e0cda0378db44519727225a1e9b9aa59_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e0cda0378db44519727225a1e9b9aa59_JaffaCakes118
Size

1.1MB
MD5

e0cda0378db44519727225a1e9b9aa59
SHA1

8efbab3b80e0a4b7eabea3273246ba17f67be4ee
SHA256

146966113e2eaab50ba6250f95ca1b109490b44da00963f39731d23533d4f445
SHA512

7c1063c877f9eee78f7a9e32a178cd3cf60c38b2d94b2e4bfc86e20daa604cc8a099fb808cb2ac664d083163d13320135828f006b79b86620400c0587116ed59
SSDEEP

24576:PmqDmM1UWQgQoQeLFn/ly+bXV8hRT7RoRWeeX3YXuLVg:eqzLltyfhRTkMK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0cda0378db44519727225a1e9b9aa59_JaffaCakes118

Files

e0cda0378db44519727225a1e9b9aa59_JaffaCakes118
.dll windows:5 windows x86 arch:x86

c6b555e9b7c4f16811d4125169569340

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\source\rpsharedcomponents\rel32\rpsharedcomponents.pdb

Imports

ole32

StringFromCLSID
CoMarshalInterThreadInterfaceInStream
PropVariantClear
CoTaskMemAlloc
CoUnmarshalInterface
CoSetProxyBlanket
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

user32

DispatchMessageA
TranslateMessage
PeekMessageA
PostThreadMessageA
GetMessageA
CharUpperA
CharLowerA
GetSystemMetrics
CharNextA
CharPrevA
PostMessageA
UnregisterClassA
DestroyWindow
DefWindowProcA
CreateWindowExA
GetClassInfoExA
RegisterClassExA
RegisterWindowMessageA
SetWindowLongA
GetWindowLongA
RegisterDeviceNotificationW
UnregisterDeviceNotification
RegisterClassExW
CreateWindowExW
UnregisterClassW
wsprintfA
GetDC
ReleaseDC

advapi32

RegEnumKeyA
RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegQueryValueExW
RegOpenKeyExW
RegSetValueA
RegCreateKeyA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegCreateKeyExA
OpenProcessToken
DuplicateTokenEx
ConvertStringSidToSidA
GetLengthSid
SetTokenInformation
CreateProcessAsUserA
RegQueryValueA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
SetSecurityInfo
RegSetValueExA
RegQueryValueExA

msvcr90

_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__dllonexit
_onexit
_lock
__clean_type_info_names_internal
_unlock
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
_except_handler4_common
_except_handler3
_vsnprintf_s
fprintf
_snprintf
strncat
_ultoa
_localtime64_s
_wstat32i64
wcscspn
wcsspn
wcsrchr
_wfopen
srand
rand
iswspace
_wcslwr_s
_wcsupr_s
wcsncmp
_wsplitpath_s
wcscat_s
_chdir
_time64
strtoul
vsprintf_s
_vscprintf
_mbscmp
_mktime64
wcsstr
sscanf
asctime
vsprintf
strnlen
??0exception@std@@QAE@ABQBDH@Z
fgets
_strdup
rename
mbstowcs
wcstombs
isalnum
strtok
strftime
_time32
_gmtime32
getenv
printf
_ismbblead
strncmp
strstr
isxdigit
isspace
isalpha
fputs
fwrite
fseek
ftell
fopen
_errno
fread
fclose
strchr
_stat32
_fstat32
strncpy
strtol
atof
_atoi64
atoi
tolower
toupper
isdigit
memmove
_vsnprintf
atol
_ismbcspace
realloc
_wsplitpath
wcschr
remove
__CxxFrameHandler3
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
sprintf
vswprintf_s
_vscwprintf
_wcsicmp
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_resetstkoflw
malloc
??8type_info@@QBE_NABV0@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_beginthreadex
memmove_s
wcsnlen
memcpy_s
memset
??_V@YAXPAX@Z
_recalloc
calloc
free
??_U@YAPAXI@Z
strrchr
memcpy
_purecall
??2@YAPAXI@Z
_mktime32
_access
_chmod
__iob_func
_waccess
_wstat32
_telli64
_lseeki64
_chsize
_localtime32_s
_wcsnicmp
_strnicmp
_putenv
_stricmp
??3@YAXPAX@Z
_close
_creat
_open
_sopen
_lseek
_tell
_read
_write
_unlink
_mkdir
_rmdir
_getcwd
?terminate@@YAXXZ

