f6fe0499fa690454b0559cdd5673f59b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f6fe0499fa690454b0559cdd5673f59b_JaffaCakes118
Size

244KB
MD5

f6fe0499fa690454b0559cdd5673f59b
SHA1

4ae8f324824c2a45a0598401996a8b7fe103d95e
SHA256

2f5aa0539e4d11cdaff65202fbe66f0a2d9af81d3c19e927414d4bd9f9ea304e
SHA512

f78891216c9e34ee869b83fc87573662a46618a55642ad205269fe6ed4e8520dca0d3de0b639cc343b09a3fb85d3a68b927a062945a21e9c97a3ad0b73b13d40
SSDEEP

6144:PPnatToSVn/mgneVk44Ux6G5DxdG5DxdGs:PYv/mHK44Ux6G5DxdG5DxdGs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6fe0499fa690454b0559cdd5673f59b_JaffaCakes118

Files

f6fe0499fa690454b0559cdd5673f59b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8d1971725de79b76e812c321dff2b898

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mcmsg.pdb

Imports

kernel32

GetThreadPriority
GetCurrentThread
TerminateThread
DuplicateHandle
IsBadReadPtr
VirtualProtect
VirtualAlloc
IsBadCodePtr
VirtualFree
Thread32Next
Thread32First
CreateToolhelp32Snapshot
HeapFree
HeapAlloc
GetProcessHeap
SetLastError
OpenThread
CreateThread
ResetEvent
CreateEventW
SetEvent
SetThreadPriority
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
FreeLibraryAndExitThread
LoadLibraryW
GetProcAddress
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
ProcessIdToSessionId
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
GetModuleHandleW
LoadLibraryExW
FreeLibrary
lstrcmpiW
GetLastError
DisableThreadLibraryCalls
UnmapViewOfFile
InterlockedExchangeAdd
GetComputerNameW
LocalFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetModuleFileNameW
InterlockedExchange
DeleteCriticalSection
LocalFileTimeToFileTime
FileTimeToSystemTime
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
ReleaseMutex
WaitForSingleObject
IsValidCodePage
GetOEMCP
HeapCreate
ExitProcess
GetModuleHandleA
GetCPInfo
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetCommandLineA
RtlUnwind
CloseHandle
CreateMutexW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsDebuggerPresent
FlushFileBuffers
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
GetConsoleMode
GetConsoleCP
lstrcpynW
WriteFile
CreateFileW
DeleteFileW
ReadFile
GetFileSize
GetTempFileNameW
CreateMutexA
lstrcpynA
lstrlenA
GetTickCount
WideCharToMultiByte
GetSystemTime
GlobalUnlock
GlobalLock
GlobalSize
GetTempPathW
CreateSemaphoreW
CreateDirectoryW
lstrcatW
lstrcpyW
GetSystemTimeAsFileTime
ReleaseSemaphore
Sleep
GetTimeZoneInformation
SetFilePointer
GlobalAlloc
GlobalFree
GlobalReAlloc
CreateFileA
GetSystemDefaultLangID
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA

user32

CharLowerBuffW
UnregisterClassA
GetDesktopWindow
CharLowerW
SetTimer
KillTimer
PostThreadMessageW
PeekMessageW
MsgWaitForMultipleObjects
FindWindowExW
GetParent
GetClassNameW
IsWindow
CharNextW
DispatchMessageW

advapi32

AdjustTokenPrivileges
OpenProcessToken
RevertToSelf
OpenThreadToken
ImpersonateLoggedOnUser
SetNamedSecurityInfoW
ConvertStringSidToSidW
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptDeriveKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
LookupAccountNameW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegCreateKeyW
RegSetValueExW
RegCloseKey
LookupPrivilegeValueW

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoUnmarshalInterface
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromCLSID
CoMarshalInterThreadInterfaceInStream

oleaut32

VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SystemTimeToVariantTime
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
VarBstrCat
SysFreeString
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrCmp
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SysAllocString

shlwapi

PathStripPathW
SHCreateStreamOnFileW
PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wtsapi32

WTSCloseServer
WTSQuerySessionInformationW
WTSOpenServerW
WTSFreeMemory

netapi32

NetWkstaUserEnum
NetApiBufferFree

oleacc

AccessibleChildren
AccessibleObjectFromWindow

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d1971725de79b76e812c321dff2b898

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

wtsapi32

netapi32

oleacc

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 20KB - Virtual size: 18KB