e2b366d8cfb7171eb9f2c909990d346a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e2b366d8cfb7171eb9f2c909990d346a_JaffaCakes118
Size

185KB
MD5

e2b366d8cfb7171eb9f2c909990d346a
SHA1

0610000ca83b1ebdb33086b925065fcf7881e912
SHA256

e5ea57bc531dd8ca53787dc879b45a2d322b3f71e49e05b92d9437d82a224692
SHA512

14fcb0d34bae0bf91c2949bda9c37648d87c71bd46e2f9b485907c0b5e544879864318c08ade9749391dc3a1faf7d7cdb6d0f24b3750ceeacd53a70d50daca5e
SSDEEP

3072:Rc5NrNHb3f0zbE+8TaKu5wXwNRvAgl6fct7FW8DRzo6BhHMUpMhoxsX5B:RQxHbf0z1UaK6wX1ytxW8DLB1xsX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2b366d8cfb7171eb9f2c909990d346a_JaffaCakes118

Files

e2b366d8cfb7171eb9f2c909990d346a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6eb7c9b82ea382d2a53e702e47e90122

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetWindowExtEx
ExcludeClipRect
DeleteMetaFile
SetTextColor
DeleteDC
GetDeviceCaps
CreatePen
CloseMetaFile
SetWindowOrgEx
ExtSelectClipRgn
TextOutW
LineTo
GetSystemPaletteEntries
EnumFontFamiliesExW
Polyline
CreateDIBSection
SetPixel
SaveDC
ScaleViewportExtEx
StretchDIBits
GetTextExtentPoint32A
Rectangle
GetDIBits
GetMapMode
RealizePalette
SetTextAlign
SetStretchBltMode
FillRgn
CreateSolidBrush
CreateCompatibleDC
CreatePalette
PtVisible
GetBkMode
CreateDCW
SetROP2
Ellipse
GetViewportExtEx
CombineRgn
SetBkMode
CreateDCA
GetBkColor
GetObjectA
StartPage
BitBlt
CreateCompatibleBitmap
CreateDIBitmap

comctl32

ImageList_Create
PropertySheetW
PropertySheetA
ImageList_ReplaceIcon
InitCommonControlsEx
InitCommonControls
ImageList_Draw
ImageList_Destroy
CreatePropertySheetPageW

user32

DispatchMessageW
ReleaseCapture
DispatchMessageA
GetParent
EqualRect
GetMenuItemCount
GetWindowTextA
RegisterClassA
GetKeyState
ClientToScreen
SystemParametersInfoA
SendDlgItemMessageW
ReleaseDC
RegisterWindowMessageW
GetWindowTextW
IsWindowEnabled
CharUpperA
IsDlgButtonChecked
DialogBoxParamW
SetWindowTextW
LoadStringA
PtInRect
GetSystemMenu
CharPrevW
CallWindowProcW
GetWindowLongA
IsIconic
SetCapture
SetWindowRgn
LoadBitmapW
GetMessageW
CreateWindowExW
CharNextA
OffsetRect
GetMessagePos
PostMessageA
PeekMessageA
PostQuitMessage
CheckDlgButton
DrawFocusRect
GetMessageA
IsChild
RegisterClassW
GetFocus
CheckRadioButton
GetWindowThreadProcessId
LoadCursorW
CheckMenuItem
SetWindowLongA
EnableWindow
GetCursorPos
MapWindowPoints
SendDlgItemMessageA
SetForegroundWindow
ExitWindowsEx
GetClassNameW
GetWindowPlacement
CreateDialogParamW
CallWindowProcA
GetSysColor
KillTimer
CharUpperW
LoadCursorA
TranslateMessage
IsWindow
GetDlgItemTextA
GetMenu
DialogBoxParamA
SetRect
SetDlgItemTextW
SystemParametersInfoW
GetDlgCtrlID
UnhookWindowsHookEx
GetDlgItem
GetProcessWindowStation
UnregisterClassA
DrawIcon
LoadStringW
LoadBitmapA
RegisterWindowMessageA
WinHelpW
MessageBeep
LoadIconA
FindWindowW
GetWindowTextLengthW
MsgWaitForMultipleObjects

oleaut32

VariantChangeTypeEx
VariantInit
LoadTypeLib
SafeArrayPutElement
GetActiveObject
SafeArrayCreate
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayGetLBound
SysReAllocStringLen
SafeArrayAccessData
GetErrorInfo
VariantClear
SysAllocStringByteLen
SafeArrayUnaccessData
RegisterTypeLib
OleLoadPicture
SafeArrayGetUBound
VariantCopy
VariantCopyInd
SysStringLen
VariantChangeType
SetErrorInfo
CreateErrorInfo
SysAllocStringLen
SysStringByteLen