msvcp90

??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

kernel32

GetFullPathNameW
GetFullPathNameA
FormatMessageA
GetTempPathW
LockFileEx
GetSystemTime
OpenMutexA
ResetEvent
GetSystemInfo
GetTempFileNameA
SleepEx
GetVolumeInformationA
QueryDosDeviceA
GetLogicalDriveStringsA
GetWindowsDirectoryA
GetVersion
AreFileApisANSI
SetEndOfFile
UnlockFile
LockFile
LoadLibraryW
HeapSize
HeapDestroy
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
HeapReAlloc
QueryPerformanceCounter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleHandleW
InterlockedCompareExchange
InterlockedExchange
Sleep
HeapFree
GetProcessHeap
HeapAlloc
GetLogicalDrives
GetDriveTypeW
GetVolumeNameForVolumeMountPointW
GetDiskFreeSpaceExW
FileTimeToLocalFileTime
FileTimeToSystemTime
CopyFileExW
FindFirstFileExW
FindNextFileW
FindFirstChangeNotificationW
FindNextChangeNotification
WaitForMultipleObjects
FindCloseChangeNotification
CreateDirectoryW
GetVolumeInformationW
DeleteFileW
DeviceIoControl
GetPrivateProfileStringA
CreateFileW
SetVolumeLabelW
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
GetLocalTime
GlobalMemoryStatus
SetFilePointer
OpenProcess
VirtualQuery
GetThreadContext
WriteFile
CreateThread
TerminateThread
SetUnhandledExceptionFilter
IsBadReadPtr
VirtualProtect
IsBadWritePtr
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCurrentProcess
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileSectionA
CreateMutexA
ReleaseMutex
GetModuleHandleA
GetModuleHandleExA
DeleteCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
CreateNamedPipeA
LocalFree
ConnectNamedPipe
ReadFile
FlushFileBuffers
DisconnectNamedPipe
GetSystemDirectoryA
SetErrorMode
MoveFileA
CreateDirectoryA
GetFileAttributesA
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
RemoveDirectoryA
GetVersionExA
GetDiskFreeSpaceA
GetEnvironmentVariableA
GetCurrentProcessId
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetTempPathA
EnterCriticalSection
LeaveCriticalSection
CreateEventA
lstrlenW
WideCharToMultiByte
SetEvent
WaitForSingleObject
GetCurrentThreadId
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
CreateProcessA
lstrlenA
MultiByteToWideChar
GetLastError
RaiseException
CreateFileA
GetFileSize
CloseHandle
GetTickCount
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
GetDriveTypeA

shell32

SHCreateDirectoryExW
SHGetFolderPathA
SHGetDesktopFolder
ShellExecuteA

oleaut32

SysAllocStringLen
VariantClear
VariantInit
SysAllocString
VariantCopy
SafeArrayGetElement
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SysFreeString

shlwapi

PathFindFileNameW
PathStripToRootA
PathRemoveBackslashW
PathFindExtensionA
PathRemoveFileSpecW
UrlGetPartW
UrlCombineW
PathFindSuffixArrayW
PathIsURLW
UrlUnescapeW
UrlIsW
UrlCreateFromPathW
StrToIntA
PathStripPathW
PathAppendW
PathBuildRootW
SHCreateStreamOnFileW
PathAddBackslashW
PathAddExtensionW
PathIsDirectoryW
PathIsRelativeW
PathSkipRootW
PathFindExtensionW
PathAppendA
PathAddBackslashA
PathCreateFromUrlW
PathCanonicalizeW
PathRemoveExtensionW
PathGetDriveNumberW
PathFileExistsW

gdi32

GetObjectA
DeleteObject
GetDeviceCaps

gdiplus

GdipGetPropertySize
GdipGetAllPropertyItems
GdipSetPropertyItem
GdiplusShutdown
GdipCloneImage
GdipGetImagePixelFormat
GdipSaveImageToStream
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetImageRawFormat
GdipGetImageVerticalResolution
GdiplusStartup
GdipGetImageHorizontalResolution
GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipDisposeImage
GdipFree
GdipLoadImageFromFile

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

setupapi

CM_Get_Device_IDW
CM_Get_Device_ID_Size
CM_Get_Parent
SetupDiDestroyDeviceInfoList
SetupDiDeleteDeviceInfo
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW

Exports

Exports

RMACreateInstance
RMAShutdown
SetDLLAccessPath

Sections

.text
Size: 784KB - Virtual size: 783KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c6b555e9b7c4f16811d4125169569340

Headers

File Characteristics

PDB Paths

Imports

ole32

user32

advapi32

msvcr90

msvcp90

kernel32

shell32

oleaut32

shlwapi

gdi32

gdiplus

version

setupapi

Exports

Exports

Sections

.text Size: 784KB - Virtual size: 783KB

.rdata Size: 133KB - Virtual size: 133KB

.data Size: 38KB - Virtual size: 47KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 58KB - Virtual size: 57KB

.rmnet Size: 71KB - Virtual size: 72KB

.text
Size: 784KB - Virtual size: 783KB

.rdata
Size: 133KB - Virtual size: 133KB

.data
Size: 38KB - Virtual size: 47KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 58KB - Virtual size: 57KB

.rmnet
Size: 71KB - Virtual size: 72KB