e98165bcbfe1b44edbfbd3a7e0d1f910_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e98165bcbfe1b44edbfbd3a7e0d1f910_JaffaCakes118
Size

952KB
MD5

e98165bcbfe1b44edbfbd3a7e0d1f910
SHA1

d2b74cea39952c92658a878fbdb1b62c0ea5300e
SHA256

79f37894d1818cd2a81d3cff984d3460426a7539ce2d3b8b6d47f900647bcb1f
SHA512

f3d1239d02f22ec11f0f4e66f2de9da6957bc4048904238cf14d6893970ee2f7892fb93157cb7f5ed38a626a113dff5cfd92181c93e553ad9f852ec4d5cb6b6d
SSDEEP

24576:pold3GEePDsm8kjqC4Kk6kFQ64uCRjZE1D/:uld2dru7MkFQRCD/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e98165bcbfe1b44edbfbd3a7e0d1f910_JaffaCakes118

Files

e98165bcbfe1b44edbfbd3a7e0d1f910_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d0baf323b5c75be6191f1aa25fd5bae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

MonikerRelativePathTo
StgOpenStorageEx
ReadClassStg
OleDestroyMenuDescriptor
CoSuspendClassObjects
OleCreateLinkFromData
GetConvertStg
CoReleaseServerProcess
CoRegisterSurrogate
SetDocumentBitStg
CoTaskMemRealloc
IsEqualGUID
CoFreeUnusedLibraries
CreateBindCtx
OleLoadFromStream
StringFromCLSID
IIDFromString
OleSave
CoTreatAsClass
OleFlushClipboard
DoDragDrop
OleMetafilePictFromIconAndLabel
CreateItemMoniker
IsAccelerator
CoMarshalInterThreadInterfaceInStream
OleGetIconOfFile
CoImpersonateClient
WriteStringStream
CoGetCallContext
OleRun
StgOpenAsyncDocfileOnIFillLockBytes
OleCreateLinkEx
RegisterDragDrop
CoCreateInstance
PropVariantClear
StgIsStorageILockBytes
CoMarshalHresult
GetHookInterface
OleLoad
OleCreateEx
OleSetClipboard
OleCreateEmbeddingHelper
OleNoteObjectVisible
GetHGlobalFromStream
WriteOleStg
CoGetTreatAsClass
CoGetMarshalSizeMax
OleCreate
CoSwitchCallContext
StgGetIFillLockBytesOnILockBytes
GetHGlobalFromILockBytes
CoIsOle1Class
RevokeDragDrop
OleInitialize
CoResumeClassObjects
UtGetDvtd32Info
StgGetIFillLockBytesOnFile
CoQueryClientBlanket
CoRegisterChannelHook
UpdateDCOMSettings
CoLockObjectExternal
CoRevertToSelf
CoGetPSClsid
CoMarshalInterface
OleCreateLink
OleSaveToStream
OleGetAutoConvert
OpenOrCreateStream
SetConvertStg
UtGetDvtd16Info
OleBuildVersion
WriteFmtUserTypeStg
StgSetTimes
FreePropVariantArray
GetDocumentBitStg
OleRegGetUserType
CreateObjrefMoniker
CoCreateGuid
OleCreateFromFileEx
CoGetCurrentProcess
CoInitializeEx
StgOpenStorageOnILockBytes
OleGetClipboard
StgCreateDocfile
OleConvertOLESTREAMToIStorageEx
CoRegisterMessageFilter
CoDosDateTimeToFileTime
CoLoadLibrary
WriteClassStm
OleSetAutoConvert
StgCreateStorageEx
CoRegisterMallocSpy
OleCreateLinkToFileEx
OleConvertIStorageToOLESTREAMEx
CoCopyProxy
OleCreateLinkToFile
CoInitializeSecurity
CoRegisterClassObject
CoFreeLibrary
CreateDataAdviseHolder
OleSetMenuDescriptor
OleLockRunning
CreatePointerMoniker
CreateILockBytesOnHGlobal
OleTranslateAccelerator
CreateAntiMoniker
CoTaskMemFree
ReadOleStg
CoCreateInstanceEx
OleUninitialize