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileW
VerQueryValueW
GetFileVersionInfoSizeA
VerLanguageNameA

kernel32

TlsFree
FlushFileBuffers
CreateMutexA
lstrcatA
GetVersion
CreateProcessW
CompareStringW
FindResourceW
DeleteFileA
GlobalFree
ExitProcess
HeapCreate
LocalAlloc
RaiseException
lstrcpynW
GetVersionExW
SetThreadPriority
ResumeThread
OpenMutexA
GetWindowsDirectoryW
FindResourceA
GetDriveTypeA
Sleep
MapViewOfFile
GetExitCodeProcess
GetDriveTypeW
IsDebuggerPresent
SetEndOfFile
TlsGetValue
WaitForSingleObject
IsBadReadPtr
GetLocaleInfoW
MultiByteToWideChar
GetModuleFileNameA
GetCurrentThreadId
OutputDebugStringA
FileTimeToLocalFileTime
SetLastError
GetModuleHandleW
FindNextFileW
HeapFree
SetHandleCount
GetConsoleMode
GetCurrentProcess
LocalFree
GetExitCodeThread
GetACP
WaitForMultipleObjects
GlobalLock
GetFullPathNameW
lstrcmpiW
GlobalUnlock
GetTempPathA
GetSystemDirectoryW
SetErrorMode
GetFileAttributesW
GetModuleFileNameW
UnmapViewOfFile
SetEvent
InterlockedIncrement
InterlockedExchange
FormatMessageW
CreateFileA
ReleaseSemaphore
GetCommandLineA
FormatMessageA
FindClose
GetSystemTime
MulDiv
InterlockedCompareExchange
DeleteFileW
GetModuleHandleA
SetStdHandle
OpenEventA
GetProcessHeap
GetSystemDirectoryA
LoadLibraryExA
GetComputerNameW
CreateEventA
GetThreadLocale
FindFirstFileW
DisableThreadLibraryCalls
WideCharToMultiByte
IsDBCSLeadByte
CompareStringA
GetUserDefaultLCID
CreateFileMappingW
GetFileAttributesA
VirtualAlloc
CancelIo
GetCurrentProcessId
VirtualProtect
CreateThread
FreeEnvironmentStringsA
lstrcpyW

comdlg32

ChooseFontA
PageSetupDlgW
FindTextW
ChooseColorA
GetFileTitleA
PageSetupDlgA
GetSaveFileNameA
FindTextA
GetFileTitleW
PrintDlgW
GetOpenFileNameA
GetSaveFileNameW
ChooseFontW
PrintDlgExW
ChooseColorW
CommDlgExtendedError
GetOpenFileNameW
PrintDlgA

msvcrt

malloc
_errno
strstr
_ftol
floor
??0exception@@QAE@ABV0@@Z
srand
__dllonexit
_wtoi
strtok
_wsplitpath
iswspace
isspace
ctime
_XcptFilter
_wcsdup
_ltoa
wcsncmp
_snprintf
_ultoa
setlocale
sscanf
calloc
towupper
??1type_info@@UAE@XZ
bsearch
_CIsqrt
fread
fflush
_finite
_commit
_rotr
_strlwr
_CIacos
isalpha
_vsnprintf
_vsnwprintf
strtoul
_ltow
wcscspn
_fileno
__set_app_type
strncpy
iswdigit
strlen
exit
_iob
_itoa
swscanf
__p__commode
wcspbrk
_wcsupr
__CxxFrameHandler
wcstoul
_c_exit
wcscpy
_acmdln
wcslen
_lseeki64
_wcslwr
memset
_purecall
wcsspn
__wgetmainargs
wcscat
wcscmp
atoi
_access
__p__iob
free
isxdigit
wcschr
_itow
_chsize
_CxxThrowException
tolower

ole32

OleInitialize
CreateBindCtx
CoDisconnectObject
CreateItemMoniker
StgIsStorageFile
StringFromGUID2
CoRevokeClassObject
OleUninitialize
CoCreateInstance
ReleaseStgMedium
CoTaskMemRealloc
CoInitializeSecurity
StringFromCLSID
PropVariantCopy
CLSIDFromString
CoRevertToSelf
CoUninitialize
CoInitializeEx
IIDFromString
OleRegGetUserType
WriteClassStm
GetHGlobalFromStream
CoGetMalloc
CoCreateGuid
OleRun
CoCreateFreeThreadedMarshaler
CreateDataAdviseHolder
StringFromIID
CLSIDFromProgID
CoFreeUnusedLibraries
PropVariantClear
StgOpenStorage
CoTaskMemFree
OleRegGetMiscStatus
CoCreateInstanceEx
CreateILockBytesOnHGlobal
StgCreateDocfile
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CreateOleAdviseHolder
CoRegisterClassObject
CoGetInterfaceAndReleaseStream
CoImpersonateClient
CoSetProxyBlanket
MkParseDisplayName
OleRegEnumVerbs
CoReleaseMarshalData
CoMarshalInterThreadInterfaceInStream
CoGetClassObject
CoTaskMemAlloc
CoInitialize
CoMarshalInterface

