d1c5eb1727cfc80b9952b0baaa28f140_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d1c5eb1727cfc80b9952b0baaa28f140_JaffaCakes118
Size

234KB
MD5

d1c5eb1727cfc80b9952b0baaa28f140
SHA1

dcc1ab9dfe9356b24038cae73b3243e7a0b5e48a
SHA256

ecd9426a3a335745210db02547c8d701f12dd00af398d78f9c8e78009effb5cb
SHA512

805c93fbdcb351ff8eef2b9439bf63bf1b1b98f1cc398a768c98a1ab040e2bfc26be45985dfa574dcdd042d75f4d26d0152c836fbdf711ed2fb5903c892ceb19
SSDEEP

3072:12sJhPuC7LeEgFi7rX9+GT67iQd32aK3aSMQjwZCSGyvqe:XGjFtXiQq/DQJZf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1c5eb1727cfc80b9952b0baaa28f140_JaffaCakes118

Files

d1c5eb1727cfc80b9952b0baaa28f140_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8dc920cd0feb17396b0b7c1ffc80fc1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\ATI\Current\Client\YahooMonitor\Release\mcy.pdb

Imports

kernel32

DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
lstrcatW
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetLastError
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetComputerNameW
lstrlenW
LocalFree
lstrcpynW
LocalFileTimeToFileTime
FileTimeToSystemTime
MultiByteToWideChar
lstrcmpiW
CreateMutexW
WaitForSingleObject
ReleaseMutex
CloseHandle
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
RtlUnwind
CreateThread
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
ReleaseSemaphore
InterlockedExchangeAdd
Sleep
HeapFree
GetProcessHeap
UnmapViewOfFile
MapViewOfFile
HeapAlloc
GetTimeZoneInformation
WideCharToMultiByte
lstrcpyW
DeleteFileW
GetTickCount
ReadFile
SetFilePointer
GetFileSize
WriteFile
GlobalAlloc
GlobalFree
lstrlenA
GlobalReAlloc
GlobalUnlock
GlobalLock
CreateFileW
CreateSemaphoreW
GetCurrentProcess
CreateFileA
CreateFileMappingW
ProcessIdToSessionId
GetCurrentProcessId
OpenFileMappingW
lstrcpynA
GetTempFileNameW
GetTempPathW
SetEvent
CreateMutexA
GetCurrentThreadId
CreateDirectoryW
GlobalSize
GetSystemTime
CreateEventW
GetSystemTimeAsFileTime

user32

UnhookWindowsHookEx
GetClassNameW
KillTimer
LoadStringW
CharLowerW
GetDesktopWindow
CharLowerBuffW
UnregisterClassA
CharNextW
SetWindowsHookExW
SetTimer
CallNextHookEx
FindWindowExW
RegisterWindowMessageW
SendMessageTimeoutW
GetWindowTextW
EnumWindows

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupAccountNameW
ConvertSidToStringSidW
CryptDestroyKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptEncrypt
CryptDecrypt
CryptDeriveKey

ole32

CoTaskMemAlloc
CoTaskMemRealloc
GetHGlobalFromStream
StringFromCLSID
StringFromGUID2
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance

oleaut32

UnRegisterTypeLi
SafeArrayCreate
SafeArrayGetElement
SafeArrayPutElement
SafeArrayDestroy
VarBstrCmp
SafeArrayAccessData
SafeArrayUnaccessData
RegisterTypeLi
SysStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SystemTimeToVariantTime
VarBstrFromI4
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi

shlwapi

SHCreateStreamOnFileW
PathStripPathW
StrStrIW
PathFileExistsW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSCloseServer
WTSOpenServerW

netapi32

NetWkstaUserEnum
NetApiBufferFree

oleacc

ObjectFromLresult

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GBL
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8dc920cd0feb17396b0b7c1ffc80fc1a

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

wtsapi32

netapi32

oleacc

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 12KB - Virtual size: 19KB

.GBL Size: 4KB - Virtual size: 520B

.SHARSTA Size: 4KB - Virtual size: 52B

.rsrc Size: 32KB - Virtual size: 28KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 12KB - Virtual size: 19KB

.GBL
Size: 4KB - Virtual size: 520B

.SHARSTA
Size: 4KB - Virtual size: 52B

.rsrc
Size: 32KB - Virtual size: 28KB

.reloc
Size: 20KB - Virtual size: 18KB