eaf2e1cfca48ffd3b2d5497d1d290c91_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eaf2e1cfca48ffd3b2d5497d1d290c91_JaffaCakes118
Size

79KB
MD5

eaf2e1cfca48ffd3b2d5497d1d290c91
SHA1

cfd18118c03d39cd38b01797253bfb3ac33164fc
SHA256

c64e6413c4d4ecb19c7777c12dde5330f31ea89b197f707a4e19e4c5ac4c4fe4
SHA512

de0dfe257374c6dfcf70a4675944134cb9e0fd5933dee32fcd49d0db8b8e4dbd8b1fe6e9fbeba0328d72076aa748942584491f240afbcf5446ef01b748ae0db8
SSDEEP

1536:YZzTQpILe/dAXshls+QrnRZkIetxbM8TbYvwoY8F+fLFpaHifV1HcpWiF4x:xd+B7rn3kLLP8vlF+fLTaHibcpz4x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eaf2e1cfca48ffd3b2d5497d1d290c91_JaffaCakes118

Files

eaf2e1cfca48ffd3b2d5497d1d290c91_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d0a0d039fcb15b411be439908ed6f2d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoBuildVersion
CoRegisterMessageFilter
OleInitialize
StgOpenStorageEx
CoLockObjectExternal
UtGetDvtd32Info
CoGetInterfaceAndReleaseStream
CoGetCallContext
OleLoadFromStream
ReadClassStg
GetHGlobalFromILockBytes
StgOpenStorage
OleIsCurrentClipboard
MonikerCommonPrefixWith
OpenOrCreateStream
CoFreeUnusedLibraries
RegisterDragDrop
CLSIDFromString
StgSetTimes
GetHGlobalFromStream
CoCreateGuid
CreateDataAdviseHolder
StgIsStorageFile
CoReleaseMarshalData
StgOpenStorageOnILockBytes
CreatePointerMoniker
CoRegisterPSClsid
StgCreateDocfileOnILockBytes
OleGetIconOfFile
MkParseDisplayName
SetDocumentBitStg
OleCreateLink
OleGetAutoConvert
CoGetObject
CoMarshalInterface
CoQueryAuthenticationServices
OleCreateLinkFromDataEx
CreateAntiMoniker
GetConvertStg
OleSetAutoConvert
CoIsHandlerConnected
CoUnmarshalHresult
CoResumeClassObjects
CoRevertToSelf
CoGetStandardMarshal
CreateFileMoniker
OleDestroyMenuDescriptor
CreateItemMoniker
CoIsOle1Class
CreateOleAdviseHolder
OleConvertIStorageToOLESTREAMEx
CoGetMarshalSizeMax
OleCreateFromData
OleSave
CreateObjrefMoniker
StgGetIFillLockBytesOnILockBytes
StgCreateStorageEx
CoFreeLibrary
OleRegGetUserType
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoSetProxyBlanket
CoGetPSClsid
OleCreateFromFile
CoGetCurrentLogicalThreadId
CoImpersonateClient
OleRegEnumFormatEtc
IsAccelerator
DoDragDrop
CoCreateInstanceEx
CoCopyProxy
OleBuildVersion
StringFromIID
OleRun
WriteStringStream
CoTaskMemAlloc
OleCreateEmbeddingHelper
CreateILockBytesOnHGlobal
PropVariantCopy
CoInitializeEx
UtConvertDvtd16toDvtd32
OleDuplicateData
GetDocumentBitStg
CoInitializeSecurity
OleSaveToStream
CoInitialize
IsEqualGUID
OleSetClipboard
OleConvertOLESTREAMToIStorageEx
OleQueryCreateFromData
OleSetMenuDescriptor
StgCreateDocfile
CoRevokeMallocSpy
GetHookInterface
WriteClassStg
CoQueryProxyBlanket
CoSwitchCallContext
CoUnmarshalInterface
CreateStreamOnHGlobal
OleNoteObjectVisible
CoMarshalInterThreadInterfaceInStream
ReadOleStg

