14aad7982b85b5934b512be1081dd0b6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14aad7982b85b5934b512be1081dd0b6_JaffaCakes118
Size

300KB
MD5

14aad7982b85b5934b512be1081dd0b6
SHA1

6fe770c2740601a8a382f6ad7f684f0c2832d3fa
SHA256

303b70a48e637d635cdbc96f3238671a84ffbe0a0fc2caa5f30437242e53591e
SHA512

c061bb456cf0cdd152b8866b44f629d6e5b7e500d274a8de04afd10d8603dfe7bb275c1697e60be9b3039a8b55e5ea057295c69e8c7a80b4a32ef05fed217c1f
SSDEEP

6144:8mHuAMvx1qzo2VkfBzkj5hJkL8+9PwferWGhyHJft9L:PHCakJcKw+9PwfeyGYJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14aad7982b85b5934b512be1081dd0b6_JaffaCakes118

Files

14aad7982b85b5934b512be1081dd0b6_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

e6bbe4a32db7a7186dadd27c634e9832

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mobsync.pdb

Imports

msvcrt

wcslen
wcscat
wcsncmp
wcscmp
_except_handler3
wcscpy
_itow

kernel32

CreateMutexA
CreateMutexW
GetTickCount
SearchPathW
SetFileAttributesA
SetFileAttributesW
FindResourceA
FindResourceW
GetDateFormatA
GetTimeFormatA
GetTimeFormatW
lstrcpynA
GetLocaleInfoW
GetUserDefaultLCID
AreFileApisANSI
Sleep
GetLastError
CompareFileTime
GetSystemTime
CreateProcessW
CreateProcessA
LoadLibraryW
LoadLibraryA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
DeleteFileW
DeleteFileA
GetCurrentThread
LocalFree
LocalReAlloc
LocalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetDateFormatW
QueryPerformanceCounter
SystemTimeToFileTime
WaitForSingleObject
ReleaseMutex
CloseHandle
EnterCriticalSection
LeaveCriticalSection
lstrlenA
IsBadReadPtr
WideCharToMultiByte
MultiByteToWideChar
LoadResource
LockResource
SetLastError
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
GetVersionExA
GetSystemDefaultLangID
DeleteCriticalSection
GetProcAddress
FreeLibrary
lstrcmpA
GetModuleFileNameA
SearchPathA

user32

SystemParametersInfoA
WinHelpW
WinHelpA
GetWindowTextW
GetWindowTextA
SetWindowTextW
SetWindowTextA
FindWindowW
FindWindowA
SendMessageW
LoadImageW
LoadImageA
MessageBoxW
MessageBoxA
LoadStringW
LoadIconA
DefWindowProcW
DefWindowProcA
DialogBoxParamW
DialogBoxParamA
GetParent
PostMessageA
MessageBeep
CheckDlgButton
SetForegroundWindow
GetDlgItemInt
GetFocus
SetFocus
DestroyIcon
IsDlgButtonChecked
SetWindowLongA
EndDialog
wsprintfW
CheckRadioButton
EnableWindow
InvalidateRect
BeginPaint
EndPaint
GetWindowLongA
MapWindowPoints
OffsetRect
GetClientRect
MoveWindow
InflateRect
SetRect
GetDC
ReleaseDC
LoadStringA
CharPrevA
GetSystemMetrics
UpdateWindow
ShowWindow
SendMessageA
GetDlgItem
IsWindowEnabled

advapi32

SetSecurityDescriptorDacl
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetKeySecurity
RegCreateKeyExA
RegCreateKeyExW
GetUserNameA
GetUserNameW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyA
RegDeleteKeyW
RegEnumKeyExA
RegEnumKeyExW
RegEnumKeyA
RegEnumKeyW
RegDeleteValueA
RegSetValueExW
RegSetValueExA
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenThreadToken
OpenProcessToken
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
StartServiceW
RegDeleteValueW

ole32

CLSIDFromString
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoFreeUnusedLibraries

comctl32

ImageList_ReplaceIcon
InitCommonControlsEx
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
CreatePropertySheetPageW
PropertySheetW
ImageList_Create

gdi32

CreatePalette
DeleteObject
SetDIBitsToDevice
RealizePalette
SelectPalette
UpdateColors
GetDeviceCaps

rpcrt4

CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
RpcStringBindingComposeW
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrClientCall2
RpcStringFreeW
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate

Exports

Exports

DisplayOptions
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MobsyncGetClassObject
RegGetHandlerRegistrationInfo
RegGetHandlerTopLevelKey
RegGetProgressDetailsState
RegGetSchedConnectionName
RegGetSchedSyncSettings
RegGetSyncItemSettings
RegGetSyncSettings
RegQueryLoadHandlerOnEvent
RegRemoveManualSyncSettings
RegSchedHandlerItemsChecked
RegSetProgressDetailsState
RegSetSyncItemSettings
RegSetUserDefaults
RunDllRegister
SyncMgrRasProc
SyncMgrResolveConflictA
SyncMgrResolveConflictW

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6bbe4a32db7a7186dadd27c634e9832

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ole32

comctl32

gdi32

rpcrt4

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.orpc Size: 512B - Virtual size: 51B

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 192KB - Virtual size: 192KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 99KB

.orpc
Size: 512B - Virtual size: 51B

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 192KB - Virtual size: 192KB

.reloc
Size: 5KB - Virtual size: 4KB