31e4418550f38fded69ab4f1f9990a2c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

31e4418550f38fded69ab4f1f9990a2c_JaffaCakes118
Size

249KB
MD5

31e4418550f38fded69ab4f1f9990a2c
SHA1

52544e58d0af1cb2ec7aefc752dcb32f4b5a7536
SHA256

73e5d581b717660ee40c106e3d6fcf543333ca2c57704f27951aeb62c26590fd
SHA512

4aad0e881f23071058b800585bb07137eed422c7d5fe2c4453c6d0c1463e844df101f30b7fe2e567037ed5c60716bbbdc0640d2179b5d80377af63596595eb40
SSDEEP

3072:OGRyXAz9xlxGzovR1ObfKDoCg6t851tAr3/AMqvGgv7tfkv7lZcrp/R9iMBDj:fKAz9xlxCCFQDeTkvJkvR6rdhDj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31e4418550f38fded69ab4f1f9990a2c_JaffaCakes118

Files

31e4418550f38fded69ab4f1f9990a2c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9daebf8271c38bddee3c9349b2e9487e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\.Depot\Current\Client\LiveMailDesktopMC\Release\mclmd.pdb

Imports

kernel32

FindFirstChangeNotificationW
FindCloseChangeNotification
GetFileSize
CreateFileW
lstrcatW
ExpandEnvironmentStringsW
lstrcpyW
GetTempPathW
FindClose
FindNextFileW
CompareFileTime
GetFileTime
lstrcmpW
FindFirstFileW
ReadFile
DeleteFileW
GetACP
CopyFileW
GetTempFileNameW
WaitForMultipleObjects
GetSystemTimeAsFileTime
CreateEventW
LockResource
FindResourceExW
GetProcAddress
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
ReleaseMutex
ReleaseSemaphore
InterlockedExchangeAdd
Sleep
UnmapViewOfFile
MapViewOfFile
SetEvent
SetFilePointer
WriteFile
lstrlenA
CreateSemaphoreW
CreateMutexW
lstrcpynW
GetCurrentProcess
CreateFileA
CreateFileMappingW
OpenFileMappingW
lstrcpynA
CreateMutexA
GetCurrentThreadId
CreateDirectoryW
GlobalSize
GetSystemTime
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
GetExitCodeThread
TerminateThread
GetTickCount
WaitForSingleObject
GetVersionExW
WideCharToMultiByte
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
GetCurrentProcessId
ProcessIdToSessionId
GetComputerNameW
GetModuleFileNameW
GetModuleHandleW
LocalFree
CloseHandle
GetProcessHeap
HeapFree
RaiseException
HeapAlloc
lstrlenW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
GetStringTypeA
FlushFileBuffers
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetConsoleMode
GetConsoleCP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
CreateThread
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
InterlockedExchange

user32

CharLowerBuffW
CharLowerW
UnregisterClassA
CharNextW
LoadStringW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
GetDesktopWindow

advapi32

InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
CryptDeriveKey
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
LookupAccountNameW
ConvertSidToStringSidW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

ole32

CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
GetHGlobalFromStream

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
SysAllocStringLen
VarBstrCmp
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreateVector
SafeArrayCreate

shlwapi

SHCreateStreamOnFileW
PathStripPathW
PathFileExistsW

wtsapi32

WTSCloseServer
WTSFreeMemory
WTSOpenServerW
WTSQuerySessionInformationW

netapi32

NetApiBufferFree
NetWkstaUserEnum

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9daebf8271c38bddee3c9349b2e9487e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

wtsapi32

netapi32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 12KB - Virtual size: 19KB

.SHARSTA Size: 4KB - Virtual size: 52B

.rsrc Size: 28KB - Virtual size: 25KB

.reloc Size: 20KB - Virtual size: 17KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 12KB - Virtual size: 19KB

.SHARSTA
Size: 4KB - Virtual size: 52B

.rsrc
Size: 28KB - Virtual size: 25KB

.reloc
Size: 20KB - Virtual size: 17KB