user32

UnpackDDElParam
GetKeyNameTextA
ChangeDisplaySettingsExW
BroadcastSystemMessageA
SetCaretPos
IsWindowEnabled
EnumThreadWindows
CharPrevExA
OemToCharA
GetSystemMetrics
ExitWindowsEx
CreateDialogIndirectParamW
CharUpperBuffA
RemovePropW
DialogBoxIndirectParamW
SetScrollRange
GetKeyboardLayoutNameW
EnumDesktopWindows
SendMessageA
DrawStateW
GetClassInfoExA
RegisterClassExA
TranslateAcceleratorA
SetDlgItemTextA
WINNLSGetIMEHotkey
FlashWindow
IsCharAlphaNumericW
EnumDisplaySettingsExW
GetShellWindow
SetWindowPlacement
CascadeChildWindows
CharNextA
SetPropA
IsMenu
ToAscii
DdeInitializeW
DefDlgProcW
InternalGetWindowText
IsCharAlphaW
DefFrameProcW
EndDialog
IsCharLowerA
DestroyCursor
EnableWindow
DefDlgProcA
TrackPopupMenu
DrawFrameControl
GetCursorInfo
RemoveMenu
SetProcessWindowStation
MapDialogRect
UnregisterDeviceNotification
VkKeyScanA
GetDlgItem
CreateIcon
PeekMessageW
EndMenu
GetClassInfoExW
SetWindowTextA
GetDCEx
DrawTextExW
DdeSetUserHandle
DdePostAdvise
CreateMDIWindowW
LoadCursorFromFileA
PostQuitMessage
SubtractRect
DlgDirSelectExA
FrameRect
UnionRect
GetClassInfoW
ChangeDisplaySettingsW
EnumDisplaySettingsExA
GetThreadDesktop
SendIMEMessageExW
IsCharUpperA
KillTimer
LoadStringW
GetWindowContextHelpId
MapVirtualKeyW
SetWinEventHook
LoadIconW
DragObject
SetScrollPos
SetTimer
EnumChildWindows
DdeQueryNextServer
InSendMessage
IsDialogMessage
EditWndProc
GetMessageW
DragDetect
GetMenuStringW
SetMenu
BroadcastSystemMessage
GetWindowPlacement
AttachThreadInput
LoadKeyboardLayoutA
GetKBCodePage
GetClassLongW
LoadMenuIndirectA
UnhookWindowsHook
RegisterClassA
SetMenuDefaultItem
GetClassInfoA
DdeQueryStringW
ToAsciiEx
OpenDesktopW
EmptyClipboard
GetAltTabInfo
BeginDeferWindowPos
MessageBoxExA
SendMessageTimeoutW
GetMenu
GetMessagePos
DrawStateA
UpdateWindow
InsertMenuW
EnumWindows
TranslateMessage
VkKeyScanW
SetLastErrorEx
GetClipboardData

