17ada80e23fa32c16cc85b9eecf1a341_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17ada80e23fa32c16cc85b9eecf1a341_JaffaCakes118
Size

1.3MB
MD5

17ada80e23fa32c16cc85b9eecf1a341
SHA1

810e37fa24c780c6c4a32975d174f9470203f88f
SHA256

98f158a7f97b0ec962f078c4429bba15a38450b0ddf50d6ae44407d2d5f4408a
SHA512

052b62b2590674861177d82f7dcd29ef1b5f4c21fdcbaea59e2a6fb214a05b4063663ca36379cc8f35646574fb0897c8264b66fc0f6a682edaa6b813dbf95b54
SSDEEP

24576:hl9lgN8LMvJIvPKc4ZF6w8XDm+MRqRfsR:hl99omPKcsFGuqRf8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17ada80e23fa32c16cc85b9eecf1a341_JaffaCakes118

Files

17ada80e23fa32c16cc85b9eecf1a341_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

9b51abea5532ce20f4d8c02e9a00f7f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

comsvcs.pdb

Imports

user32

PeekMessageW
CloseDesktop
OpenDesktopW
KillTimer
MsgWaitForMultipleObjects
SetTimer
SetThreadDesktop
CharPrevW
DialogBoxParamW
EndDialog
SetDlgItemTextW
CloseWindowStation
GetProcessWindowStation
OpenWindowStationW
SetProcessWindowStation
GetDesktopWindow
GetWindowRect
GetClientRect
MapWindowPoints
SetWindowPos
wsprintfA
GetThreadDesktop
TranslateMessage
DispatchMessageW
wsprintfW
MessageBoxW
LoadStringW
CharNextW

kernel32

DuplicateHandle
InterlockedExchange
SetThreadPriority
InterlockedExchangeAdd
OpenEventW
DeleteTimerQueueTimer
CreateTimerQueueTimer
LocalAlloc
PulseEvent
WideCharToMultiByte
lstrcpyA
QueryPerformanceFrequency
GetThreadPriority
GetComputerNameW
InitializeCriticalSectionAndSpinCount
ReleaseMutex
MoveFileW
GetLocalTime
QueueUserWorkItem
CreateMutexW
GetComputerNameExW
FindFirstFileW
GlobalLock
GlobalAlloc
GlobalFree
GlobalMemoryStatusEx
GetSystemWindowsDirectoryW
GetDiskFreeSpaceExW
GetVolumeInformationW
DeviceIoControl
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
CreateActCtxW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
FindNextFileW
FindClose
RemoveDirectoryW
GetVersionExW
GetSystemInfo
GetFileAttributesW
GetTempPathW
GetTempFileNameW
DeleteFileW
CreateDirectoryW
WriteFile
MoveFileExW
VirtualAlloc
GetFileSize
ReadFile
VirtualFree
lstrcmpW
CreateProcessW
IsBadWritePtr
Sleep
CreateThread
SetEvent
TerminateThread
WaitForSingleObject
OutputDebugStringA
LoadLibraryA
ResetEvent
CreateIoCompletionPort
IsDebuggerPresent
GetThreadLocale
VirtualQueryEx
GetModuleFileNameA
lstrcatA
lstrcmpA
CreateEventA
CreateSemaphoreA
GetVersionExA
GetModuleHandleA
GetWindowsDirectoryW
GetThreadContext
GetExitCodeProcess
SetFileAttributesW
LockResource
FreeLibraryAndExitThread
ReleaseSemaphore
CreateSemaphoreW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetSystemDirectoryW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrlenA
TlsAlloc
DisableThreadLibraryCalls
TlsFree
GetModuleHandleW
GetShortPathNameW
ExpandEnvironmentStringsW
GetProcAddress
OpenProcess
CreateFileW
ExitProcess
CloseHandle
FreeLibrary
WaitForMultipleObjects
GetCurrentThread
TlsGetValue
TlsSetValue
DebugBreak
CreateEventW
LoadLibraryW
GetModuleFileNameW
lstrcatW
HeapDestroy
lstrcpynW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
lstrlenW
MultiByteToWideChar
GetLastError
InterlockedCompareExchange
PostQueuedCompletionStatus
OutputDebugStringW
SetFilePointer
FormatMessageW
GetQueuedCompletionStatus
LocalFree
GlobalUnlock

ole32

CoReactivateObject
CoDisconnectObject
CoGetDefaultContext
StringFromIID
StringFromGUID2
CoGetCallContext
CLSIDFromProgID
ProgIDFromCLSID
CoFreeUnusedLibraries
CLSIDFromString
CoInitializeEx
CoUninitialize
CoGetApartmentID
CoWaitForMultipleHandles
CoGetCurrentLogicalThreadId
CoMarshalInterface
CoCreateGuid
CoDeactivateObject
CoCreateInstance
CoGetObjectContext
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
OleSaveToStream
OleLoadFromStream
WriteClassStm
ReadClassStm
GetHGlobalFromStream
CreateStreamOnHGlobal
CreateGenericComposite
CreateAntiMoniker
MonikerCommonPrefixWith
MonikerRelativePathTo
MkParseDisplayName
CoRevertToSelf
CreateBindCtx
CoGetClassObject
CoGetInterceptor
CoImpersonateClient
CoSetProxyBlanket
CoCreateInstanceEx
CoGetMarshalSizeMax
CoUnmarshalInterface
IIDFromString
StringFromCLSID
CoReleaseMarshalData
CoGetObject

