a7ebcd38f9539faa8e16a349c8d0ca2b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a7ebcd38f9539faa8e16a349c8d0ca2b_JaffaCakes118
Size

291KB
MD5

a7ebcd38f9539faa8e16a349c8d0ca2b
SHA1

62f2e3794222091a49ccdf5c2aaf2eaf8145707a
SHA256

1648f81338442063fc56b0f1a41871fd51ff11e4a410d8db2374fa661d0e45f6
SHA512

79e57da59f039441b6d2f1159d54fa4a1d78309ecd47da7bbeaeffd68cfc79ea6c0352737ef53bf9347f5129199a675e0eb4fab6bc71297d75a32d5827250542
SSDEEP

6144:lF+3qPRDvylUGAblZw2m+7vKLOELzuZ+0FL/:lF+3qPRDPGGlZ7m8vKyEeZ+0FL/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7ebcd38f9539faa8e16a349c8d0ca2b_JaffaCakes118

Files

a7ebcd38f9539faa8e16a349c8d0ca2b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7872e97a9b4cf0621ce19e50c52943cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dprx.pdb

Imports

proxy

?Close@CProxy@@QAEXXZ
?SynchronizeTime@CProxy@@QAEJPAG@Z
?SendRemoteHttpRequest@CProxy@@QAEJPAGJPAUtagVARIANT@@1J10@Z
??1CProxy@@QAE@XZ
??0CProxy@@QAE@XZ
?LoadDll@CProxy@@QAEJPBG@Z
?Open@CProxy@@QAEJHPAX@Z
?GeoLocate@CProxy@@QAEJXZ

kernel32

HeapAlloc
HeapFree
GetProcessHeap
ProcessIdToSessionId
LocalAlloc
OpenProcess
SetSystemTime
SetEvent
ResetEvent
CancelIo
WaitForMultipleObjects
CreateEventW
DuplicateHandle
TerminateThread
GetExitCodeThread
Sleep
FindClose
FindNextFileW
CreateFileW
FindFirstFileW
lstrcpyW
GetSystemTimeAsFileTime
GetTempPathW
FileTimeToSystemTime
GetTickCount
SetThreadPriority
GetCurrentThreadId
GetFileAttributesExW
GetFileTime
CompareFileTime
DeleteFileW
GetTempFileNameW
SetLastError
ReadFile
GetFileSize
MoveFileExW
FlushFileBuffers
WriteFile
SetFileAttributesW
ReleaseSemaphore
InterlockedExchangeAdd
UnmapViewOfFile
MapViewOfFile
lstrcatW
SetFilePointer
GlobalAlloc
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
CreateSemaphoreW
lstrcpynW
CreateFileA
CreateFileMappingW
OpenFileMappingW
lstrcpynA
GetSystemTime
CreateDirectoryW
CreateMutexA
GlobalSize
SetFileTime
WriteConsoleA
SetStdHandle
GetCurrentThread
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ReleaseMutex
CreateMutexW
FindResourceExW
LockResource
DisableThreadLibraryCalls
lstrlenA
LoadLibraryW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetLastError
GetModuleFileNameW
GetSystemDirectoryW
lstrcmpiW
WaitForSingleObject
lstrcatA
CreateEventA
InterlockedDecrement
InterlockedIncrement
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
GetModuleHandleW
GetProcAddress
GetCurrentProcess
FreeLibrary
GetVersionExW
GetComputerNameW
lstrlenW
LocalFree
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
HeapCreate
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
LoadLibraryA
VirtualFree
VirtualAlloc
RtlUnwind
ExitThread

user32

UnregisterClassA
CharLowerW
CharNextW
KillTimer
SetTimer
GetWindowThreadProcessId
IsWindow
CharLowerBuffW
GetDesktopWindow
SendMessageW
RegisterWindowMessageW
PostMessageW

advapi32

RegSetValueExW
RegOpenKeyExW
ConvertSidToStringSidW
LookupAccountNameW
ConvertStringSidToSidW
SetNamedSecurityInfoW
CryptDeriveKey
CryptDecrypt
CryptEncrypt
GetSidSubAuthorityCount
GetSidSubAuthority
CryptDestroyKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
IsValidSid
DuplicateTokenEx
SetTokenInformation
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey

shell32

SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
CoInitializeEx
GetHGlobalFromStream
StringFromCLSID

oleaut32

SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
VarI4FromStr
SafeArrayCreate
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
SafeArrayRedim
VariantInit
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
VarBstrFromI4
VarBstrFromR8
SysAllocString
SysAllocStringLen
SysStringLen
VarBstrCat
SysFreeString
VarBstrCmp
SafeArrayCreateVector
VariantClear
SafeArrayAccessData

shlwapi

SHCreateStreamOnFileW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW

rpcrt4

UuidCreate

iphlpapi

NotifyAddrChange

wtsapi32

WTSCloseServer
WTSQuerySessionInformationW
WTSOpenServerW
WTSFreeMemory

netapi32

NetWkstaUserEnum
NetApiBufferFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7872e97a9b4cf0621ce19e50c52943cf

Headers

File Characteristics

PDB Paths

Imports

proxy

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

iphlpapi

wtsapi32

netapi32

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 186KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 188KB - Virtual size: 186KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 24KB - Virtual size: 20KB