kernel32

GetOEMCP
SetVolumeLabelW
GetWindowsDirectoryA
CreateNamedPipeA
FatalAppExitW
MoveFileW
EndUpdateResourceA
GetEnvironmentStrings
BackupSeek
SetStdHandle
LockResource
SetEvent
lstrcpynW
WriteConsoleOutputA
QueueUserAPC
PulseEvent
GetCurrentThreadId
SetConsoleTitleW
GetLargestConsoleWindowSize
GetCompressedFileSizeW
MoveFileExA
GetCurrentDirectoryA
FindNextFileW
GetDefaultCommConfigA
EnumCalendarInfoExA
HeapCreate
GetDiskFreeSpaceExA
SetThreadIdealProcessor
lstrcmpW
SetComputerNameA
CopyFileW
ExpandEnvironmentStringsA
FlushFileBuffers
GetStartupInfoA
QueryDosDeviceA
WriteConsoleOutputCharacterW
GlobalFree
LocalFlags
SetCommState
CreateNamedPipeW
RemoveDirectoryW
GetProcessAffinityMask
lstrlenA
WriteProfileStringW
WriteConsoleOutputW
GetWindowsDirectoryW
GetProcessVersion
CreateMailslotA
Heap32First
GetLocaleInfoA
GetBinaryType
GetModuleHandleW
GetOverlappedResult
GlobalFindAtomW
EnumResourceNamesW
SetTapeParameters
IsBadHugeReadPtr
CreateIoCompletionPort
LoadLibraryExW
SetProcessPriorityBoost
FreeResource
EnumCalendarInfoW
CallNamedPipeW
GetBinaryTypeA
SetCalendarInfoA
SetHandleInformation
TlsSetValue
GetStdHandle
GetFullPathNameW
CreateProcessW
WriteFileGather
ReleaseMutex
CreatePipe
Heap32Next
GetCommTimeouts
GetComputerNameA
EraseTape
EnumResourceTypesW
GetLogicalDriveStringsW
GetConsoleOutputCP
OpenWaitableTimerA
TlsAlloc
GetDiskFreeSpaceW
FindNextFileA
GetLongPathNameA
EnumResourceTypesA
WritePrivateProfileStringW
FreeEnvironmentStringsA
UpdateResourceW
SystemTimeToFileTime
FoldStringW
GetCommMask
GetCompressedFileSizeA
Beep
RaiseException
GetSystemDefaultLangID
CreateEventW
SetCommMask
VirtualAlloc
CreateDirectoryA
FindClose
OpenMutexA
SetVolumeLabelA
OpenWaitableTimerW
LoadLibraryA
GetPrivateProfileSectionA
GlobalSize
ReadDirectoryChangesW
GetLongPathNameW
FindResourceExW
DeleteFileA
GetTempFileNameA
CreateProcessA
SetSystemPowerState
GetProcessShutdownParameters
QueryPerformanceCounter
EnumTimeFormatsW
LCMapStringA
GetCPInfoExA
WriteConsoleInputW
ReadProcessMemory
GetTapePosition
GetVersionExA
HeapValidate
GetProcessPriorityBoost
GetTimeFormatW
LocalAlloc
GetCommModemStatus
GetFileAttributesW
ReadConsoleOutputCharacterW
WritePrivateProfileStructA
SetThreadContext
VirtualProtect

shlwapi

PathGetDriveNumberA
StrCatW
StrStrW
PathGetArgsA
PathCommonPrefixA
PathRemoveBlanksW
SHRegSetUSValueW
PathUnmakeSystemFolderW
SHCopyKeyA
PathFindOnPathA
PathRemoveExtensionA
PathGetCharTypeA
UrlHashA
StrStrA
UrlUnescapeA
PathStripToRootW
StrRetToStrA
StrPBrkA
PathRenameExtensionW
SHRegCreateUSKeyA
PathIsNetworkPathW
StrToIntA
PathFindExtensionW
SHRegQueryInfoUSKeyA
PathIsUNCServerA
StrPBrkW
UrlGetLocationW
wnsprintfW
SHRegWriteUSValueW
UrlHashW
StrRChrIA
PathAddExtensionW
SHRegDuplicateHKey
SHSetValueW
PathUndecorateW
StrSpnA
PathStripToRootA
StrCmpNIW
SHDeleteEmptyKeyA
PathIsRootW
StrCmpIW
SHRegGetUSValueA
PathIsURLW
StrTrimA
StrCmpNW
SHCreateShellPalette
SHRegGetUSValueW
StrCSpnIA
UrlIsA
StrRetToBufW
PathIsContentTypeA
StrCpyNW
PathIsDirectoryW
ChrCmpIW
PathFindOnPathW
PathRemoveBackslashW
UrlCanonicalizeW
AssocQueryStringW
PathQuoteSpacesW
PathRemoveBlanksA
PathAddBackslashA
PathIsSystemFolderW
PathIsSameRootA
PathCompactPathExA
UrlCreateFromPathW
StrRetToStrW
wvnsprintfA
UrlGetPartW
ChrCmpIA
PathCompactPathW
PathIsRelativeA
PathFileExistsW
PathRemoveBackslashA
PathIsUNCW
PathMakePrettyA
SHOpenRegStream2W
PathAddBackslashW
SHAutoComplete
PathIsDirectoryA
SHEnumValueW
SHRegDeleteUSValueA
PathBuildRootW
StrRStrIA
PathGetArgsW
SHEnumValueA
SHOpenRegStreamA
ColorAdjustLuma
SHRegDeleteUSValueW
UrlCombineA
PathFindSuffixArrayA
SHRegOpenUSKeyA
PathBuildRootA
PathFindFileNameW
PathUnquoteSpacesW
PathAppendW
UrlGetLocationA
PathIsDirectoryEmptyW
GetMenuPosFromID
SHRegGetBoolUSValueW
PathIsUNCServerShareW
SHGetThreadRef
StrCatBuffA
PathMatchSpecW
UrlCreateFromPathA
SHDeleteValueA
SHRegDeleteEmptyUSKeyW
PathFindFileNameA
PathRemoveFileSpecW
StrFormatByteSizeW

