4db22fd439a15f288d0bdb381553e822_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4db22fd439a15f288d0bdb381553e822_JaffaCakes118
Size

551KB
MD5

4db22fd439a15f288d0bdb381553e822
SHA1

b4ef76c668b58125ba0c2e2d9bf623d7af7fc915
SHA256

cc56eb96cc8db34b77844a0c75c6b326343ecb1f460a04ddaa61845ff24e4518
SHA512

928078b0bebc754d27ba1dd96a0d64c45e17efed88887c240eb74ea1693b7a7aef7aaea85cc2785e8e66a88ddc9856aab52d105ba474dd29398cc4406dec5a49
SSDEEP

12288:VsuPWlJ0qzTAsj/oTU35sDWG3SaBVrwFn3/WO7fmRJCAbR0b:VsuPBwTjjATU3A9CaBBwFVp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4db22fd439a15f288d0bdb381553e822_JaffaCakes118

Files

4db22fd439a15f288d0bdb381553e822_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7bc073e2a459c98e4e444311ab4ff0d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\ATI\Current\Client\AOLMonitor\Release\mca.pdb

Imports

kernel32

LockResource
FindResourceExW
GetProcAddress
LoadLibraryW
GetFullPathNameA
UnlockFile
LockFileEx
LockFile
GetTempPathA
GetFileAttributesW
DeleteFileA
GetFileAttributesA
AreFileApisANSI
GetComputerNameW
FindFirstFileW
FindNextFileW
FindClose
WideCharToMultiByte
LocalFileTimeToFileTime
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
InterlockedIncrement
DisableThreadLibraryCalls
GetModuleHandleW
LocalFree
LocalAlloc
lstrcmpA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLastError
InitializeCriticalSection
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
InterlockedDecrement
DeleteCriticalSection
GetACP
lstrcpyW
MultiByteToWideChar
GetTickCount
CreateMutexW
WaitForSingleObject
ReleaseMutex
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
VirtualAlloc
VirtualFree
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
CloseHandle
lstrcatW
lstrlenW
lstrcpynW
lstrcmpiW
InterlockedExchange
ReleaseSemaphore
InterlockedExchangeAdd
Sleep
HeapFree
GetProcessHeap
UnmapViewOfFile
MapViewOfFile
HeapAlloc
GetTimeZoneInformation
DeleteFileW
ReadFile
SetFilePointer
GetFileSize
WriteFile
GlobalAlloc
GlobalFree
lstrlenA
GlobalReAlloc
GlobalUnlock
GlobalLock
CreateFileW
CreateSemaphoreW
GetCurrentProcess
CreateFileA
CreateFileMappingW
ProcessIdToSessionId
GetCurrentProcessId
OpenFileMappingW
lstrcpynA
GetTempFileNameW
GetTempPathW
SetEvent
CreateMutexA
GetCurrentThreadId
CreateDirectoryW
GlobalSize
GetSystemTime
CreateEventW
GetSystemTimeAsFileTime
GetFullPathNameW

user32

KillTimer
CharNextW
SetTimer
GetParent
FindWindowExW
GetDesktopWindow
CharLowerBuffW
UnregisterClassA
GetWindowTextLengthW
GetWindowTextW
GetClassNameW
SendMessageW
RegisterWindowMessageW
SendMessageTimeoutW
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
LoadStringW
CharLowerW

advapi32

CryptReleaseContext
CryptDeriveKey
CryptDecrypt
CryptEncrypt
CryptDestroyKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
LookupAccountNameW
ConvertSidToStringSidW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
GetHGlobalFromStream
StringFromGUID2
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoGetInterfaceAndReleaseStream

oleaut32

VarUI4FromStr
SafeArrayCreate
SafeArrayGetElement
SafeArrayPutElement
VarBstrCmp
VariantChangeType
SysAllocString
SysFreeString
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysStringLen
VariantInit
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
LoadTypeLi
UnRegisterTypeLi
VarBstrCat
VarBstrFromI4
SystemTimeToVariantTime
RegisterTypeLi

shlwapi

PathFileExistsW
SHCreateStreamOnFileW
PathRemoveFileSpecW
PathAppendW
PathStripPathW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSCloseServer
WTSOpenServerW

netapi32

NetWkstaUserEnum
NetApiBufferFree

crypt32

CertFreeCertificateContext
CryptMsgGetParam
CryptQueryObject
CryptDecodeObject

oleacc

AccessibleObjectFromWindow
ObjectFromLresult

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 384KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GBL
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bc073e2a459c98e4e444311ab4ff0d5

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

netapi32

crypt32

oleacc

Exports

Exports

Sections

.text Size: 384KB - Virtual size: 380KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 12KB - Virtual size: 195KB

.GBL Size: 4KB - Virtual size: 4B

.SHARSTA Size: 4KB - Virtual size: 52B

.rsrc Size: 32KB - Virtual size: 28KB

.reloc Size: 28KB - Virtual size: 25KB

.text
Size: 384KB - Virtual size: 380KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 12KB - Virtual size: 195KB

.GBL
Size: 4KB - Virtual size: 4B

.SHARSTA
Size: 4KB - Virtual size: 52B

.rsrc
Size: 32KB - Virtual size: 28KB

.reloc
Size: 28KB - Virtual size: 25KB