0fcf8d3e4ff4799e1377d1d1702f4e76_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0fcf8d3e4ff4799e1377d1d1702f4e76_JaffaCakes118
Size

556KB
MD5

0fcf8d3e4ff4799e1377d1d1702f4e76
SHA1

493f2084edeec95c0e0d5dc1cea1b2a567471c40
SHA256

1c3f06b78f25f0889f17dc1e047c5f804e357aad8bc0620bc0f843e0d1d02f14
SHA512

1ea6f78ac870cdc5f58016f9e1fa560c8a58de23d85025c407e9a2ebfd2cc57957716493db6010f5d2c31d7932279c255b5094199b73193fa88f0c5739de81a5
SSDEEP

12288:NwGILUeHnwHCoZQ+D9aYWuzz555sIM55sIM55/s:uA3Wuzz+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fcf8d3e4ff4799e1377d1d1702f4e76_JaffaCakes118

Files

0fcf8d3e4ff4799e1377d1d1702f4e76_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c954225fa59552239b10d3720edc8af4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\.Depot\Current\Client\FireFoxMC\Release\mcff.pdb

Imports

kernel32

CompareFileTime
GetFileTime
LocalFree
GetComputerNameW
SetEvent
CreateEventW
ResetEvent
CopyFileW
GetProcAddress
LoadLibraryW
SetEnvironmentVariableW
GetEnvironmentVariableW
GlobalFree
GlobalReAlloc
GlobalUnlock
ReadFile
GlobalLock
GlobalAlloc
GetFileSize
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject
InterlockedExchangeAdd
Sleep
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
GetTimeZoneInformation
lstrcpyW
OpenProcess
SetFileAttributesW
CreateProcessW
GetTickCount
FileTimeToDosDateTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetLocalTime
SetFilePointer
GetFileInformationByHandle
WriteFile
lstrlenA
IsBadReadPtr
CreateSemaphoreW
GetProcessHeap
lstrcpynW
GetCurrentProcess
DuplicateHandle
CreateFileA
CreateFileMappingW
lstrcpyA
ProcessIdToSessionId
GetCurrentProcessId
OpenFileMappingW
GetComputerNameExW
FindNextFileA
FindFirstFileA
lstrcpynA
GetTempFileNameW
GetTempPathW
GetFileAttributesExW
TerminateThread
CreateMutexA
GetCurrentThreadId
CreateDirectoryW
GlobalSize
GetSystemTime
SetFileTime
GetSystemTimeAsFileTime
WaitForMultipleObjects
SetThreadPriority
GetExitCodeThread
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
LoadLibraryA
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
HeapAlloc
GetACP
GetSystemDefaultLangID
HeapFree
FindResourceExW
LockResource
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleW
CreateFileW
CloseHandle
DeleteFileW
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
FindClose
lstrcatW
GetVersionExW
lstrlenW
GetLastError
RaiseException
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateMutexW
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetModuleFileNameA
GetStdHandle
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
InterlockedExchange

user32

GetWindowThreadProcessId
CharLowerW
CharLowerBuffW
DispatchMessageW
MsgWaitForMultipleObjects
UnregisterClassA
PeekMessageW
CharNextW
LoadStringW
wsprintfW
GetParent
GetDesktopWindow
IsWindow
TranslateMessage

advapi32

CryptDeriveKey
LookupAccountSidW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumKeyW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
ConvertSidToStringSidW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

shell32

SHGetFolderPathW

ole32

CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoInitializeEx
CoRevokeClassObject
CoRegisterPSClsid
CoRegisterClassObject
GetHGlobalFromStream
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysStringLen
SysFreeString
VarBstrFromI4
LoadTypeLi
UnRegisterTypeLi
GetErrorInfo
VarUI4FromStr
LoadRegTypeLi
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarI4FromStr
SetErrorInfo
RegisterTypeLi
SysAllocStringLen
CreateErrorInfo
VariantInit
VarBstrCmp
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayRedim
VarBstrCat
VariantChangeType
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SystemTimeToVariantTime
SafeArrayCreateVector

shlwapi

PathFindFileNameW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathMatchSpecW
SHCreateStreamOnFileW
PathStripPathW
PathSkipRootW
PathIsDirectoryW
PathSkipRootA
PathMatchSpecA
PathAppendA
PathIsDirectoryA
PathRemoveFileSpecA
PathFindFileNameA

wtsapi32

WTSCloseServer
WTSOpenServerW
WTSQuerySessionInformationW
WTSFreeMemory

netapi32

NetApiBufferFree
NetWkstaUserEnum

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

Exports

Exports

DisableDLP
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EnableDLP
GetCurrentGroupID
GetDLPState
GetFireFoxMonitorState
GetLastUpdatedTimeStamp
GetScreenCaptureMonitorState

Sections

.text
Size: 400KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FFSHARE
Size: 4KB - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c954225fa59552239b10d3720edc8af4

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

netapi32

rpcrt4

version

psapi

Exports

Exports

Sections

.text Size: 400KB - Virtual size: 397KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 16KB - Virtual size: 20KB

.FFSHARE Size: 4KB - Virtual size: 536B

.SHARSTA Size: 4KB - Virtual size: 52B

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 400KB - Virtual size: 397KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 16KB - Virtual size: 20KB

.FFSHARE
Size: 4KB - Virtual size: 536B

.SHARSTA
Size: 4KB - Virtual size: 52B

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 20KB - Virtual size: 18KB