPlugAndPlayDevicesW

shlwapi

SHDeleteEmptyKeyW
StrCmpW

user32

MessageBoxW
SendMessageA
GetWindowThreadProcessId
FindWindowA
wsprintfW
FindWindowW
RegisterWindowMessageW
GetDesktopWindow
SetForegroundWindow
FindWindowExW
BroadcastSystemMessageA
GetWindowInfo
SendMessageW
keybd_event
SetFocus
SetActiveWindow
AttachThreadInput
GetParent
IsWindow
EnumThreadWindows
LoadStringW
LoadStringA
GetWindowTextA

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

kernel32

GetUserDefaultLCID
HeapSize
EnumSystemLocalesA
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
GetLocaleInfoW
GetCurrentDirectoryA
IsValidLocale
TlsFree
TlsSetValue
GetExitCodeThread
OpenThread
GetSystemDirectoryW
GetStringTypeA
IsValidCodePage
GetOEMCP
HeapDestroy
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
SetHandleCount
FlsAlloc
FlsFree
FlsGetValue
TlsAlloc
DecodePointer
EncodePointer
CompareStringW
CompareStringA
GetStringTypeW
LCMapStringW
LCMapStringA
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetConsoleMode
GetConsoleCP
HeapReAlloc
SetStdHandle
PeekNamedPipe
FileTimeToLocalFileTime
ExitProcess
GetCPInfo
RtlPcToFileHeader
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwindEx
RtlLookupFunctionEntry
GetCommandLineA
FlsSetValue
RaiseException
GetLocaleInfoA
InitializeCriticalSection
GetACP
MultiByteToWideChar
GetStdHandle
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
lstrcmpiA
WideCharToMultiByte
GetDriveTypeA
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
GetComputerNameExW
GetFullPathNameW
GetModuleFileNameW
LoadLibraryA
WriteConsoleW
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DosDateTimeToFileTime
GetVersionExW
SetEvent
CreateEventA
CreateThread
GetCurrentThreadId
GetEnvironmentVariableW
GetProcessHeap
HeapAlloc
HeapFree
FileTimeToSystemTime
GetModuleHandleA
GetLastError
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
GetCurrentProcess
TlsGetValue
GetSystemWow64DirectoryW
MoveFileExW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
CopyFileW
GetTempFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
ProcessIdToSessionId
GetCurrentProcessId
OpenProcess
FindClose
FindNextFileW
GetModuleHandleW
GetVersionExA
DeviceIoControl
CreateFileW
WaitForSingleObject
SizeofResource
FindResourceA
GetSystemWow64DirectoryA
Sleep
TerminateProcess
MoveFileW
SetFileAttributesA
GetFileAttributesA
GetSystemDirectoryA
SetCurrentDirectoryA
GetTempFileNameA
GetTempPathA
OutputDebugStringA
GetCurrentThread
SetLastError
SetFilePointer
WriteFile
ReadFile
SetEndOfFile
FlushFileBuffers
GetFileInformationByHandle
DuplicateHandle
FindFirstFileW
CreateDirectoryW
RemoveDirectoryW
GetFileType
GetFileAttributesExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
GetVolumeInformationW
LocalAlloc
LoadLibraryExW
GetExitCodeProcess
FormatMessageW
CreateProcessW
GetSystemInfo

wintrust

WinVerifyTrust

Exports

Exports

VMCheckReboot
VMCheckRequirements
VMCleanLegacyTools
VMCleanOldPerUserMSITools
VMClearUninstallProps
VMConfigRunRegistry
VMCopyInstallVMWSU
VMCopyVGAuthConf
VMDeleteFiles
VMDisableUSBSelectiveSuspendPwrSettings
VMDisplayVSSRqdSvcsWarning
VMEnableUSBSelectiveSuspendPwrSettings
VMEtcHostsCleanup
VMHandleFeatureNameChanges
VMInitializeVGAuthConf
VMInstallAudioDriver
VMInstallBuslogicDriver
VMInstallHgfsDriver
VMInstallLsiDriver
VMInstallPS2MouseDriver
VMInstallPVSCSIDriver
VMInstallThinPrint
VMInstallUSBMouseDriver
VMInstallVMCIDriver
VMInstallVMToolsService
VMInstallVMXNet3Driver
VMInstallVMXNetDriver
VMInstallVideoDriver
VMInstallVmLocationDriver
VMInstallVmscsiPlugDriver
VMInstallVmwVaudioDriver
VMInstallVmwVaudioInDriver
VMLegacyOrMinorUpgradeMigrateToolsConf
VMLogEnd
VMLogStart
VMMinorUpgradeMigrateHGFS
VMMofCompile
VMPassUninstallProps
VMPredictInstallSessionReboot
VMRemoveVMDesched
VMReportExpectedTicks
VMResetIconCache
VMResetOldProductFeatureStates
VMRollbackRunRegistry
VMRun
VMScheduleRebootPrompt
VMServiceConfigRestart
VMSetDiskTimeOut
VMSetPerfSettings
VMSetToolsUninstalled
VMStartStopServices
VMStartVMToolsService
VMStartVMwareProcesses
VMStopVMToolsService
VMStopVMwareProcesses
VMStopVMwareProcesses2kXp
VMUninstallAudioDriver
VMUninstallBuslogicDriver
VMUninstallGHIRestoreGuestHandlers
VMUninstallHgfsDriver
VMUninstallLegacySyncDriver
VMUninstallOldHgfsDriver
VMUninstallPS2MouseDriver
VMUninstallPVSCSIDriver
VMUninstallPerUserHgfsSharedFolders
VMUninstallThinPrint
VMUninstallUSBMouseDriver
VMUninstallVMCIDriver
VMUninstallVMToolsService
VMUninstallVMXNet3Driver
VMUninstallVMXNetDriver
VMUninstallVideoDriver
VMUninstallVmLocationDriver
VMUninstallVmscsiPlugDriver
VMUninstallVmwVaudioDriver
VMUninstallVmwVaudioInDriver
VMUnmountImageCancel
VMUnmountImageFailure
VMUnmountImageSuccess
VMUpdateManifestFile
VMVerifyCertHint

Sections

.text
Size: 932KB - Virtual size: 931KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fed9092bb8766ac2efdce376ff727ff

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

version

advapi32

shell32

winspool.drv

ws2_32

setupapi

userenv

newdev

shlwapi

user32

ole32

kernel32

wintrust

Exports

Exports

Sections

.text Size: 932KB - Virtual size: 931KB

.rdata Size: 346KB - Virtual size: 346KB

.data Size: 82KB - Virtual size: 103KB

.pdata Size: 62KB - Virtual size: 61KB

.rsrc Size: 45KB - Virtual size: 44KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 932KB - Virtual size: 931KB

.rdata
Size: 346KB - Virtual size: 346KB

.data
Size: 82KB - Virtual size: 103KB

.pdata
Size: 62KB - Virtual size: 61KB

.rsrc
Size: 45KB - Virtual size: 44KB

.reloc
Size: 11KB - Virtual size: 11KB