c9842a25b7c9a32eaae0b2d7fc9f4479_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c9842a25b7c9a32eaae0b2d7fc9f4479_JaffaCakes118
Size

555KB
MD5

c9842a25b7c9a32eaae0b2d7fc9f4479
SHA1

4c86a3085f649cce159ecffca5816d0681bbdfc9
SHA256

063b509b292b0097d3fd75b7b3abdc0cb342bff8fe83475ad3d851199b429780
SHA512

0b3b670fdb4fc9adcd9fb273423c05afc9d3d51e4f6ed6272f90e4bcfea906b2fd786cf32e23b757e81d8335e1ec945c4327d57c57a1f9a0dfbe1eac6ae505b7
SSDEEP

6144:0AL6e4tiP8QBw43dFEpKYWLzugfd0ImgcYQUNs4ZK6bVFy4KdUtL:0AjkiP8QLYWLd1cENRZxZFGutL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9842a25b7c9a32eaae0b2d7fc9f4479_JaffaCakes118

Files

c9842a25b7c9a32eaae0b2d7fc9f4479_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c846fb88eb00f1d25f3e0f8e5d5ee0c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mcff.pdb

Imports

kernel32

InterlockedExchange
LockResource
FindResourceExW
FlushInstructionCache
GetCurrentProcess
GetCurrentProcessId
TerminateThread
SetEvent
GetCurrentThreadId
SetLastError
SetThreadPriority
GetThreadPriority
GetCurrentThread
CompareFileTime
GetFileTime
CreateEventW
GetSystemDefaultLangID
GetACP
ResetEvent
CopyFileW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
DuplicateHandle
ReadProcessMemory
OpenThread
LoadLibraryW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetSystemDirectoryW
ReleaseSemaphore
UnmapViewOfFile
MapViewOfFile
GetTimeZoneInformation
SetFileAttributesW
CreateProcessW
GetTickCount
LocalAlloc
FileTimeToDosDateTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetLocalTime
GetFileInformationByHandle
GlobalAlloc
GlobalFree
lstrlenA
IsBadReadPtr
GlobalReAlloc
GlobalUnlock
GlobalLock
CreateSemaphoreW
lstrcpynW
lstrcpyW
InterlockedCompareExchange
CreateFileMappingW
lstrcpyA
ProcessIdToSessionId
OpenFileMappingW
GetComputerNameExW
GetFileAttributesW
FindNextFileA
FindFirstFileA
lstrcpynA
GetSystemTime
CreateDirectoryW
GetTempPathW
RemoveDirectoryW
GetTempFileNameW
GetFileAttributesExW
CreateMutexA
Process32NextW
Process32FirstW
GlobalSize
SetFileTime
GetSystemTimeAsFileTime
WaitForMultipleObjects
GetExitCodeThread
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
OpenProcess
TerminateProcess
GetProcAddress
InterlockedExchangeAdd
DeleteFileW
ReleaseMutex
CreateMutexW
WaitForSingleObject
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
WideCharToMultiByte
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
FindClose
GetFileSize
HeapAlloc
ReadFile
SetFilePointer
WriteFile
SetEndOfFile
CloseHandle
GetLastError
Sleep
CreateFileW
lstrcatW
GetProcessHeap
HeapFree
GetComputerNameW
lstrlenW
LocalFree
GetVersionExW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
CreateFileA
GetStdHandle
HeapCreate
FatalAppExitA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
CreateThread
ExitThread
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA

user32

DestroyWindow
DefWindowProcW
RegisterClassExW
CreateWindowExW
GetWindowLongW
CallWindowProcW
PeekMessageW
DispatchMessageW
UnregisterClassA
CharNextW
IsWindowVisible
GetWindowThreadProcessId
EnumWindows
SetWindowLongW
TranslateMessage
ShowWindow
IsWindow
GetClassInfoExW
LoadCursorW
SendMessageTimeoutW
MsgWaitForMultipleObjects
CharLowerBuffW
CharLowerW
MessageBoxW
GetParent
wsprintfW
GetDesktopWindow
PostMessageW

advapi32

RegCreateKeyExW
ConvertStringSidToSidW
SetNamedSecurityInfoW
IsValidSid
SetTokenInformation
LookupAccountSidW
CryptDeriveKey
CryptDecrypt
CryptEncrypt
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
InitiateSystemShutdownExW
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptDestroyKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumKeyW
OpenProcessToken
DuplicateTokenEx
CreateProcessAsUserW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegEnumKeyExW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
ConvertSidToStringSidW
RegOpenKeyExW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoRevokeClassObject
StringFromCLSID
CoRegisterPSClsid
CoRegisterClassObject
CreateStreamOnHGlobal
GetHGlobalFromStream
CoUninitialize

oleaut32

SafeArrayGetElement
SystemTimeToVariantTime
SafeArrayCreateVector
SafeArrayCreate
SetErrorInfo
GetErrorInfo
SysAllocString
SysStringLen
SysFreeString
VarUI4FromStr
SafeArrayPutElement
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarI4FromStr
SysAllocStringLen
VariantInit
VarBstrCmp
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayRedim
VarBstrCat
SafeArrayDestroy
VarBstrFromI4
VariantChangeType
CreateErrorInfo

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathStripPathW
SHCreateStreamOnFileW
PathSkipRootW
PathMatchSpecW
PathFindFileNameW
PathIsDirectoryA
PathRemoveFileSpecA
PathFindFileNameA
PathAppendA
PathMatchSpecA
PathSkipRootA
PathIsDirectoryW

wtsapi32

WTSOpenServerW
WTSFreeMemory
WTSQuerySessionInformationW
WTSCloseServer

netapi32

NetApiBufferFree
NetWkstaUserEnum

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleFileNameExW

userenv

CreateEnvironmentBlock

Exports

Exports

DisableDLP
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EnableDLP
GetCurrentGroupID
GetDLPState
GetFireFoxMonitorState
GetLastUpdatedTimeStamp
GetScreenCaptureMonitorState

Sections

.text
Size: 416KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FFSHARE
Size: 4KB - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c846fb88eb00f1d25f3e0f8e5d5ee0c6

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

netapi32

rpcrt4

version

psapi

userenv

Exports

Exports

Sections

.text Size: 416KB - Virtual size: 412KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 16KB - Virtual size: 20KB

.FFSHARE Size: 4KB - Virtual size: 544B

.SHARSTA Size: 4KB - Virtual size: 52B

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 416KB - Virtual size: 412KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 16KB - Virtual size: 20KB

.FFSHARE
Size: 4KB - Virtual size: 544B

.SHARSTA
Size: 4KB - Virtual size: 52B

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 20KB - Virtual size: 19KB