e00fb811282a94687825c52ea37c1bb0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e00fb811282a94687825c52ea37c1bb0_JaffaCakes118
Size

236KB
MD5

e00fb811282a94687825c52ea37c1bb0
SHA1

b82481b2c3bc3390d8f12a5880d5c34826dbdd85
SHA256

aecb4ba3972f07ee2bc601bf511b62878eef811b552d325cbf2725602594dfa1
SHA512

e59f0e55251f03f33d3ef9a4c37ffcf526438745a3f18600da08bc1fbd0cc35a76e7be65d9ac04820c045e960451b5482991e218671af64f695657d324d6b94b
SSDEEP

6144:s0soLj0QeLxm6MaapLRVHcBoZbZ7oZbZ5:hsojlwBMNrcBoZbZ7oZbZ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e00fb811282a94687825c52ea37c1bb0_JaffaCakes118

Files

e00fb811282a94687825c52ea37c1bb0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

6a5eb7488af3064d4d3e5ae39c2fe459

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\.depot\current\client\svcboot\release\SvcBoot.pdb

Imports

kernel32

FlushInstructionCache
SetCurrentDirectoryW
LoadLibraryW
ExitProcess
GetFileAttributesW
SetFileAttributesW
InterlockedIncrement
CreateDirectoryW
FindFirstFileW
InterlockedExchangeAdd
MoveFileW
SetProcessShutdownParameters
SetLastError
CreateProcessW
FindNextFileW
GetExitCodeThread
FindClose
SetThreadPriority
InterlockedExchange
DeleteFileW
RemoveDirectoryW
ResumeThread
GetTempPathW
GetTempFileNameW
GetHandleInformation
CreateFileW
WriteFile
SetFilePointer
ReadFile
GetCurrentThreadId
ReleaseMutex
ReleaseSemaphore
InterlockedDecrement
Sleep
UnmapViewOfFile
MapViewOfFile
WideCharToMultiByte
lstrcatW
GetFileSize
GlobalAlloc
GlobalFree
lstrlenA
GlobalReAlloc
GlobalUnlock
GlobalLock
CreateSemaphoreW
CreateMutexW
CreateFileA
CreateFileMappingW
OpenFileMappingW
lstrcpynA
CreateMutexA
GlobalSize
GetSystemTime
GetSystemTimeAsFileTime
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
TlsFree
QueryDosDeviceW
Module32NextW
Module32FirstW
SetWaitableTimer
CreateWaitableTimerW
LocalAlloc
RaiseException
MultiByteToWideChar
GetSystemDirectoryW
GetProcAddress
GetModuleHandleW
FreeLibrary
lstrcatA
DisableThreadLibraryCalls
SetErrorMode
SetUnhandledExceptionFilter
GetExitCodeProcess
GetTickCount
HeapFree
lstrcpynW
DeleteCriticalSection
TerminateProcess
GetCurrentThread
lstrcpyW
Process32NextW
LeaveCriticalSection
TerminateThread
GetModuleFileNameW
WaitForMultipleObjects
ResetEvent
GetCurrentProcess
DuplicateHandle
InitializeCriticalSectionAndSpinCount
GetLastError
CreateEventW
FindResourceExW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
LoadResource
LockResource
SizeofResource
EnterCriticalSection
ProcessIdToSessionId
GetCurrentProcessId
FindResourceW
HeapAlloc
GetProcessHeap
lstrlenW
SetEvent
lstrcmpiW
GetComputerNameW
CloseHandle
WaitForSingleObject
CreateEventA
LocalFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
GetModuleHandleA
HeapCreate
RtlUnwind
GetCommandLineA
IsDebuggerPresent
UnhandledExceptionFilter
CreateThread
ExitThread
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
InitializeCriticalSection

user32

GetWindowLongW
DestroyWindow
GetDesktopWindow
DefWindowProcW
ShowWindow
UnregisterClassA
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
CharLowerW
CreateWindowExW
RegisterWindowMessageW
CallWindowProcW
CharLowerBuffW
IsWindow
LoadCursorW
GetClassInfoExW
SendMessageTimeoutW
RegisterClassExW
SetWindowLongW

advapi32

OpenSCManagerW
ConvertStringSidToSidW
SetNamedSecurityInfoW
CryptDeriveKey
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptReleaseContext
CryptDestroyHash
ImpersonateLoggedOnUser
RevertToSelf
CryptHashData
CryptCreateHash
CryptAcquireContextW
SetSecurityDescriptorGroup
CreateProcessAsUserW
OpenThreadToken
SetServiceStatus
SetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
IsValidSid
RegisterServiceCtrlHandlerExW
GetTokenInformation
OpenProcessToken
StartServiceW
RegDeleteValueW
DeleteService
ControlService
OpenServiceW
RegSetValueExW
GetLengthSid
RegCreateKeyExW
CopySid
CloseServiceHandle
CreateServiceW
SetSecurityDescriptorOwner
LookupAccountNameW
ConvertSidToStringSidW
RegOpenKeyExW
RegGetKeySecurity
RegOpenKeyW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetKeySecurity
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl

ole32

CoInitializeEx
CoInitializeSecurity
CreateStreamOnHGlobal
CoCreateInstance
GetHGlobalFromStream
CoUninitialize

oleaut32

SafeArrayCreate
SysFreeString
VarBstrFromI4
SysAllocString
SysAllocStringLen
SafeArrayGetElement
SysStringByteLen
SysStringLen
VariantInit
VariantClear
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringByteLen
VarBstrCmp
SafeArrayPutElement
SafeArrayDestroy

shlwapi

SHCreateStreamOnFileW
PathAppendW
PathStripPathW
PathRemoveFileSpecW
PathFileExistsW

psapi

GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW

wtsapi32

WTSCloseServer
WTSFreeMemory
WTSQuerySessionInformationW
WTSOpenServerW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

netapi32

NetApiBufferFree
NetWkstaUserEnum

Exports

Exports

DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a5eb7488af3064d4d3e5ae39c2fe459

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

psapi

wtsapi32

userenv

netapi32

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 420B

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 420B

.reloc
Size: 20KB - Virtual size: 18KB