3bb563784659d456571a8e34e94a61d4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3bb563784659d456571a8e34e94a61d4_JaffaCakes118
Size

235KB
MD5

3bb563784659d456571a8e34e94a61d4
SHA1

fc005a93c46f545f58c2671137e6804d8b286199
SHA256

54b5c93339dd2b88fecf1168cb9128fa6ce9df74572729a07a72dc77e671802f
SHA512

7d43bcf6559794bfd21750ce4ce67a79092fbbcc7d57f3730f515c805c18245d0b5b4b0fc446dc44816b806c21513e8d44012fa4da25226eddf4d060f30a33f1
SSDEEP

6144:bSzvth/YPz9i6QwPePY0YU1J8jHL/F9B0KY5n+:Gzvt1YP5iQeQIATL/Ff0KY5n+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bb563784659d456571a8e34e94a61d4_JaffaCakes118

Files

3bb563784659d456571a8e34e94a61d4_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

83b9ae512c5802129c4dd3f891c2bc0e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wuaueng1.pdb

Imports

msvcrt

realloc
malloc
free
_vsnwprintf
srand
??3@YAXPAX@Z
memmove
_onexit
_stricmp
_strcmpi
_ftol
wcstoul
_except_handler3
_initterm
_adjust_fdiv
_vsnprintf
_wtoi
_wsplitpath
_ftime
wcscmp
_wcsicmp
wcschr
wcslen
rand
__dllonexit
??2@YAPAXI@Z

kernel32

HeapAlloc
HeapReAlloc
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSection
LoadLibraryExW
FormatMessageW
MoveFileW
CopyFileW
MultiByteToWideChar
GetSystemInfo
SetFilePointer
SetEndOfFile
ReadFile
CreateFileMappingW
MapViewOfFile
GetProcessHeap
lstrlenA
CompareStringA
WriteFile
GetFileSize
GetFileTime
CompareFileTime
CreateFileW
HeapFree
GetProcAddress
SetLastError
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
SystemTimeToFileTime
GetFileAttributesW
lstrcmpW
GetSystemDefaultLangID
DeleteFileW
RemoveDirectoryW
GetPrivateProfileStringW
FileTimeToSystemTime
GetDateFormatW
lstrlenW
GetCurrentThread
LocalAlloc
DisableThreadLibraryCalls
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
CreateThread
GetExitCodeThread
FreeLibrary
GetTickCount
GetSystemDirectoryW
CreateProcessW
GetExitCodeProcess
TryEnterCriticalSection
LeaveCriticalSection
CreateMutexW
OpenEventW
WaitForMultipleObjects
ResetEvent
LocalFree
GetSystemTime
WaitForSingleObject
ReleaseMutex
CloseHandle
CompareStringW
LoadLibraryA
VerifyVersionInfoW
GetTimeFormatW
lstrcmpiW
SetFileAttributesW
CreateDirectoryW
FindClose
GetSystemTimeAsFileTime
CreateEventW
SetEvent
FindNextFileW
FindFirstFileW
GetCurrentProcess
DuplicateHandle
SetFileTime
GlobalFree
GlobalAlloc
InterlockedCompareExchange
lstrcpynW
GetLocaleInfoW
GetUserDefaultLangID
GetModuleHandleW
GetLastError
WideCharToMultiByte
GetVersionExW
UnmapViewOfFile

user32

CharUpperW
ExitWindowsEx
CharNextW
CharLowerA
CharUpperA
SetPropW
GetPropW
DialogBoxParamW
GetMessageW
IsDlgButtonChecked
SetWindowLongW
CheckRadioButton
SendMessageW
LoadStringW
SetWindowTextW
GetParent
GetDesktopWindow
GetWindowRect
CopyRect
OffsetRect
SetWindowPos
EndDialog
RemovePropW
GetDlgItem
EnableWindow
GetKeyboardType
OpenWindowStationW
GetUserObjectInformationW
CloseWindowStation
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjectsEx
PostThreadMessageW

advapi32

CloseServiceHandle
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
SetNamedSecurityInfoW
RegOpenKeyW
LsaOpenPolicy
LsaNtStatusToWinError
LsaQueryInformationPolicy
IsValidSid
CopySid
LsaFreeMemory
LsaClose
RegDeleteValueW
RegOpenKeyExA
RegQueryValueExA
SetEntriesInAclW
GetSecurityInfo
AllocateAndInitializeSid
CheckTokenMembership
GetTokenInformation
LookupPrivilegeValueW
DuplicateTokenEx
RevertToSelf
QueryServiceStatus
RegDeleteKeyW
OpenSCManagerW
OpenServiceW
FreeSid
ReportEventW
RegisterEventSourceW
RegCreateKeyExW
RegSetValueExW
DeregisterEventSource
OpenThreadToken
AccessCheck
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
CreateProcessAsUserW
OpenProcessToken
AdjustTokenPrivileges
InitiateSystemShutdownW
ImpersonateLoggedOnUser
RegOpenCurrentUser
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

oleaut32

VarBstrCat
SysReAllocString
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysStringLen
LoadTypeLibEx
SysAllocString
SysFreeString
SafeArrayGetUBound
SafeArrayGetElement
VariantInit
VariantClear

ole32

StringFromIID
CoTaskMemFree
CLSIDFromString
CoImpersonateClient
CoRevertToSelf
CoDisconnectObject
CoCreateInstance
CoInitializeSecurity
CoRegisterClassObject
CoRevokeClassObject
CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CoInitializeEx

shlwapi

PathIsRootW
PathIsUNCW
StrToIntW
UrlCombineW
PathIsRelativeW
UrlGetPartW
StrRChrW
PathFindFileNameW
SHGetValueW
PathStripToRootW
StrChrW
StrCmpIW
StrStrW

advpack

ExtractFiles
RegInstall
IsNTAdmin

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
UnregisterGPNotification
RegisterGPNotification

winsta

WinStationQueryInformationW

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory

rpcrt4

RpcBindingFromStringBindingW
NdrClientCall2
RpcBindingFree
RpcBindingSetAuthInfoExW

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW

ntdll

VerSetConditionMask

wininet

InternetGetConnectedState
InternetQueryOptionA

shell32

SHGetFolderPathW

wintrust

WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
ServiceHandler
ServiceMain

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83b9ae512c5802129c4dd3f891c2bc0e

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

oleaut32

ole32

shlwapi

advpack

userenv

winsta

wtsapi32

rpcrt4

comctl32

ntdll

wininet

shell32

wintrust

crypt32

Exports

Exports

Sections

.text Size: 131KB - Virtual size: 130KB

.data Size: 57KB - Virtual size: 58KB

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 131KB - Virtual size: 130KB

.data
Size: 57KB - Virtual size: 58KB

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 6KB - Virtual size: 5KB