user32

SetWindowTextW
DdeKeepStringHandle
SetRect
CascadeChildWindows
GetClassNameW
CreateDialogParamA
GetCaretPos
RegisterClipboardFormatA
DragDetect
GetNextDlgTabItem
GetMenuItemID
GetInputDesktop
ShowScrollBar
GetClipboardFormatNameW
GetDesktopWindow
ImpersonateDdeClientWindow
GetMenuBarInfo
SetWindowContextHelpId
GetClipCursor
UnhookWindowsHook
SendMessageCallbackA
GetScrollRange
DdeInitializeA
ScrollDC
LoadImageA
BroadcastSystemMessageA
LoadStringA
ShowWindow
DdeGetData
RemovePropA
GetWindowInfo
EnableMenuItem
OpenInputDesktop
CharNextExA
DrawCaption
GetKBCodePage
InsertMenuItemW
SystemParametersInfoW
GetScrollPos
IsZoomed
PostMessageW
OpenDesktopA
CreateWindowStationA
BeginPaint
RegisterClassExW
IsWindowUnicode
LoadMenuIndirectW
DrawTextExA
GetScrollBarInfo
GetClipboardOwner
DlgDirSelectExW
TranslateMessage
LockWindowUpdate
OpenClipboard
OemToCharBuffA
CharPrevExA
SetMessageQueue
SwitchDesktop
CharUpperBuffW
GetUserObjectInformationW
EnumDesktopsW
UnloadKeyboardLayout
InSendMessage
GetScrollInfo
UnhookWindowsHookEx
TabbedTextOutW
InvalidateRgn
CopyAcceleratorTableW
DdeAccessData
PostThreadMessageA
WINNLSGetEnableStatus
MonitorFromWindow
GetWindowRgn
RemovePropW
DrawIconEx
MsgWaitForMultipleObjectsEx
GetWindowDC
DestroyAcceleratorTable
EnumDisplayMonitors
CreateDialogIndirectParamA
LoadKeyboardLayoutW
EnumDisplaySettingsExA
EndPaint
FreeDDElParam
LoadIconW
GetActiveWindow
InflateRect
GetTabbedTextExtentW
ChangeMenuW
TranslateMDISysAccel
SetForegroundWindow
RegisterHotKey
FindWindowA
CallMsgFilterW
IsCharUpperW
GetPriorityClipboardFormat
MoveWindow
GetDlgItem
GetMessageW
IsWindowEnabled
GetCapture
CloseWindow
GetMenuDefaultItem
UnionRect
ShowCaret
GetCursorPos
SendMessageTimeoutW
GetOpenClipboardWindow
DdeEnableCallback
GetMenuItemRect
WindowFromDC
CharUpperBuffA
CharPrevA
MonitorFromRect
GetShellWindow
ChildWindowFromPoint
WaitMessage
DialogBoxIndirectParamA
DdeQueryConvInfo
UnhookWinEvent
LoadCursorA
SetMenu
RegisterClassW
PostThreadMessageW
DrawTextW
SetWindowsHookW
TrackPopupMenuEx
DdeConnectList
DrawStateW
GetAltTabInfo

