89d7ca6449247263909c96380a126623_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

89d7ca6449247263909c96380a126623_JaffaCakes118
Size

681KB
MD5

89d7ca6449247263909c96380a126623
SHA1

f5a416af881c726c299cb2937d186af41bccbe5c
SHA256

b4a815c309762a9facb8bda86efdd71a05ef518335ccbc6cedf1b54576e0cd45
SHA512

4a00f74d0ac5f3e0f0ea28dfe673597b4322fd21e7a532a944d2a9e657cb24f695b9d75a2c34d11b6ae49135c4659f451cf53d2473fc37a304c1a1484bbdfe1f
SSDEEP

12288:NM4qoJLth6FeYJ60ZODTU/IINpHRbfaWclCL0Kzft7PbomrTI5:y4qodnAFgD9kSWmSPRPbomr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89d7ca6449247263909c96380a126623_JaffaCakes118

Files

89d7ca6449247263909c96380a126623_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

e4e5f951dc78a7bb0c484557e0b0e3b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

msi

ord8
ord77
ord91
ord67
ord31
ord159
ord148

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

kernel32

LeaveCriticalSection
CloseHandle
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
LockResource
FindResourceExA
LocalFree
LocalAlloc
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
FormatMessageA
TerminateProcess
OpenProcess
GetFileTime
CreateFileA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
MoveFileExA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
ReadFile
GetStartupInfoA
CreatePipe
GetVersionExA
Thread32Next
TerminateThread
OpenThread
Thread32First
GetPriorityClass
FindClose
FindNextFileA
FileTimeToSystemTime
FindFirstFileA
FileTimeToLocalFileTime
GetSystemDirectoryA
GetProcAddress
EnterCriticalSection
GetCurrentProcessId
GetLocalTime
ReleaseMutex
CopyFileA
GetCurrentThreadId
GetDateFormatA
GetTimeFormatA
CreateEventA
CreateSemaphoreA
SetLastError
SystemTimeToTzSpecificLocalTime
GetLocaleInfoA
SetFilePointer
GetFileSize
WriteFile
GetSystemInfo
SetThreadLocale
GetThreadLocale
GetModuleHandleW
CreateMutexA
OpenMutexA
GetEnvironmentVariableA
lstrcpynA
AreFileApisANSI
GetFullPathNameA
GetSystemDefaultLCID
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
DeleteCriticalSection
RaiseException
IsDBCSLeadByte
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetLastError
lstrlenW
MultiByteToWideChar
GetModuleFileNameA
CreateFileW
lstrlenA
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
GetTickCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
LoadLibraryA
LCMapStringW
LCMapStringA
FlushFileBuffers
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetStdHandle
ExitProcess
HeapCreate
VirtualFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
GetFileAttributesW
RemoveDirectoryA
GetSystemTimeAsFileTime
MoveFileA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
VirtualAlloc
VirtualProtect
RtlUnwind

user32

GetSystemMetrics
EnumWindows
PostMessageA
GetWindowThreadProcessId
CharNextW
CharNextA
wsprintfA

advapi32

QueryServiceConfigA
RegEnumValueA
InitializeAcl
AddAce
SetSecurityInfo
IsValidSid
GetLengthSid
CopySid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetFileSecurityA
GetServiceDisplayNameA
QueryServiceStatus
LockServiceDatabase
QueryServiceLockStatusA
ChangeServiceConfigA
UnlockServiceDatabase
DeleteService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegQueryValueExA
RegEnumKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

ole32

CLSIDFromProgID
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
OleRun
CoInitialize
StringFromGUID2

shell32

SHGetPathFromIDListA
SHGetDesktopFolder
SHGetMalloc

oleaut32

VariantCopy
VariantTimeToSystemTime
VarDateFromStr
GetErrorInfo
VarUI4FromStr
SysFreeString
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocString
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
VariantClear
VariantChangeType
VariantInit
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringLen
BSTR_UserSize

rpcrt4

NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrCStdStubBuffer2_Release
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrOleAllocate
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4e5f951dc78a7bb0c484557e0b0e3b4

Headers

File Characteristics

Imports

version

msi

psapi

kernel32

user32

advapi32

ole32

shell32

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 488KB - Virtual size: 487KB

.orpc Size: 512B - Virtual size: 148B

.rdata Size: 143KB - Virtual size: 142KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 29KB - Virtual size: 28KB

.text
Size: 488KB - Virtual size: 487KB

.orpc
Size: 512B - Virtual size: 148B

.rdata
Size: 143KB - Virtual size: 142KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 29KB - Virtual size: 28KB