39efe7746b966b6ae15955ac6df970e6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

39efe7746b966b6ae15955ac6df970e6_JaffaCakes118
Size

409KB
MD5

39efe7746b966b6ae15955ac6df970e6
SHA1

4c02ecd1b0513f950bfcdf1c0a77ef4d66dce090
SHA256

63c12c1dfabc8d11cb0ff871f661e7aae07c65439dde8ee6408f50c4cee58f3a
SHA512

3c84dcd147f5ea2da520ad69a4d5a21e52a9187c76bbcf57ce06fb6fcf51d82ede8d797bdc3d893901899ca1453e8fcbeedb3f9c73256d1d2512c4d4ec269868
SSDEEP

6144:u4UR+N5oy5+XLkF9rBDJbHa433M56WmMbgFf6lsfrmROCrmRJCAmRJCE:uz+royEcB9R3ALsfrmROCrmRJCAmRJCE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39efe7746b966b6ae15955ac6df970e6_JaffaCakes118

Files

39efe7746b966b6ae15955ac6df970e6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e1cfc55bedc9001fc16896b689a88a51

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\.Depot\Current\Client\CommonCommandProcessor\Release\ccp.pdb

Imports

kernel32

WaitForSingleObject
lstrcmpW
ReadFile
GetFileSize
CreateFileW
GetFileAttributesExW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetDriveTypeW
SetErrorMode
GetLogicalDrives
FindClose
GetTempFileNameW
CopyFileW
CreateDirectoryW
GetVersionExW
TerminateProcess
OpenProcess
LoadLibraryA
LocalFree
GetComputerNameW
ProcessIdToSessionId
GetCurrentProcessId
LocalAlloc
GetCurrentProcess
CreateMutexA
lstrcpynA
GetCurrentThreadId
GetSystemTime
GlobalUnlock
ReleaseMutex
GlobalLock
GlobalSize
CreateSemaphoreW
CreateEventW
SetFileAttributesW
GetSystemTimeAsFileTime
ReleaseSemaphore
DuplicateHandle
FileTimeToSystemTime
GetThreadLocale
FlushFileBuffers
SetFilePointerEx
SetLastError
DeviceIoControl
GetDiskFreeSpaceW
RemoveDirectoryW
GetFileAttributesW
InterlockedExchangeAdd
UnmapViewOfFile
MapViewOfFile
FileTimeToDosDateTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetLocalTime
SetFilePointer
GetFileInformationByHandle
GlobalAlloc
GlobalFree
IsBadReadPtr
GlobalReAlloc
CreateMutexW
CreateFileA
CreateFileMappingW
lstrcpyA
OpenFileMappingW
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
WideCharToMultiByte
GetProcessHeap
HeapAlloc
HeapFree
WriteFile
GetLongPathNameW
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempPathW
lstrcpyW
lstrcatW
OpenEventW
SetEvent
Sleep
DeleteFileW
GetTickCount
lstrlenA
lstrcpynW
CreateProcessW
CloseHandle
FindFirstFileW
MoveFileW
InitializeCriticalSection
FindNextFileW
GetModuleHandleW
LoadLibraryExW
lstrcmpiW
DisableThreadLibraryCalls
RaiseException
LoadLibraryW
GetLastError
GetProcAddress
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedIncrement
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
InterlockedDecrement
FreeLibrary
DeleteCriticalSection
GetStringTypeA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
VirtualFree
HeapCreate
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualAlloc
VirtualProtect
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy

user32

UnregisterClassA
CharNextW
GetDesktopWindow
wsprintfW
SendMessageW
GetWindowThreadProcessId
FindWindowW
CharLowerW
CharLowerBuffW

advapi32

LookupPrivilegeValueW
CryptDeriveKey
CryptDecrypt
CryptEncrypt
GetSidSubAuthorityCount
GetSidSubAuthority
CryptDestroyKey
GetNamedSecurityInfoW
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
ConvertStringSidToSidW
SetNamedSecurityInfoW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
LookupAccountNameW
ConvertSidToStringSidW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetFolderPathW
SHFileOperationW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize
StringFromCLSID
GetHGlobalFromStream
CreateStreamOnHGlobal

oleaut32

SysFreeString
VarBstrCmp
VariantInit
VariantClear
VarUI4FromStr
VarBstrFromUI4
SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
VarBstrCat
SysAllocStringLen
SysStringByteLen
VariantChangeType
VariantCopy
VarI4FromStr
VarBstrFromI4
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayRedim
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreateVector
SafeArrayCreate
VarNumFromParseNum
VarBstrFromI2
SysAllocStringByteLen
VarParseNumFromStr

shlwapi

PathRemoveFileSpecW
SHCreateStreamOnFileW
StrStrIW
StrStrW
PathSkipRootW
SHDeleteKeyW
SHDeleteEmptyKeyW
PathFileExistsW
PathIsDirectoryW
PathFindFileNameW
PathAppendW
PathMatchSpecW

rpcrt4

UuidToStringA
UuidToStringW
UuidCreate
RpcStringFreeA
RpcStringFreeW

wtsapi32

WTSCloseServer
WTSOpenServerW
WTSFreeMemory
WTSQuerySessionInformationW

netapi32

NetApiBufferFree
NetWkstaUserEnum

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1cfc55bedc9001fc16896b689a88a51

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

wtsapi32

netapi32

Exports

Exports

Sections

.text Size: 244KB - Virtual size: 242KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 28KB - Virtual size: 24KB

.reloc Size: 28KB - Virtual size: 24KB

.text
Size: 244KB - Virtual size: 242KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 28KB - Virtual size: 24KB

.reloc
Size: 28KB - Virtual size: 24KB