kernel32

SetVolumeLabelW
VirtualProtect
SetConsoleCursorPosition
GetProcessHeaps
GetProfileSectionA
GetSystemTimeAdjustment
SetConsoleTitleW
FlushFileBuffers
GetCompressedFileSizeW
LocalReAlloc
CallNamedPipeW
MultiByteToWideChar
CreateTapePartition
WritePrivateProfileStringW
DeleteFileW
SystemTimeToFileTime
LocalFileTimeToFileTime
FreeLibrary
TerminateThread
GetVolumeInformationW
LoadLibraryW
GetConsoleScreenBufferInfo
SetFileApisToOEM
GetDefaultCommConfigA
RtlFillMemory
VirtualAlloc
EnumSystemCodePagesA
EnumTimeFormatsA
FindClose
LocalLock
lstrcat
CreateWaitableTimerW
ReadConsoleOutputA
ScrollConsoleScreenBufferA
GetThreadTimes
GetCurrencyFormatW
GetFullPathNameA
GetEnvironmentVariableW
SetVolumeLabelA
lstrcpyn
WritePrivateProfileStructW
GlobalUnfix
GlobalAddAtomA
GetEnvironmentStringsA
GetProcessTimes
GetNamedPipeHandleStateW
RemoveDirectoryW
SetConsoleWindowInfo
HeapValidate
GlobalFindAtomA
SetHandleInformation
SetCommConfig
SetEnvironmentVariableW
FlushViewOfFile
LockFile
IsBadReadPtr
EnumDateFormatsA
GetCalendarInfoA
GetTimeZoneInformation
WriteConsoleOutputW
GetCurrentDirectoryA
EnumResourceLanguagesA
CreateIoCompletionPort
SetThreadLocale
GetLogicalDrives
SetFileTime
OpenFileMappingW
DeleteFileA
GetConsoleOutputCP
GetLocaleInfoW
GetPrivateProfileIntW
SetSystemPowerState
GetPrivateProfileStringA
GetLastError
Thread32First
SetConsoleOutputCP
LocalUnlock
GetSystemInfo
GetCurrencyFormatA
SetMailslotInfo
WaitForSingleObjectEx
ConvertDefaultLocale
FindFirstChangeNotificationA
GetPrivateProfileStringW
VirtualUnlock
LockResource
FillConsoleOutputCharacterA
GetNumberOfConsoleMouseButtons
GetNumberOfConsoleInputEvents
GetHandleInformation
BeginUpdateResourceW
GetTapeParameters
SetConsoleActiveScreenBuffer
TlsGetValue
lstrcmpA
lstrcpynA
GetModuleFileNameA
GetAtomNameW
VerLanguageNameA
DeviceIoControl
GlobalUnWire
SetCurrentDirectoryA
GetEnvironmentStringsW
GlobalWire
GetConsoleCP
SetCommState
GlobalUnlock
GetSystemTimeAsFileTime
LCMapStringW
OpenFileMappingA
LocalCompact
BeginUpdateResourceA
PulseEvent
FileTimeToLocalFileTime
HeapUnlock
LCMapStringA
GenerateConsoleCtrlEvent
FindResourceExA
SetThreadPriorityBoost
WriteTapemark
SetLocaleInfoW
BuildCommDCBAndTimeoutsW
TransactNamedPipe
SetErrorMode
GetProcAddress

shlwapi

PathRemoveArgsW
PathAddExtensionA
PathIsURLA
PathRemoveArgsA
PathRelativePathToA
PathCanonicalizeW
SHCopyKeyW
PathSetDlgItemPathW
SHRegEnumUSKeyA
StrRChrA
PathCombineW
PathFindOnPathA
StrStrIA
PathIsLFNFileSpecW
PathCanonicalizeA
SHSetValueW
PathIsUNCServerShareW
PathGetDriveNumberW
StrCpyW
PathIsURLW
UrlHashW
StrCmpNW
PathRemoveFileSpecA
wnsprintfA
PathMakePrettyW
PathCompactPathA
StrIsIntlEqualA
StrNCatA
StrRetToStrW
PathIsDirectoryEmptyA
PathIsRootA
UrlHashA
SHOpenRegStreamW
StrToIntA
SHDeleteEmptyKeyA
StrFromTimeIntervalA
StrCmpNIA
StrDupA
StrFormatByteSizeA
SHRegEnumUSKeyW
StrRetToStrA
SHOpenRegStream2W
StrIsIntlEqualW
SHRegGetBoolUSValueA
SHRegQueryInfoUSKeyW
PathIsFileSpecA
StrChrA
PathIsSameRootW
SHEnumKeyExA
SHDeleteValueW
PathStripPathW
UrlApplySchemeW
SHStrDupW
PathGetDriveNumberA
StrRStrIW
PathFileExistsW
UrlApplySchemeA
UrlIsNoHistoryW
PathIsPrefixA
PathAddBackslashW
StrStrIW
SHDeleteKeyA
UrlEscapeW
StrChrIA
PathRemoveBackslashW
PathMakePrettyA
PathFindOnPathW
StrSpnW
PathQuoteSpacesW
StrCatBuffW
SHRegWriteUSValueA
SHEnumValueA
SHQueryValueExA
PathGetArgsA
SHCreateStreamOnFileA
wvnsprintfW
PathUndecorateA
StrToIntExW
SHCreateStreamOnFileW
StrRetToBufA
PathIsUNCA
SHRegGetUSValueA
SHRegDuplicateHKey
SHRegGetBoolUSValueW
PathSearchAndQualifyW
PathGetCharTypeW
SHSetThreadRef
PathIsContentTypeA
wnsprintfW
SHRegDeleteEmptyUSKeyW
PathIsContentTypeW
PathRemoveExtensionA
ColorAdjustLuma
UrlEscapeA
PathSetDlgItemPathA
SHEnumKeyExW
PathBuildRootW
UrlGetLocationW
PathStripToRootW
StrCatW
AssocQueryStringW
StrPBrkA
SHRegOpenUSKeyA
PathBuildRootA
PathFindSuffixArrayW
StrFormatByteSize64A
StrRChrIA
AssocQueryStringByKeyA
PathRemoveBlanksW
SHRegEnumUSValueW
PathIsSystemFolderA
PathIsUNCServerW
SHQueryValueExW
PathIsNetworkPathA
SHDeleteValueA
PathCompactPathExW
UrlCreateFromPathW
AssocQueryStringA
PathCommonPrefixW
PathSkipRootA
PathIsNetworkPathW

