c8d4fee7b885b3ab98e47df781aa3db2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c8d4fee7b885b3ab98e47df781aa3db2_JaffaCakes118
Size

238KB
MD5

c8d4fee7b885b3ab98e47df781aa3db2
SHA1

dc3ccf3b9b208ff79cb09e213768545553cd00ae
SHA256

967ead9817a84be303a9562bf3fee83f2cb668ab238b9df6c61914f8d1bf28a6
SHA512

8da8912e2a25be6aa6c43e946a8db935a60ac423521c4f0a516aa363becbd8fc002bcb241d99ada9d0dd6a796ec102fe33634c72b1976c5802755be5f2715969
SSDEEP

3072:+YdtJXvQHC2y826eL/uVZxOEnYvBejBvGVQ+PS8UuAk9oRwZ8oRwZK:VYHzy8pCvv6BvSqmx9oRwZ8oRwZK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8d4fee7b885b3ab98e47df781aa3db2_JaffaCakes118

Files

c8d4fee7b885b3ab98e47df781aa3db2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

3a8fe7a5be1ad677e55f52283710e68c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mcy.pdb

Imports

kernel32

LocalFree
lstrlenW
GetComputerNameW
CreateMutexW
ReleaseMutex
CreateThread
GetCurrentProcessId
ResetEvent
CreateEventW
SetEvent
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FindResourceExW
MultiByteToWideChar
LoadLibraryExW
FileTimeToSystemTime
LocalFileTimeToFileTime
UnmapViewOfFile
DisableThreadLibraryCalls
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
ProcessIdToSessionId
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
OpenThread
SetLastError
GetProcessHeap
HeapAlloc
HeapFree
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetLastError
VirtualFree
IsBadCodePtr
VirtualAlloc
VirtualProtect
IsBadReadPtr
InterlockedExchangeAdd
InterlockedExchange
WaitForSingleObject
DuplicateHandle
GetCurrentThreadId
TerminateThread
GetCurrentThread
GetThreadPriority
SetThreadPriority
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryW
CloseHandle
GetCurrentProcess
GetModuleHandleW
GetProcAddress
FreeLibrary
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
lstrcpynW
WriteFile
CreateFileW
DeleteFileW
ReadFile
GetFileSize
GetTempFileNameW
CreateMutexA
lstrcpynA
lstrlenA
GetTickCount
WideCharToMultiByte
GetSystemTime
GlobalUnlock
GlobalLock
GlobalSize
GetTempPathW
CreateSemaphoreW
CreateDirectoryW
lstrcatW
lstrcpyW
GetSystemTimeAsFileTime
ReleaseSemaphore
Sleep
GetTimeZoneInformation
SetFilePointer
GlobalAlloc
GlobalFree
GlobalReAlloc
CreateFileA
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
GetACP
GetLocaleInfoA
GetThreadLocale
RtlUnwind
TerminateProcess
UnhandledExceptionFilter

user32

CharLowerBuffW
GetDesktopWindow
GetWindowTextW
FindWindowExW
RegisterWindowMessageW
SendMessageTimeoutW
GetClassNameW
CharNextW
SetTimer
KillTimer
PostThreadMessageW
PeekMessageW
MsgWaitForMultipleObjects
DispatchMessageW
CharLowerW
UnregisterClassA

advapi32

RevertToSelf
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
ImpersonateLoggedOnUser
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
LookupAccountNameW
ConvertSidToStringSidW
RegOpenKeyExW
RegCloseKey
SetNamedSecurityInfoW
ConvertStringSidToSidW
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptDeriveKey
AdjustTokenPrivileges

ole32

CoCreateInstance
CoTaskMemRealloc
StringFromCLSID
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
GetHGlobalFromStream
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

SysStringByteLen
SafeArrayCreate
SafeArrayGetElement
SafeArrayPutElement
SafeArrayDestroy
VarBstrCmp
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString
VarUI4FromStr
VariantInit
VariantClear
VariantChangeType
SysAllocStringLen
SystemTimeToVariantTime

shlwapi

SHCreateStreamOnFileW
StrStrIW
PathFileExistsW
PathStripPathW

wtsapi32

WTSOpenServerW
WTSQuerySessionInformationW
WTSFreeMemory
WTSCloseServer

netapi32

NetApiBufferFree
NetWkstaUserEnum

oleacc

ObjectFromLresult

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a8fe7a5be1ad677e55f52283710e68c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

wtsapi32

netapi32

oleacc

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 124KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 28KB - Virtual size: 26KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 128KB - Virtual size: 124KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 20KB - Virtual size: 18KB