ea770b964181a44cac9b01775578d459_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ea770b964181a44cac9b01775578d459_JaffaCakes118
Size

560KB
MD5

ea770b964181a44cac9b01775578d459
SHA1

b9ebc81f2e4fc587388c824c8bacc6e34dc2e61f
SHA256

f65d18bb400a3d49f3b4c5fd3c645c1cb7ead3e0a5b70e40e0edc68743922830
SHA512

3437e9ee2079384a92ec64300b3bdd42351dd734db687714fef6fe1a83d0ce4b2c67404ff43507f862e14123f020f91a32457ecb208144d8060a52b0fc7d0435
SSDEEP

12288:8Rvhm8W86ggvDszFUmk4x22FYEVDcdhSvziEMMnMMMMMx:mr6g0EGSsWVDjvzFMMnMMMMM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea770b964181a44cac9b01775578d459_JaffaCakes118

Files

ea770b964181a44cac9b01775578d459_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6a8531d39eb09fb9e07ee25fa7941c01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitializeSecurityDescriptor
OpenProcessToken
RegCreateKeyW
RegEnumValueA
RegDeleteKeyA
RegSetValueA
LookupPrivilegeValueA
RegDeleteValueW
RegDeleteValueA
RegSetValueExA
RegOpenKeyA
RegOpenKeyW
RegQueryInfoKeyA
RegisterEventSourceA
RegQueryValueA
RegDeleteKeyW
RegSetValueExW
RegCloseKey
DeregisterEventSource
RegCreateKeyA
RegEnumValueW
RegEnumKeyA
RegQueryValueExW
RegOpenKeyExA
AdjustTokenPrivileges
RegEnumKeyW
SetSecurityDescriptorDacl
ReportEventA
RegQueryValueExA

olecli32

OleClone

user32

DdeCreateStringHandleA
DdePostAdvise
DdeQueryConvInfo
GetCaretPos
DdeConnect
InvalidateRgn
DrawIcon
CopyAcceleratorTableA
GetQueueStatus
GetSystemMetrics
InsertMenuA
DestroyAcceleratorTable
GetDoubleClickTime
GetWindow
GetCaretBlinkTime
GetKeyState
CreateDialogParamA
WaitForInputIdle
GetWindowRect
GetMenuStringA
LockWindowUpdate
BeginDeferWindowPos
SetWindowsHookExW
SetWindowContextHelpId
DestroyCursor
CreateMenu
GetAsyncKeyState
ScreenToClient
GetMessagePos
CreateCursor
GetMessageTime
GetWindowTextLengthA
VkKeyScanA
keybd_event
PeekMessageW
SetRect
RegisterClassExA
GetParent
LoadImageA
EqualRect
GetKeyboardLayout
IsDialogMessageA
GetMenuItemCount
DrawFocusRect
RegisterClassA
CreateIcon
GetLastActivePopup
IsZoomed
SetWindowTextA
OpenClipboard
GetWindowTextA
BeginPaint
PeekMessageA
IsRectEmpty
ShowCaret
GetMenu
TrackPopupMenu
GetClassNameA
IsChild
DdeNameService
DefFrameProcA
FillRect
GetUpdateRect
IsWindowVisible
SetMenuDefaultItem
UnregisterClassA
DrawTextA
EnumThreadWindows
GetDesktopWindow
GetTabbedTextExtentA
GetScrollInfo
DefMDIChildProcA
LoadBitmapA
SetDlgItemTextA
DdeCmpStringHandles
SetKeyboardState
MessageBeep
VkKeyScanW
SendMessageA
SetCursor
DeleteMenu
FrameRect
MapWindowPoints
IsWindowEnabled
LoadAcceleratorsA
DestroyCaret
DeferWindowPos
SetCaretPos
SetForegroundWindow
SetFocus
DdeDisconnect
InvalidateRect
GetForegroundWindow
AdjustWindowRectEx
SetParent
DdeGetData
EnumClipboardFormats
SetWindowRgn
SetWindowLongA
GetCapture
LoadCursorA
ShowWindow
IntersectRect
SetScrollPos
SetMenu
DdeGetLastError
GetCursor
SetWindowPos
DestroyWindow
CharLowerBuffA
SetClipboardData
FindWindowW
SetScrollRange
ShowScrollBar
ToAscii
MsgWaitForMultipleObjects
DestroyMenu
PostQuitMessage
AppendMenuA
TabbedTextOutA
EndPaint
GetDlgItem
SetScrollInfo
CharUpperBuffW
FindWindowA
IsCharAlphaA
GetClipboardFormatNameA
GetIconInfo
CharToOemBuffA
CharUpperBuffA
CopyRect
LoadIconA
SystemParametersInfoA
BringWindowToTop
EmptyClipboard
CreateWindowExA
ShowCursor
DrawFrameControl
GetClipboardData
SubtractRect
MessageBoxIndirectA
ReleaseCapture
GetKeyboardState
CharLowerA
WinHelpA
GetMenuItemInfoA
DdeAbandonTransaction
DdeClientTransaction
DdeCreateDataHandle
GetDCEx
DrawMenuBar
GetSubMenu
CloseClipboard
CallNextHookEx
DialogBoxParamA
OemToCharA
DdeFreeDataHandle
MessageBoxA
CharToOemA
EndDialog
WaitMessage
SetCursorPos
GetWindowThreadProcessId
GetActiveWindow
CallWindowProcA
ReleaseDC
CharNextA
InflateRect
GetScrollPos
CheckMenuItem
SetCapture
SetWindowsHookExA
KillTimer
SendDlgItemMessageA
GetUpdateRgn
EndDeferWindowPos
GetWindowDC
PtInRect
SetTimer
UnhookWindowsHookEx
CharLowerBuffW
EnableMenuItem
ModifyMenuA
PostThreadMessageA
RegisterClipboardFormatA
DestroyIcon
ClientToScreen
RemovePropA
GetSysColor
IsIconic
DdeFreeStringHandle
GetCursorPos
GetWindowLongA
DdeQueryStringA
UpdateWindow
ClipCursor
DispatchMessageA
GetMenuState
LoadStringA
TranslateMessage
GetSystemMenu
DdeInitializeA
GetClassInfoExA
wsprintfA
WindowFromPoint
CreateAcceleratorTableA
TranslateMDISysAccel
CharUpperA
DdeUninitialize
IsWindow
GetPropA
SetActiveWindow
DefWindowProcA
GetClientRect
IsClipboardFormatAvailable
PostMessageA
MoveWindow
OffsetRect
GetMenuItemID
CreateCaret
GetWindowRgn
HideCaret
GetClassInfoA
DdeSetUserHandle
EnableWindow
CreatePopupMenu
PostMessageW
AdjustWindowRect
AttachThreadInput
GetFocus
CharPrevA
RemoveMenu
SetPropA
GetDC
SetMenuItemInfoA