ntdll

NtAdjustPrivilegesToken
NtOpenFile
_vsnprintf
RtlFormatCurrentUserKeyPath
RtlEqualUnicodeString
NtPowerInformation
NtAllocateLocallyUniqueId
NtMapViewOfSection
NtWaitForSingleObject
NtQuerySecurityObject
RtlSetGroupSecurityDescriptor
NtConnectPort
NtSetInformationFile
RtlInitializeSid
RtlAppendUnicodeStringToString
NtQuerySystemInformation
wcscpy
RtlRaiseStatus
RtlRunEncodeUnicodeString
wcsncmp
RtlCreateAcl
RtlInitializeResource
RtlxAnsiStringToUnicodeSize
NtCreateFile
RtlUnicodeToOemN
RtlLookupElementGenericTable
RtlEnterCriticalSection
RtlQueueWorkItem
NtWaitForMultipleObjects
RtlSetSaclSecurityDescriptor
RtlExtendedLargeIntegerDivide
RtlGetFullPathName_U
NtQueryAttributesFile
RtlGetAce
wcscmp
RtlFreeAnsiString
NtUnmapViewOfSection
wcscat
NtReadFile
RtlInitializeCriticalSection
RtlSubAuthorityCountSid
RtlUpcaseUnicodeString
RtlUpcaseUnicodeStringToOemString
_alloca_probe
RtlCompareUnicodeString
VerSetConditionMask
RtlCreateUnicodeStringFromAsciiz
RtlEqualSid
_allmul
NtSetVolumeInformationFile
NtOpenThread
RtlCreateUnicodeString
strncpy
RtlInitializeCriticalSectionAndSpinCount
_stricmp
NtOpenKey
RtlQueryRegistryValues
RtlFreeUnicodeString
RtlSetDaclSecurityDescriptor
NtQueryInformationProcess
NtTerminateProcess
NtDelayExecution
NlsMbOemCodePageTag
RtlUnicodeToMultiByteN
wcstol
RtlDetermineDosPathNameType_U
wcsncpy
RtlxUnicodeStringToOemSize
RtlSizeHeap
RtlMultiByteToUnicodeN
RtlValidSecurityDescriptor
RtlUnwind
NtImpersonateAnonymousToken
NtDuplicateObject
_chkstk
RtlDestroyEnvironment

advapi32

GetLengthSid
ControlService
RegConnectRegistryW
LsaOpenPolicy
RegEnumKeyExW
OpenServiceA
OpenThreadToken
RegNotifyChangeKeyValue
GetAce
RegDeleteKeyA
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegisterTraceGuidsW
RegQueryValueExW
UnlockServiceDatabase
RevertToSelf
RegOpenKeyExA
CryptAcquireContextW
SetSecurityDescriptorDacl
GetTokenInformation
LookupAccountNameW
RegOpenKeyW
SetThreadToken
GetSidIdentifierAuthority
ReportEventW
RegQueryValueA
ConvertStringSidToSidW
GetTraceEnableFlags
RegEnumValueW
RegQueryValueW

shell32

DragQueryFileW
CommandLineToArgvW
SHChangeNotify
SHBrowseForFolderW
ShellExecuteA
SHGetPathFromIDListA
SHGetFileInfoW
DragQueryFileA
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW
SHBindToParent
SHGetSpecialFolderPathW
SHGetFolderPathW
SHBrowseForFolderA
SHFileOperationW
SHGetDesktopFolder
SHGetMalloc
ShellExecuteW

rpcrt4

IUnknown_QueryInterface_Proxy
RpcStringBindingParseW
UuidFromStringW
RpcBindingSetAuthInfoExW
NdrOleFree
IUnknown_AddRef_Proxy
RpcBindingVectorFree
NdrCStdStubBuffer_Release
UuidCreate
RpcStringFreeW
RpcStringFreeA
RpcImpersonateClient
RpcServerRegisterIfEx
RpcRevertToSelf
RpcServerInqBindings
CStdStubBuffer_Connect
RpcEpResolveBinding
NdrClientCall2
RpcServerUnregisterIf
RpcServerUseProtseqEpW
RpcBindingSetAuthInfoW
NdrStubForwardingFunction
CStdStubBuffer_AddRef
CStdStubBuffer_Invoke
NdrDllRegisterProxy
NdrDllCanUnloadNow
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
NdrServerCall2
RpcBindingFree
RpcServerRegisterAuthInfoW
RpcRaiseException
RpcBindingToStringBindingW
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_QueryInterface
NdrStubCall2
RpcBindingFromStringBindingW
CStdStubBuffer_IsIIDSupported
NdrDllGetClassObject
NdrCStdStubBuffer2_Release
CStdStubBuffer_Disconnect
NdrOleAllocate
RpcStringBindingComposeW
UuidToStringA

Sections

BSS
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 482B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6eb7c9b82ea382d2a53e702e47e90122

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

comctl32

user32

oleaut32

version

kernel32

comdlg32

msvcrt

ole32

ntdll

advapi32

shell32

rpcrt4

Sections

BSS Size: 67KB - Virtual size: 67KB

.text Size: 114KB - Virtual size: 114KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 482B

BSS
Size: 67KB - Virtual size: 67KB

.text
Size: 114KB - Virtual size: 114KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 482B