eb31207f2a64a11b998a18e82f1af36f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eb31207f2a64a11b998a18e82f1af36f_JaffaCakes118
Size

239KB
MD5

eb31207f2a64a11b998a18e82f1af36f
SHA1

5bda74ac60fc14f97f2a5cce06e90ce0d2606278
SHA256

b7ce97ea00704daf60029172d1ce86111d3cb57fb0478588530e72989a9f6461
SHA512

658a944d96b856ff6d0f7821aafcf9ae4034c4aca227d791bd17db292b3e49f0a362d2708a3bc583cb5392532610d3b771eb983c0ece53f511d214738ac19d1c
SSDEEP

3072:nZM+PxQnaep/qw5CtP81VCIPqRWaOQclChxw/CrJQQoeKBSLQ:ZM+PyAKRPZa204uu7BSLQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb31207f2a64a11b998a18e82f1af36f_JaffaCakes118

Files

eb31207f2a64a11b998a18e82f1af36f_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

9513654339cd009a14ccee9ac719878d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\.Depot\Current\Client\MSNMonitor\Release\mcmsg.pdb

Imports

kernel32

lstrcatW
lstrcpynW
WriteFile
CreateFileW
DeleteFileW
ReadFile
GetFileSize
GetTempFileNameW
GetTempPathW
SetEvent
CreateMutexA
lstrcpynA
lstrlenA
GetTickCount
GetCurrentThreadId
WideCharToMultiByte
ProcessIdToSessionId
GetCurrentProcessId
CreateDirectoryW
lstrcpyW
GlobalUnlock
GlobalLock
GlobalSize
GetSystemTime
CreateSemaphoreW
CreateEventW
GetSystemTimeAsFileTime
ReleaseSemaphore
GetCurrentProcess
InterlockedExchangeAdd
UnmapViewOfFile
MapViewOfFile
GetTimeZoneInformation
SetFilePointer
GlobalAlloc
GlobalFree
GlobalReAlloc
CreateFileA
CreateFileMappingW
OpenFileMappingW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetProcAddress
FindResourceExW
LockResource
GetComputerNameW
LocalFree
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
lstrcmpiW
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
GetModuleHandleW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
HeapAlloc
GetProcessHeap
HeapFree
CreateMutexW
lstrlenW
WaitForSingleObject
ReleaseMutex
CloseHandle
LocalFileTimeToFileTime
FileTimeToSystemTime
MultiByteToWideChar
Sleep
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetModuleFileNameA
GetStdHandle
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

GetDesktopWindow
CharLowerBuffW
UnregisterClassA
KillTimer
SetTimer
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
CharNextW
CharLowerW
LoadStringW

advapi32

CryptDeriveKey
CryptDecrypt
CryptEncrypt
CryptDestroyKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
LookupAccountNameW
ConvertSidToStringSidW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyW
RegSetValueExW
RegCloseKey

ole32

CoCreateInstance
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface
CoInitializeEx
CoGetInterfaceAndReleaseStream
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
GetHGlobalFromStream
CreateStreamOnHGlobal
StringFromCLSID

oleaut32

SysStringLen
SysFreeString
VarBstrCat
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
SysAllocString
SysStringByteLen
VarBstrFromI4
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrCmp
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocStringByteLen
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate

shlwapi

PathStripPathW
PathFileExistsW
SHCreateStreamOnFileW

wtsapi32

WTSCloseServer
WTSFreeMemory
WTSOpenServerW
WTSQuerySessionInformationW

netapi32

NetApiBufferFree
NetWkstaUserEnum

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GBL
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9513654339cd009a14ccee9ac719878d

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

wtsapi32

netapi32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 124KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 12KB - Virtual size: 19KB

.GBL Size: 4KB - Virtual size: 4B

.SHARSTA Size: 4KB - Virtual size: 52B

.rsrc Size: 28KB - Virtual size: 26KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 128KB - Virtual size: 124KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 12KB - Virtual size: 19KB

.GBL
Size: 4KB - Virtual size: 4B

.SHARSTA
Size: 4KB - Virtual size: 52B

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 20KB - Virtual size: 18KB