ddraw

DirectDrawEnumerateA

ws2_32

WSAConnect

ole32

StringFromCLSID
IIDFromString
CreateDataAdviseHolder
OleInitialize
OleSetClipboard
CreateOleAdviseHolder
OleConvertOLESTREAMToIStorage
OleGetIconOfClass
OleUninitialize
OleDoAutoConvert
StgOpenStorage
RegisterDragDrop
CoIsOle1Class
CreateILockBytesOnHGlobal
RevokeDragDrop
OleLoad
ReadClassStm
OleTranslateAccelerator
CoGetMalloc
CreateStreamOnHGlobal
OleQueryCreateFromData
CreateBindCtx
IsAccelerator
BindMoniker
CoCreateInstance
OleSaveToStream
CLSIDFromString
OleCreateLinkFromData
CoLockObjectExternal
StgOpenStorageOnILockBytes
MkParseDisplayName
WriteClassStg
GetClassFile
OleLockRunning
OleCreateLinkToFile
OleCreateLink
CoMarshalInterface
OleGetClipboard
OleIsRunning
CoUnmarshalInterface
ReleaseStgMedium
StgIsStorageILockBytes
CLSIDFromProgID
StringFromGUID2
OleCreateFromFile
OleFlushClipboard
OleIsCurrentClipboard
OleDuplicateData
CoFreeUnusedLibraries
OleConvertIStorageToOLESTREAM
ReadClassStg
OleDestroyMenuDescriptor
StgCreateDocfile
OleLoadFromStream
CoGetClassObject
CoRegisterMessageFilter
OleRun
OleCreateFromData
CoDisconnectObject
OleGetAutoConvert
DoDragDrop
StgCreateDocfileOnILockBytes
ProgIDFromCLSID
OleSetMenuDescriptor
OleCreateMenuDescriptor
OleQueryLinkFromData
OleSave
CoRevokeClassObject
OleRegGetUserType
CoRegisterClassObject

