38ef87463d6b8996ed0ca1693976d670_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38ef87463d6b8996ed0ca1693976d670_JaffaCakes118
Size

758KB
MD5

38ef87463d6b8996ed0ca1693976d670
SHA1

e4a273a85537a3c381a56d524ee43b8a05dd975e
SHA256

dcaf12113f3dedb5be852bd8f525a088105ef4a3515ad3db7accc7f268b682f7
SHA512

6450a5d2b0524d18b2f102cd7a0bd1c91eb7653de5b8906a487e4b208757e9370fe41cd5050a60a8585053c96e0c0247a1394213fffaf8d43b01f12298bb2012
SSDEEP

12288:1FLF4NFX0xZJgjRYxdbay4XYqAyN+RgMnd4zlNAQeYCQGv5cho56sX:PSF24XYqWnSNAnYCQGv5cho56+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38ef87463d6b8996ed0ca1693976d670_JaffaCakes118

Files

38ef87463d6b8996ed0ca1693976d670_JaffaCakes118
.dll windows:5 windows x86 arch:x86

593391c3b068f07ca68841844644725b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build\ob\bora-621624\bora-vmsoft\build\release\install\InstUtil\tools\toolsinstutil.pdb

Imports

msi

ord120
ord49
ord31
ord74
ord117
ord143
ord145
ord125
ord160
ord64
ord8
ord103
ord121
ord17
ord73
ord50
ord159

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

advapi32

RegQueryInfoKeyA
RegEnumValueW
RegEnumKeyExW
RegUnLoadKeyW
RegLoadKeyW
DeleteService
ChangeServiceConfigW
CreateServiceW
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
CreateProcessAsUserW
CloseServiceHandle
ChangeServiceConfig2A
OpenServiceA
OpenSCManagerA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExA
QueryServiceLockStatusA
LockServiceDatabase
UnlockServiceDatabase
QueryServiceStatus
StartServiceA
ControlService
EnumDependentServicesA

shell32

Shell_NotifyIconA
SHChangeNotify

winspool.drv

OpenPrinterW
DeletePrinter
ClosePrinter

ws2_32

WSCDeinstallProvider
WSCInstallProvider

setupapi

SetupDiBuildDriverInfoList
SetupDiRemoveDevice
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameA
SetupCopyOEMInfW
SetupDiOpenDevRegKey
SetupCloseInfFile
SetupDiGetSelectedDriverA
SetupOpenInfFileA
SetupDiSetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiGetINFClassA
SetupCopyOEMInfA
SetupGetInfFileListA
SetupDiEnumDriverInfoA
SetupDiSetSelectedDriverA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupGetLineTextA
SetupDiDestroyDriverInfoList

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
GetProfilesDirectoryW

newdev

UpdateDriverForPlugAndPlayDevicesW

user32

LoadStringW
BroadcastSystemMessageA
RegisterWindowMessageW
MessageBoxW
SendMessageA
GetWindowThreadProcessId
FindWindowA
FindWindowW
GetWindowTextA
GetDesktopWindow
LoadStringA

kernel32

GetStringTypeA
GetStringTypeW
HeapSize
WriteConsoleA
GetConsoleOutputCP
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
CompareStringA
TryEnterCriticalSection
GetSystemDirectoryA
IsValidCodePage
GetOEMCP
VirtualAlloc
GetTickCount
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetStdHandle
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
LCMapStringW
LCMapStringA
GetTimeZoneInformation
SetStdHandle
HeapReAlloc
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
PeekNamedPipe
FileTimeToLocalFileTime
ExitProcess
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetCommandLineA
RaiseException
InterlockedExchange
GetFileType
FlushFileBuffers
SetEndOfFile
ReadFile
SetFilePointer
GetLocaleInfoA
CreateFileA
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
InitializeCriticalSection
MultiByteToWideChar
GetACP
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
QueryPerformanceFrequency
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
WideCharToMultiByte
GetModuleHandleA
GetLastError
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
lstrcmpiA
GetCurrentProcess
ProcessIdToSessionId
GetCurrentProcessId
OpenProcess
FindClose
FindNextFileW
SizeofResource
FindResourceA
Sleep
TerminateProcess
MoveFileW
GetWindowsDirectoryW
GetSystemDirectoryW
MoveFileExA
SetFileAttributesA
GetFileAttributesA
GetProcAddress
SetCurrentDirectoryA
GetTempFileNameA
GetTempPathA
OutputDebugStringA
SetLastError
DeleteFileW
CreateFileW
LocalAlloc
GetVersionExA
FreeLibrary
WaitForSingleObject
GetExitCodeProcess
GetCurrentDirectoryW
FormatMessageW
GetModuleHandleW
GetSystemInfo
DeleteFileA
ExpandEnvironmentStringsA
FileTimeToSystemTime
GetFileInformationByHandle
HeapFree
HeapAlloc
GetProcessHeap
WriteFile
WriteConsoleW
LoadLibraryA
FindFirstFileW
LoadLibraryExW
CreateDirectoryW
RemoveDirectoryW
CopyFileW
MoveFileExW
GetFileAttributesW
SetFileAttributesW
SetCurrentDirectoryW
GetTempPathW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateProcessW

Exports

Exports

VMCheckReboot
VMCheckRequirements
VMCleanLegacyTools
VMCleanOldPerUserMSITools
VMCleanupVMCIDriver
VMConfigRunRegistry
VMDeleteFiles
VMDeleteFilesAndFolders
VMDisableUSBSelectiveSuspendPwrSettings
VMDisplayManualVideoInstall
VMDisplayVSSRqdSvcsWarning
VMEnableUSBSelectiveSuspendPwrSettings
VMEtcHostsCleanup
VMFixToolsConf
VMInstallAudioDriver
VMInstallBuslogicDriver
VMInstallHgfsDriver
VMInstallLsiDriver
VMInstallMouseDriver
VMInstallPVSCSIDriver
VMInstallSyncDriver
VMInstallThinPrint
VMInstallVMCIDriver
VMInstallVMToolsService
VMInstallVMXNet3Driver
VMInstallVMXNetDriver
VMInstallVideoDriver
VMInstallVmscsiPlugDriver
VMInstallVmwVaudioDriver
VMInstallWifiDriver
VMLegacyOrMinorUpgradeMigrateToolsConf
VMLogEnd
VMLogStart
VMMinorUpgradeMigrateHGFS
VMPatchBatchFiles
VMRegisterCpl
VMRemoveVMDesched
VMReportExpectedTicks
VMResetIconCache
VMResetOldProductFeatureStates
VMRollbackRunRegistry
VMRun
VMScheduleRebootPrompt
VMServiceConfigRestart
VMSetDiskTimeOut
VMSetPerfSettings
VMSetToolsUninstalled
VMSetVMCICondition
VMStartStopServices
VMStartVMToolsService
VMStartVMwareProcesses
VMStopVMToolsService
VMStopVMwareProcesses
VMStopVMwareProcesses2kXp
VMUninstallAudioDriver
VMUninstallBuslogicDriver
VMUninstallGHIRestoreGuestHandlers
VMUninstallHgfsDriver
VMUninstallMouseDriver
VMUninstallOldHgfsDriver
VMUninstallPVSCSIDriver
VMUninstallPerUserHgfsSharedFolders
VMUninstallSyncDriver
VMUninstallThinPrint
VMUninstallVMCIDriver
VMUninstallVMToolsService
VMUninstallVMXNet3Driver
VMUninstallVMXNetDriver
VMUninstallVideoDriver
VMUninstallVmscsiPlugDriver
VMUninstallVmwVaudioDriver
VMUninstallWifiDriver
VMUnmountImageCancel
VMUnmountImageFailure
VMUnmountImageSuccess
VMUnregisterCpl
VMUpdateManifestFile

Sections

.text
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

593391c3b068f07ca68841844644725b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

version

advapi32

shell32

winspool.drv

ws2_32

setupapi

userenv

newdev

user32

kernel32

Exports

Exports

Sections

.text Size: 452KB - Virtual size: 451KB

.rdata Size: 162KB - Virtual size: 161KB

.data Size: 62KB - Virtual size: 79KB

.rsrc Size: 43KB - Virtual size: 43KB

.reloc Size: 37KB - Virtual size: 36KB

.text
Size: 452KB - Virtual size: 451KB

.rdata
Size: 162KB - Virtual size: 161KB

.data
Size: 62KB - Virtual size: 79KB

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 37KB - Virtual size: 36KB