07aeb27373db8c37812484347a3b22a9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07aeb27373db8c37812484347a3b22a9_JaffaCakes118
Size

632KB
MD5

07aeb27373db8c37812484347a3b22a9
SHA1

a4f48126d9aa88424a71244c79ec9c8dbfde0030
SHA256

e526a6a632f63ad853742e8670f58b55db9409396290e1dd0e2a6180c36bd0f5
SHA512

0a5bf6e4310a6b72a7602eaecc8ee4a00897d883a5d9774f09668d5feed924e47313a801c8b5efcd1d155822017376369e1385e98824557f0a0febcd770c203f
SSDEEP

12288:YAHFdnmxS6fKwam1o6fi6YlYRPmHhRcdx5RHYS9:Ysn76fKlQ6YRPGncdx5Rr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07aeb27373db8c37812484347a3b22a9_JaffaCakes118

Files

07aeb27373db8c37812484347a3b22a9_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8573d613cd04d7ce1e6df2ea44385f5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\.Depot\Current\Client\OutlookMonitor\Release\mco.pdb

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
ExpandEnvironmentStringsW
DisableThreadLibraryCalls
lstrcmpiW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetProcAddress
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
GetHandleInformation
SetEndOfFile
WriteFile
SetFilePointer
GetFileAttributesExW
FlushInstructionCache
GetComputerNameW
HeapFree
GetProcessHeap
IsBadCodePtr
lstrcpynW
ReadFile
HeapAlloc
CreateEventA
lstrcatA
LoadLibraryW
SetLastError
OpenProcess
GetCurrentThread
MoveFileExW
FlushFileBuffers
SetFileAttributesW
GetExitCodeThread
GetTempFileNameW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetSystemDirectoryW
ResumeThread
IsValidCodePage
HeapSize
HeapReAlloc
FileTimeToSystemTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CreateMutexA
lstrcpynA
lstrlenA
ProcessIdToSessionId
LocalAlloc
GlobalSize
GetSystemTime
CreateSemaphoreW
EnterCriticalSection
GetSystemTimeAsFileTime
ReleaseSemaphore
InterlockedExchangeAdd
UnmapViewOfFile
MapViewOfFile
GetVersionExW
GetTimeZoneInformation
CreateProcessW
FileTimeToDosDateTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetLocalTime
GetFileInformationByHandle
IsBadReadPtr
GlobalReAlloc
CreateFileA
CreateFileMappingW
lstrcpyA
OpenFileMappingW
GetComputerNameExW
GetFileAttributesW
FindNextFileA
FindFirstFileA
CopyFileW
RemoveDirectoryW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetFullPathNameA
GetDriveTypeA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetOEMCP
GetModuleFileNameA
RaiseException
lstrcatW
FindFirstChangeNotificationW
FindFirstFileW
Sleep
CreateFileW
GetFileSize
GetACP
FindNextFileW
FindClose
FindNextChangeNotification
FindCloseChangeNotification
GetModuleFileNameW
MultiByteToWideChar
DeleteCriticalSection
WideCharToMultiByte
CreateEventW
SetThreadPriority
DuplicateHandle
WaitForMultipleObjects
ResetEvent
SetEvent
SizeofResource
TerminateThread
InterlockedDecrement
CreateMutexW
GetTempPathW
DeleteFileW
lstrcpyW
lstrlenW
MoveFileW
CreateDirectoryW
GetLastError
InterlockedIncrement
GetCurrentThreadId
GetTickCount
GetCurrentProcess
CloseHandle
LocalFree
ReleaseMutex
WaitForSingleObject
FindResourceExW
FindResourceW
LoadResource
LockResource
SetFileTime
GetStdHandle
FatalAppExitA
HeapCreate
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameW
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetDriveTypeW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
InterlockedExchange
HeapDestroy
GetVersionExA

user32

CharLowerW
MsgWaitForMultipleObjects
UnregisterClassA
wsprintfW
GetParent
FindWindowExW
PostMessageW
IsWindow
CharNextW
GetWindowThreadProcessId
SetWindowLongW
SetTimer
KillTimer
GetClassInfoExW
LoadCursorW
DestroyWindow
SendMessageW
RegisterWindowMessageW
DefWindowProcW
RegisterClassExW
CreateWindowExW
DispatchMessageW
TranslateMessage
SendMessageTimeoutW
GetWindowLongW
CharLowerBuffW
MessageBoxW
GetDesktopWindow
CallWindowProcW
PeekMessageW

advapi32

RegOpenKeyW
LookupAccountSidW
CryptDeriveKey
CryptDecrypt
CryptEncrypt
GetSidSubAuthorityCount
GetSidSubAuthority
InitiateSystemShutdownExW
CryptDestroyKey
GetTokenInformation
IsValidSid
DuplicateTokenEx
SetTokenInformation
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegGetKeySecurity
RegSetKeySecurity
LookupAccountNameW
ConvertSidToStringSidW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
ConvertStringSidToSidW
SetNamedSecurityInfoW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

SHGetFolderPathW

ole32

StringFromGUID2
WriteClassStg
StgCreateStorageEx
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoRevokeClassObject
StringFromCLSID
CoRegisterPSClsid
CoRegisterClassObject
StgOpenStorage
StgIsStorageFile
StgOpenStorageOnILockBytes
StgIsStorageILockBytes
CreateILockBytesOnHGlobal
GetHGlobalFromStream
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocString
SafeArrayCreate
SysAllocStringLen
VarBstrFromI4
SysAllocStringByteLen
SysStringByteLen
VariantClear
VarUI4FromStr
VarI4FromStr
SafeArrayPutElement
SafeArrayGetElement
VariantChangeType
VarBstrCmp
VarBstrCat
SafeArrayRedim
SafeArrayDestroy
SystemTimeToVariantTime
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
VariantInit
CreateErrorInfo

shlwapi

PathFileExistsW
PathRemoveFileSpecA
PathAppendW
PathIsDirectoryA
PathFindFileNameA
PathAppendA
PathMatchSpecA
PathSkipRootA
PathIsDirectoryW
PathRemoveFileSpecW
PathFindFileNameW
PathMatchSpecW
SHCreateStreamOnFileW
PathSkipRootW
PathStripPathW

mapi32

ord21
ord59
ord196
ord17
ord15
ord13
ord198
ord197
ord135
ord23

wtsapi32

WTSOpenServerW
WTSFreeMemory
WTSQuerySessionInformationW
WTSCloseServer

netapi32

NetApiBufferFree
NetWkstaUserEnum

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

Exports

Exports

DisableDLP
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EnableDLP
ExchEntryPoint

Sections

.text
Size: 464KB - Virtual size: 462KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GBL
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8573d613cd04d7ce1e6df2ea44385f5b

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

mapi32

wtsapi32

netapi32

rpcrt4

psapi

Exports

Exports

Sections

.text Size: 464KB - Virtual size: 462KB

.rdata Size: 84KB - Virtual size: 80KB

.data Size: 16KB - Virtual size: 22KB

.GBL Size: 4KB - Virtual size: 36B

.SHARSTA Size: 4KB - Virtual size: 52B

.rsrc Size: 28KB - Virtual size: 24KB

.reloc Size: 24KB - Virtual size: 22KB

.text
Size: 464KB - Virtual size: 462KB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 16KB - Virtual size: 22KB

.GBL
Size: 4KB - Virtual size: 36B

.SHARSTA
Size: 4KB - Virtual size: 52B

.rsrc
Size: 28KB - Virtual size: 24KB

.reloc
Size: 24KB - Virtual size: 22KB