d184cd71b21884e0d95088c49de04bce_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d184cd71b21884e0d95088c49de04bce_JaffaCakes118
Size

229KB
MD5

d184cd71b21884e0d95088c49de04bce
SHA1

f6506a7b1c0bb636f7a2d3d33309a1cc21f77972
SHA256

43725f8e469163b9439e0431dff0a095a90bc962ccd6322d490bf99240c86658
SHA512

0d8562acdf7a2dd5419c6b824640b1d1955709aae4494175716ab1738327741d766eebad652f8487797efa7f8a6d761106f5bdc8492741d06b5de5d9bccca21c
SSDEEP

3072:KD5o6Hv3kaWFXqioZ7ranJ5fDtg36r4vYQ8+JGSNimVGEfjy:P68DqwnPr0vY+f6cjy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d184cd71b21884e0d95088c49de04bce_JaffaCakes118

Files

d184cd71b21884e0d95088c49de04bce_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d26e2306a237249bba54d4531db835b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mcy.pdb

Imports

kernel32

CreateMutexW
ReleaseMutex
CreateThread
GetCurrentProcessId
ResetEvent
CreateEventW
SetEvent
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
FileTimeToSystemTime
LocalFileTimeToFileTime
DisableThreadLibraryCalls
lstrcpynW
WriteFile
CreateFileW
DeleteFileW
ReadFile
GetFileSize
GetTempFileNameW
CreateMutexA
lstrcpynA
lstrlenA
ProcessIdToSessionId
GetTickCount
WideCharToMultiByte
GetSystemTime
GlobalUnlock
GlobalLock
GlobalSize
GetTempPathW
CreateSemaphoreW
CreateDirectoryW
lstrcatW
lstrcpyW
FindResourceExW
ReleaseSemaphore
Sleep
UnmapViewOfFile
MapViewOfFile
GetTimeZoneInformation
SetFilePointer
GlobalAlloc
GlobalFree
GlobalReAlloc
CreateFileA
CreateFileMappingW
OpenFileMappingW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
OpenThread
SetLastError
GetProcessHeap
HeapAlloc
HeapFree
GetModuleHandleW
GetProcAddress
LocalFree
RaiseException
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetLastError
VirtualFree
IsBadCodePtr
VirtualAlloc
VirtualProtect
IsBadReadPtr
InterlockedExchangeAdd
WaitForSingleObject
GetCurrentProcess
DuplicateHandle
InterlockedExchange
CloseHandle
GetCurrentThreadId
TerminateThread
GetCurrentThread
GetThreadPriority
SetThreadPriority
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryW
GetComputerNameW
lstrlenW
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA

user32

SendMessageTimeoutW
FindWindowExW
UnregisterClassA
PostThreadMessageW
PeekMessageW
DispatchMessageW
KillTimer
GetWindowTextW
SetTimer
MsgWaitForMultipleObjects
CharNextW
GetClassNameW
RegisterWindowMessageW
CharLowerW
CharLowerBuffW
GetDesktopWindow

advapi32

CryptReleaseContext
CryptDeriveKey
CryptDecrypt
CryptEncrypt
CryptDestroyKey
ConvertStringSidToSidW
SetNamedSecurityInfoW
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupAccountNameW
ConvertSidToStringSidW

ole32

CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromCLSID
GetHGlobalFromStream
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
SysAllocString
VarUI4FromStr
VariantInit
VariantClear
VariantChangeType
SysAllocStringLen
SystemTimeToVariantTime
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrCmp
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
SysStringByteLen
SafeArrayCreate

shlwapi

PathFileExistsW
SHCreateStreamOnFileW
PathStripPathW
StrStrIW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSOpenServerW
WTSCloseServer

netapi32

NetWkstaUserEnum
NetApiBufferFree

oleacc

ObjectFromLresult

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d26e2306a237249bba54d4531db835b4

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

wtsapi32

netapi32

oleacc

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 12KB - Virtual size: 18KB

.SHARSTA Size: 4KB - Virtual size: 52B

.rsrc Size: 28KB - Virtual size: 26KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 12KB - Virtual size: 18KB

.SHARSTA
Size: 4KB - Virtual size: 52B

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 20KB - Virtual size: 18KB