a1e17e7fc112ee37291f11a9dbaad042_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a1e17e7fc112ee37291f11a9dbaad042_JaffaCakes118
Size

564KB
MD5

a1e17e7fc112ee37291f11a9dbaad042
SHA1

015ad71f3ef794ddfbd50ba323d459cfb7e31ac2
SHA256

baee9897e424d9286944182fda905f22b36c6a805427a920d655b525aa016d68
SHA512

8f24d5c34c2e3d64358c3aad943b779b06858f4cd712a18236de089970f44a8383863e62f86d8ea38250f1e93c0b3aea8d654fcad6066e6ba5a607c0db94518a
SSDEEP

12288:XNSKm1ZkSKm7+D7nI55PomsWoBsQqe80m:kKm1ZkSKPvnYkWQqe7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1e17e7fc112ee37291f11a9dbaad042_JaffaCakes118

Files

a1e17e7fc112ee37291f11a9dbaad042_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

2bc630c18c030a86009325bc9f12c92b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Randomizer.pdb

Imports

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

kernel32

GetACP
CopyFileW
CreateEventW
GetSystemDirectoryW
GetExitCodeProcess
WaitForMultipleObjects
CreateProcessW
MoveFileW
GetVersion
LoadLibraryW
OpenEventW
SetEvent
lstrcpyW
GetTickCount
SetEnvironmentVariableW
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetErrorMode
SetFileAttributesW
DeleteFileW
GetStartupInfoA
GetFileType
SetHandleCount
GetSystemDefaultLangID
GetOEMCP
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
ReleaseMutex
CreateMutexW
WaitForSingleObject
LoadLibraryExW
FreeLibrary
CreateDirectoryW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
GetModuleFileNameW
GetFileTime
CompareFileTime
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
FindClose
GetFileSize
HeapAlloc
ReadFile
SetFilePointer
WriteFile
SetEndOfFile
CloseHandle
Sleep
CreateFileW
lstrcatW
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetProcessHeap
HeapFree
GetComputerNameW
lstrlenW
LocalFree
GetVersionExW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
MultiByteToWideChar
TlsAlloc
TlsGetValue
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
ExitProcess
GetLastError
FindResourceExW
FindResourceW
FlushFileBuffers
LoadResource
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
CreateThread
ExitThread
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
HeapSize
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte
GetConsoleMode
IsValidCodePage
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
GetConsoleCP
WriteConsoleA
LoadLibraryA
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
HeapReAlloc
HeapDestroy
GetVersionExA
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
ReleaseSemaphore
InterlockedExchangeAdd
UnmapViewOfFile
MapViewOfFile
GetTimeZoneInformation
OpenProcess
LocalAlloc
FileTimeToDosDateTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetLocalTime
GetFileInformationByHandle
GlobalAlloc
GlobalFree
lstrlenA
IsBadReadPtr
GlobalReAlloc
GlobalUnlock
GlobalLock
CreateSemaphoreW
lstrcpynW
DuplicateHandle
CreateFileA
CreateFileMappingW
lstrcpyA
ProcessIdToSessionId
GetCurrentProcessId
OpenFileMappingW
GetComputerNameExW
GetFileAttributesW
FindNextFileA
FindFirstFileA
lstrcpynA
GetSystemTime
SetLastError
GetTempPathW
RemoveDirectoryW
GetTempFileNameW
GetFileAttributesExW
TerminateThread
CreateMutexA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentThreadId
GlobalSize
SetFileTime
GetSystemTimeAsFileTime
ResetEvent
GetExitCodeThread
InterlockedExchange
GetLocaleInfoA
GetThreadLocale
FreeEnvironmentStringsA

user32

UnregisterClassA
CharLowerBuffW
GetDesktopWindow
IsWindow
GetWindowThreadProcessId
GetParent
CharNextW
CharLowerW
MessageBoxW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageW
wsprintfW

advapi32

SetTokenInformation
InitiateSystemShutdownExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RevertToSelf
OpenThreadToken
ImpersonateLoggedOnUser
CryptEncrypt
CryptDecrypt
CryptDeriveKey
DuplicateTokenEx
IsValidSid
LookupAccountSidW
RegEnumValueW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
OpenSCManagerW
DeleteService
ControlService
OpenServiceW
StartServiceW
CreateServiceW
CloseServiceHandle
RegEnumKeyW
ConvertStringSidToSidW
SetNamedSecurityInfoW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
ConvertSidToStringSidW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
CryptDestroyKey

shell32

SHGetFolderPathW
ShellExecuteW

ole32

StringFromGUID2
CoUninitialize
CreateStreamOnHGlobal
StringFromCLSID
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoCreateInstance
GetHGlobalFromStream

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
VarI4FromStr
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayRedim
VarBstrCat
VariantChangeType
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
SystemTimeToVariantTime
SafeArrayCreateVector
SafeArrayCreate
VarBstrFromI4
GetErrorInfo
SetErrorInfo
VarBstrCmp
CreateErrorInfo

shlwapi

StrStrIW
PathAppendW
PathFindExtensionW
PathRemoveFileSpecW
PathFileExistsW
PathStripPathW
PathIsDirectoryA
PathRemoveFileSpecA
PathFindFileNameA
PathAppendA
PathMatchSpecA
PathSkipRootA
PathFindFileNameW
PathIsDirectoryW
SHDeleteKeyW
SHCreateStreamOnFileW
PathSkipRootW
PathMatchSpecW

wtsapi32

WTSCloseServer
WTSQuerySessionInformationW
WTSOpenServerW
WTSFreeMemory

netapi32

NetWkstaUserEnum
NetApiBufferFree

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleFileNameExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Install

Sections

.text
Size: 436KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bc630c18c030a86009325bc9f12c92b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

netapi32

version

psapi

Exports

Exports

Sections

.text Size: 436KB - Virtual size: 432KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 436KB - Virtual size: 432KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 20KB