advapi32

InitializeSecurityDescriptor
BuildSecurityDescriptorA
QueryServiceObjectSecurity
LookupPrivilegeValueA
LookupAccountSidA
GetSidIdentifierAuthority
OpenEventLogA
GetAclInformation
OpenEventLogW
ControlService
RegEnumKeyA
MakeSelfRelativeSD
LookupPrivilegeDisplayNameW
CryptSetProvParam
CryptVerifySignatureA
GetSidSubAuthority
GetAuditedPermissionsFromAclA
GetServiceKeyNameW
SetPrivateObjectSecurity
OpenSCManagerA
LookupAccountNameW
RegEnumValueA
SetServiceStatus
CryptGetHashParam
StartServiceCtrlDispatcherW
ObjectCloseAuditAlarmA
RegUnLoadKeyW
CloseEventLog
RegSetKeySecurity
RevertToSelf
GetServiceDisplayNameA
LookupPrivilegeValueW
CreateProcessAsUserA
ReadEventLogW
RegQueryMultipleValuesW
SetEntriesInAclW
OpenProcessToken
ObjectDeleteAuditAlarmW
RegConnectRegistryA
AddAuditAccessAce
CryptDestroyKey
SetSecurityDescriptorSacl
RegOpenKeyW
SetSecurityDescriptorOwner
QueryServiceConfigW
DeregisterEventSource
GetOverlappedAccessResults
CryptGetDefaultProviderW
LogonUserA
CryptGetProvParam
EnumServicesStatusW
BackupEventLogA
ImpersonateLoggedOnUser
CryptExportKey
GetFileSecurityA
GetMultipleTrusteeOperationW
CryptSetProviderExW
GetMultipleTrusteeA
SetThreadToken
CryptSetHashParam
GetAccessPermissionsForObjectA
QueryServiceStatus
DuplicateTokenEx
OpenThreadToken
QueryServiceLockStatusW
IsValidAcl
GetTrusteeNameW
RegisterEventSourceW
IsTextUnicode
GetMultipleTrusteeOperationA
CryptGetDefaultProviderA
BuildExplicitAccessWithNameW
GetUserNameW
ObjectDeleteAuditAlarmA
GetUserNameA
CreatePrivateObjectSecurity
RegCreateKeyExW
BuildImpersonateExplicitAccessWithNameW
RegRestoreKeyA
ImpersonateSelf
CryptEnumProviderTypesW
RegOpenKeyA
RegSetValueExW
CloseServiceHandle
CreateServiceW
CryptAcquireContextA
SetTokenInformation
RegSaveKeyA
CryptEnumProvidersW
GetSecurityInfoExA
ReportEventA
CryptEnumProvidersA
DestroyPrivateObjectSecurity
GetOldestEventLogRecord
DeleteAce
CryptSetProviderW
SetEntriesInAuditListW
CryptHashSessionKey
RegCreateKeyW
ConvertSecurityDescriptorToAccessA
LookupSecurityDescriptorPartsA
QueryServiceConfigA
ConvertSecurityDescriptorToAccessW
SetSecurityDescriptorDacl
GetEffectiveRightsFromAclW
CryptImportKey
RegSetValueW
EqualSid
BuildTrusteeWithSidA
RegisterServiceCtrlHandlerA
GetSecurityInfo
CryptDecrypt
RegOpenKeyExW
GetCurrentHwProfileW
AllocateAndInitializeSid
ObjectPrivilegeAuditAlarmA
PrivilegedServiceAuditAlarmA
GetExplicitEntriesFromAclW
EnumServicesStatusA
ConvertAccessToSecurityDescriptorW
CryptDeriveKey
CryptSetProviderA
InitiateSystemShutdownA
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
SetNamedSecurityInfoW

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 171B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d0a0d039fcb15b411be439908ed6f2d9

Headers

DLL Characteristics

File Characteristics

Imports

ole32

user32

kernel32

shlwapi

advapi32

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 171B

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 171B