3a1b6b727c0662708ae8f2b74be8ba7d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3a1b6b727c0662708ae8f2b74be8ba7d_JaffaCakes118
Size

304KB
MD5

3a1b6b727c0662708ae8f2b74be8ba7d
SHA1

a692139d86b6914ff531569bc0f8a7dbbe4a0eb3
SHA256

908868023662568d9e22d52b720c7189f0f8cd03d36891f52cefaa5b227bccd6
SHA512

328e813500546d6d1daefffca1185876c170517734abce76d238c4a1309f89f3025fccc1e53ef8b2bceb62a3726b5988ced56e3d67992e7f3187f1fa155b1157
SSDEEP

6144:Qll+9CUuf9IFmJTjYZ+cYr64k62nBlmoU87way4O3Okb:Qll+9CUu+FmJTXcYr6A2nf1w93Lb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a1b6b727c0662708ae8f2b74be8ba7d_JaffaCakes118

Files

3a1b6b727c0662708ae8f2b74be8ba7d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3edbb91f4becd72c65c3447cf4d0ffb0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\b\co\tif91\exe\vs\release\tishell_ca.pdb

Imports

advapi32

RegSetValueExA
RegCloseKey
SetFileSecurityW
GetSecurityDescriptorOwner
GetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
GetUserNameW
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegEnumValueA
RegDeleteKeyA
RegQueryValueExA
RegDeleteValueA
GetUserNameA
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid

kernel32

SetErrorMode
MultiByteToWideChar
GetWindowsDirectoryA
GetCurrentDirectoryA
GetWindowsDirectoryW
GetCurrentDirectoryW
ResetEvent
SetEvent
GetCurrentThreadId
WaitForSingleObject
WaitForMultipleObjects
CreateEventA
FindCloseChangeNotification
FindNextChangeNotification
ReadFile
WriteFile
FlushFileBuffers
SetFilePointer
SetEndOfFile
LockFileEx
UnlockFileEx
SetProcessWorkingSetSize
GetProcessWorkingSetSize
GetCurrentProcess
DeviceIoControl
SetFileTime
GetProcAddress
GetModuleHandleA
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetModuleFileNameW
CompareStringW
FindNextFileW
CreateFileW
FindFirstChangeNotificationW
DeleteFileW
MoveFileW
RemoveDirectoryW
CreateDirectoryW
SetLastError
GetVolumeInformationW
SetFileAttributesW
FindFirstFileW
GetTempPathW
GetDiskFreeSpaceW
GetDriveTypeW
GetCompressedFileSizeW
GetFileInformationByHandle
MoveFileExW
GetModuleFileNameA
WideCharToMultiByte
CompareStringA
CreateFileA
FindFirstChangeNotificationA
DeleteFileA
MoveFileA
CreateDirectoryA
RemoveDirectoryA
SetFileAttributesA
WritePrivateProfileStringA
GetShortPathNameA
GetDiskFreeSpaceA
GetVolumeInformationA
FindNextFileA
GetTempPathA
FindFirstFileA
GetVersion
LockResource
LoadResource
FindResourceExW
LoadLibraryA
GetSystemDefaultLangID
EnumResourceNamesW
ExpandEnvironmentStringsW
GetSystemTimeAsFileTime
GetTimeZoneInformation
BackupRead
BackupWrite
GetFileTime
GetFileAttributesW
SetCurrentDirectoryW
FormatMessageW
GetTempFileNameW
GetLogicalDriveStringsW
GetSystemDirectoryW
GetShortPathNameW
CopyFileW
GetFullPathNameW
OutputDebugStringW
LoadLibraryW
LoadLibraryExW
CreateProcessW
GetStartupInfoW
GetComputerNameW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
WriteConsoleW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetSystemInfo
WriteConsoleA
GetConsoleOutputCP
SetCurrentDirectoryA
LocalFree
LocalAlloc
FormatMessageA
GetTempFileNameA
GetLogicalDriveStringsA
GetSystemDirectoryA
GetFileAttributesA
CopyFileA
GetFullPathNameA
OutputDebugStringA
ExpandEnvironmentStringsA
LoadLibraryExA
CreateProcessA
GetStartupInfoA
GetComputerNameA
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
GetNumberFormatA
GetEnvironmentVariableA
SetEnvironmentVariableA
FreeLibrary
GetTickCount
TerminateProcess
HeapFree
HeapAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateSemaphoreA
ReleaseSemaphore
LCMapStringW
LCMapStringA
GetCurrentProcessId
QueryPerformanceCounter
VirtualProtect
GetStringTypeW
GetStringTypeA
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
VirtualQuery
InterlockedExchange
UnhandledExceptionFilter
HeapSize
ExitProcess
HeapReAlloc
SetUnhandledExceptionFilter
GetVersionExA
GetCommandLineA
CreateThread
ExitThread
RaiseException
RtlUnwind
SetFileApisToANSI
CloseHandle
GetLogicalDrives
GetDriveTypeA
FindClose
GetLastError
EnumResourceLanguagesW

user32

TranslateMessage
DispatchMessageA
DefWindowProcA
CharUpperBuffW
GetMessageA
CreateWindowExA
RegisterClassExA
wsprintfW
CharUpperBuffA
RegisterClassExW
DefWindowProcW
GetWindowLongW
SetWindowLongW
SendMessageW
SendNotifyMessageW
PostMessageW
CreateDialogIndirectParamW
PeekMessageW
DispatchMessageW
RegisterClipboardFormatW
GetClipboardFormatNameW
AppendMenuW
ModifyMenuW
SetWindowTextW
SystemParametersInfoW
VkKeyScanW
VkKeyScanExW
WinHelpW
GetWindowLongA
SetWindowLongA
SendMessageA
SendNotifyMessageA
PostMessageA
CreateDialogIndirectParamA
PeekMessageA
RegisterClipboardFormatA
AppendMenuA
ModifyMenuA
SetWindowTextA
SystemParametersInfoA
GetClipboardFormatNameA
VkKeyScanExA
VkKeyScanA
WinHelpA

gdi32

GetTextMetricsW
CreateFontIndirectW
GetTextMetricsA
CreateFontIndirectA
EnumFontFamiliesExA
EnumFontFamiliesExW

shell32

SHGetFileInfoA
Shell_NotifyIconA
ShellExecuteA
ShellExecuteExA
SHGetPathFromIDListA
ShellExecuteExW
SHGetDesktopFolder
SHGetMalloc
ShellExecuteW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
GetOpenFileNameA
GetSaveFileNameA

mpr

WNetAddConnection3W
WNetAddConnection3A
WNetGetUniversalNameA
WNetGetUniversalNameW

ole32

CoCreateInstance
OleInitialize

rpcrt4

RpcStringFreeA
UuidToStringA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

msi

ord49
ord74
ord80
ord159
ord64
ord17
ord125
ord103
ord8
ord121
ord123
ord118
ord115
ord160
ord158
ord32
ord145

Exports

Exports

TishellInstall
TishellPrepn
TishellUninstall

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3edbb91f4becd72c65c3447cf4d0ffb0

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

gdi32

shell32

comdlg32

mpr

ole32

rpcrt4

version

msi

Exports

Exports

Sections

.text Size: 220KB - Virtual size: 218KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 8KB - Virtual size: 11KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 220KB - Virtual size: 218KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 8KB - Virtual size: 11KB

.reloc
Size: 24KB - Virtual size: 20KB