advapi32

DeregisterEventSource
InitializeSid
RegOpenKeyExA
BuildTrusteeWithSidA
RegCreateKeyA
InitializeSecurityDescriptor
SetAclInformation
RegQueryValueA
AddAuditAccessAce
IsValidSecurityDescriptor
LookupSecurityDescriptorPartsA
GetServiceDisplayNameA
GetSidLengthRequired
AreAnyAccessesGranted
RegQueryInfoKeyW
CryptSetProvParam
LogonUserA
ReportEventA
StartServiceW
CryptDestroyKey
LookupPrivilegeNameW
SetKernelObjectSecurity
GetKernelObjectSecurity
RegSaveKeyA
QueryServiceLockStatusA
GetExplicitEntriesFromAclW
CryptHashSessionKey
GetTrusteeNameW
ImpersonateSelf
LockServiceDatabase
RegOpenKeyA
RegisterServiceCtrlHandlerW
SetEntriesInAccessListA
SetServiceBits
GetTokenInformation
TrusteeAccessToObjectW
RegQueryMultipleValuesW
GetAuditedPermissionsFromAclW
GetNamedSecurityInfoA
AddAce
RegDeleteValueA
LookupAccountSidA
RegQueryValueExW
LookupPrivilegeValueW
SetEntriesInAclA
CryptSetProviderExA
SetSecurityInfo
RegEnumKeyExA
QueryServiceLockStatusW
CryptSignHashA
CloseServiceHandle
ConvertSecurityDescriptorToAccessA
CopySid
RegOpenKeyExW
GetTrusteeTypeA
ObjectPrivilegeAuditAlarmA
OpenEventLogA
GetCurrentHwProfileW
NotifyBootConfigStatus
RegCreateKeyExA
GetFileSecurityA
RegSetValueExW
AccessCheckAndAuditAlarmW
GetSecurityInfo
CryptSetHashParam
EqualPrefixSid
SetEntriesInAclW
CryptEnumProviderTypesW
DuplicateToken
AllocateAndInitializeSid
ConvertAccessToSecurityDescriptorA
DuplicateTokenEx
RegReplaceKeyW
UnlockServiceDatabase
SetNamedSecurityInfoW
IsValidSid
RegDeleteKeyA
GetSecurityDescriptorDacl
OpenBackupEventLogA
IsTextUnicode
GetServiceKeyNameW
GetSecurityDescriptorLength
LookupAccountNameW
OpenServiceA
RegSaveKeyW
BuildSecurityDescriptorW
AddAccessDeniedAce
CryptDestroyHash
ConvertSecurityDescriptorToAccessNamedW
RegDeleteKeyW
CryptExportKey
CreateProcessAsUserW
GetServiceDisplayNameW
RegQueryValueExA
DeleteAce
OpenBackupEventLogW
InitiateSystemShutdownW
AreAllAccessesGranted
LookupPrivilegeValueA
GetMultipleTrusteeW
CryptEnumProvidersA
GetFileSecurityW
RegConnectRegistryA
GetTrusteeNameA
ReadEventLogW
AccessCheck
GetNumberOfEventLogRecords
ObjectOpenAuditAlarmA
ImpersonateNamedPipeClient
CryptAcquireContextW
ObjectDeleteAuditAlarmW
CryptAcquireContextA
CryptEnumProvidersW
CryptImportKey
GetMultipleTrusteeOperationA
ObjectCloseAuditAlarmA
RegEnumValueA
SetSecurityDescriptorGroup

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6d0baf323b5c75be6191f1aa25fd5bae

Headers

DLL Characteristics

File Characteristics

Imports

ole32

user32

kernel32

shlwapi

advapi32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 188B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 188B