kernel32

SetFileAttributesA
FileTimeToLocalFileTime
GetShortPathNameA
GetCurrentThreadId
LeaveCriticalSection
GetCurrentProcessId
ExitThread
_lclose
GetSystemDefaultLangID
GetTimeZoneInformation
CloseHandle
lstrcpynA
WriteFile
GetEnvironmentStrings
GetFullPathNameA
LockResource
SetErrorMode
CompareStringA
RaiseException
LockFile
InterlockedIncrement
GlobalHandle
GetModuleFileNameW
SizeofResource
GetVolumeInformationA
HeapAlloc
FlushInstructionCache
LoadLibraryExA
UnlockFile
GlobalAddAtomA
IsBadReadPtr
SetFilePointer
ExitProcess
GetModuleHandleA
GetCommandLineA
Sleep
CreateSemaphoreA
MoveFileA
GetProcAddress
GetStartupInfoA
SetFileTime
VirtualProtect
ResetEvent
GlobalFree
CreateProcessW
GetSystemTime
GetStringTypeW
MulDiv
RtlUnwind
GlobalSize
FindFirstFileA
DuplicateHandle
VirtualAlloc
InitializeCriticalSection
FormatMessageA
lstrcmpiA
GetTickCount
LCMapStringW
FlushFileBuffers
FreeEnvironmentStringsA
GetModuleFileNameA
VirtualQuery
SetLocalTime
DeleteFileA
LoadLibraryA
ResumeThread
SetLastError
SetEndOfFile
GetTempPathA
IsDBCSLeadByte
GetLocaleInfoA
CreateProcessA
WinExec
_lwrite
GlobalDeleteAtom
SetStdHandle
lstrcatA
GetTempFileNameA
CompareStringW
TlsGetValue
DeleteCriticalSection
FileTimeToSystemTime
_lread
EnterCriticalSection
GetDriveTypeA
FreeEnvironmentStringsW
GetLocalTime
GetSystemInfo
SearchPathA
FreeLibrary
SetCurrentDirectoryA
GetVersion
FormatMessageW
GetUserDefaultLCID
GetVersionExA
GetFileAttributesA
LCMapStringA
CreateEventA
GetACP
SetEnvironmentVariableA
lstrcmpA
GetDateFormatA
GetUserDefaultLangID
IsBadCodePtr
LoadResource
GetCurrentProcess
GetFileTime
VirtualFree
TerminateProcess
HeapFree
HeapSize
ReleaseSemaphore
lstrcpyA
GetWindowsDirectoryA
GetOEMCP
GetCurrentDirectoryA
RemoveDirectoryA
_llseek
GetStringTypeA
MultiByteToWideChar
SystemTimeToFileTime
lstrcmpiW
HeapReAlloc
FreeResource
GlobalReAlloc
FindResourceA
InterlockedDecrement
ReadFile
TlsAlloc
GetSystemDefaultLCID
GlobalUnlock
GetStringTypeExA
GetStdHandle
CreateDirectoryA
FindNextFileA
TlsFree
GetEnvironmentStringsW
CreateThread
UnhandledExceptionFilter
GetExitCodeProcess
GetCPInfo
GlobalLock
GetLastError
lstrlenA
GetFileType
SetEvent
HeapCreate
GetProfileStringA
TlsSetValue
FindClose
WaitForSingleObject
GetSystemDirectoryA
HeapDestroy
WideCharToMultiByte
CreateFileA
GlobalAlloc
SetHandleCount

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 492KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a8531d39eb09fb9e07ee25fa7941c01

Headers

File Characteristics

Imports

advapi32

olecli32

user32

ddraw

ws2_32

ole32

kernel32

Sections

.text Size: 4KB - Virtual size: 1KB

.idata Size: 16KB - Virtual size: 12KB

.data Size: 492KB - Virtual size: 2.0MB

.rsrc Size: 36KB - Virtual size: 33KB

.rdata Size: 8KB - Virtual size: 5KB

.text
Size: 4KB - Virtual size: 1KB

.idata
Size: 16KB - Virtual size: 12KB

.data
Size: 492KB - Virtual size: 2.0MB

.rsrc
Size: 36KB - Virtual size: 33KB

.rdata
Size: 8KB - Virtual size: 5KB