898b91151b181d58a264eb6bc9b9e118_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

898b91151b181d58a264eb6bc9b9e118_JaffaCakes118
Size

385KB
MD5

898b91151b181d58a264eb6bc9b9e118
SHA1

af8fb28c6e974e639233480e1c0defcb6138bd1c
SHA256

ca02e2ad34f80026950e6952f440287ba28d958bbb5ef90dbbcecb4eed9238ff
SHA512

155c33abea3a5d57c20f05ecc3adc39b6926c7b651ab02b9a08be24260f2c2377963dd76333d42bac6b08f4231b45670ac7de39d40ed0d0f5d9dd1e28bba2152
SSDEEP

6144:cwO8NUiNxbLSLb0WJjv3/XJ3bgUQdM2GRUB7xgpH7sgpm72:/O8NUib2pvP5rabB7xgpH7sgpm72

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
898b91151b181d58a264eb6bc9b9e118_JaffaCakes118

Files

898b91151b181d58a264eb6bc9b9e118_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a4ba9a7cdfb94031190f65ebfdba1b8a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\.Depot\Current\Client\CommonCommandProcessor\Release\ccp.pdb

Imports

kernel32

SetThreadPriority
GetThreadPriority
GetCurrentThread
WriteFile
HeapFree
HeapAlloc
GetProcessHeap
WideCharToMultiByte
FileTimeToSystemTime
WaitForSingleObject
lstrcmpW
ReadFile
GetFileSize
CreateFileW
GetFileAttributesExW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetDriveTypeW
SetErrorMode
GetLogicalDrives
FindClose
GetTempFileNameW
CopyFileW
CreateDirectoryW
GetProcAddress
LoadLibraryW
GetVersionExW
TerminateProcess
OpenProcess
LoadLibraryA
LocalFree
SetFileAttributesW
GetComputerNameW
FileTimeToDosDateTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetLocalTime
SetFilePointer
GetFileInformationByHandle
GlobalAlloc
GlobalFree
MapViewOfFile
UnmapViewOfFile
IsBadReadPtr
GlobalUnlock
GlobalLock
ReleaseMutex
ReleaseSemaphore
FindResourceExW
GetCurrentProcess
GetCurrentThreadId
GetSystemTime
DuplicateHandle
CreateFileA
CreateFileMappingW
lstrcpyA
CreateSemaphoreW
CreateMutexW
ProcessIdToSessionId
GetCurrentProcessId
CreateMutexA
lstrcpynA
OpenFileMappingW
GlobalSize
CreateEventW
GetSystemTimeAsFileTime
GetThreadLocale
FlushFileBuffers
SetFilePointerEx
SetLastError
DeviceIoControl
GetDiskFreeSpaceW
RemoveDirectoryW
GetFileAttributesW
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LockResource
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempPathW
lstrcpyW
lstrcatW
OpenEventW
SetEvent
Sleep
DeleteFileW
GetTickCount
lstrlenA
lstrcpynW
CreateProcessW
CloseHandle
FindFirstFileW
MoveFileW
FindNextFileW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
InitializeCriticalSection
lstrcmpiW
DisableThreadLibraryCalls
GetModuleHandleW
GetLastError
RaiseException
MultiByteToWideChar
InterlockedIncrement
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
InterlockedDecrement
DeleteCriticalSection
InterlockedExchangeAdd
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
VirtualFree
HeapCreate
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualAlloc
VirtualProtect
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange

user32

GetDesktopWindow
UnregisterClassA
CharLowerW
CharNextW
LoadStringW
wsprintfW
SendMessageW
GetWindowThreadProcessId
FindWindowW

advapi32

CryptDeriveKey
GetNamedSecurityInfoW
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
CryptGetHashParam
CryptAcquireContextW
RegGetKeySecurity
RegOpenKeyW
OpenProcessToken
RegSetKeySecurity
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptEncrypt
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
AdjustTokenPrivileges
LookupAccountNameW
ConvertSidToStringSidW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

shell32

SHFileOperationW

ole32

CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
GetHGlobalFromStream

oleaut32

SysFreeString
VarBstrCmp
VariantInit
VariantClear
VarUI4FromStr
VarBstrFromUI4
SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
VarBstrCat
SysAllocStringLen
VarBstrFromI2
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
VariantChangeType
VariantCopy
VarI4FromStr
VarBstrFromI4
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayRedim
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreateVector
SafeArrayCreate
VarParseNumFromStr
SysAllocStringByteLen
VarNumFromParseNum

shlwapi

PathAppendW
PathMatchSpecW
StrStrIW
StrStrW
PathSkipRootW
SHCreateStreamOnFileW
SHDeleteKeyW
SHDeleteEmptyKeyW
PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW
PathFindFileNameW

rpcrt4

UuidToStringA
UuidToStringW
UuidCreate
RpcStringFreeA
RpcStringFreeW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSCloseServer
WTSOpenServerW

netapi32

NetWkstaUserEnum
NetApiBufferFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4ba9a7cdfb94031190f65ebfdba1b8a

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

wtsapi32

netapi32

Exports

Exports

Sections

.text Size: 232KB - Virtual size: 229KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 28KB - Virtual size: 24KB

.reloc Size: 24KB - Virtual size: 21KB

.text
Size: 232KB - Virtual size: 229KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 28KB - Virtual size: 24KB

.reloc
Size: 24KB - Virtual size: 21KB