oleaut32

BSTR_UserUnmarshal
BSTR_UserFree
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
CreateErrorInfo
SetErrorInfo
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
VariantCopy
SysAllocStringLen
BSTR_UserMarshal
SafeArrayCreateVector
SafeArrayAccessData
VariantInit
SafeArrayUnaccessData
SafeArrayDestroy
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
GetErrorInfo
BSTR_UserSize
SafeArrayCreate
VariantClear

advapi32

LsaQueryInformationPolicy
IsValidSecurityDescriptor
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
GetLengthSid
LsaOpenPolicy
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetSecurityDescriptorControl
TraceEvent
UnregisterTraceGuids
StopTraceW
OpenTraceW
CopySid
LsaFreeMemory
LsaClose
OpenProcessToken
GetTokenInformation
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumKeyW
RegEnumKeyExW
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
GetEffectiveRightsFromAclW
GetAclInformation
GetSecurityDescriptorDacl
BuildTrusteeWithSidW
LookupAccountSidW
RevertToSelf
ImpersonateSelf
OpenThreadToken
AccessCheck
SetThreadToken
CloseServiceHandle
ControlService
OpenServiceW
OpenSCManagerW
FreeSid
SetKernelObjectSecurity
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
AllocateAndInitializeSid
InitializeSecurityDescriptor
ProcessTrace
RegOpenKeyW
GetTraceLoggerHandle
StartTraceW
ControlTraceW
QueryTraceW
CloseTrace
SetTraceCallback
EnableTrace
RegisterTraceGuidsW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
LookupAccountNameW
GetAce
AddAce
AddAccessAllowedAceEx
DeleteAce
EqualSid
IsValidSid
CreateProcessAsUserW
DuplicateTokenEx
GetSecurityDescriptorLength

rpcrt4

UuidToStringA
RpcStringFreeA
UuidFromStringW
I_RpcTurnOnEEInfoPropagation
UuidCreateSequential
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrStubCall2
NdrStubForwardingFunction
UuidCreate
MesHandleFree
MesEncodeDynBufferHandleCreate
MesDecodeBufferHandleCreate
NdrMesTypeEncode2
NdrMesTypeDecode2
RpcStringFreeW
UuidToStringW

netapi32

NetUserModalsGet
NetApiBufferFree

msvcrt

__dllonexit
_onexit
_wcsupr
?terminate@@YAXXZ
_wsplitpath
vswprintf
wcstok
_beginthreadex
_adjust_fdiv
_initterm
_wcsicmp
iswalpha
_local_unwind2
wcsstr
memmove
_ftol
_beginthread
wcscmp
mbstowcs
wcstombs
wcscpy
wcsrchr
wcslen
wcsncpy
_wcsdup
swprintf
_except_handler3
wcschr
_wtoi
__CxxFrameHandler
realloc
free
malloc
_ltow
??1type_info@@UAE@XZ
_vsnprintf
_CIexp
_wstrdate
_wstrtime
_waccess
_vsnwprintf
_CxxThrowException
wcscat
time
_snwprintf

ntdll

NtQuerySystemInformation
RtlExtendedLargeIntegerDivide
RtlDelete
RtlSplay
RtlInitializeCriticalSectionAndSpinCount
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlLargeIntegerDivide

mtxclu

MtxCluIsClusterPresent

colbact

PartitionAccessCheck
GetClassInfoForCurrentUser
GetDefaultPartitionForSid

clbcatq

GetGlobalBabyJITEnabled
GetComputerObject
CheckMemoryGates

comres

COMResModuleInstance

version

VerQueryValueW

ws2_32

inet_ntoa
gethostbyname
gethostname
WSACleanup
WSAStartup

Exports

Exports

CoCreateActivity
CoCreateStdTrustable
CoEnterServiceDomain
CoLeaveServiceDomain
CoLoadServices
CoVerifyTrust
ComSvcsExceptionFilter
ComSvcsLogError
CosGetCallContext
DispManGetContext
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetMTAThreadPoolMetrics
GetObjectContext
GetTrkSvrObject
MTSCreateActivity
MiniDumpW
RecycleSurrogate
RegisterComEvents
SafeRef

Sections

.text
Size: 921KB - Virtual size: 920KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 138KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b51abea5532ce20f4d8c02e9a00f7f1

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

ole32

oleaut32

advapi32

rpcrt4

netapi32

msvcrt

ntdll

mtxclu

colbact

clbcatq

comres

version

ws2_32

Exports

Exports

Sections

.text Size: 921KB - Virtual size: 920KB

.orpc Size: 7KB - Virtual size: 7KB

.data Size: 138KB - Virtual size: 158KB

.rsrc Size: 173KB - Virtual size: 173KB

.reloc Size: 57KB - Virtual size: 56KB

.text
Size: 921KB - Virtual size: 920KB

.orpc
Size: 7KB - Virtual size: 7KB

.data
Size: 138KB - Virtual size: 158KB

.rsrc
Size: 173KB - Virtual size: 173KB

.reloc
Size: 57KB - Virtual size: 56KB