6e6d6b9f3ae7428e172f43186da18ad4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6e6d6b9f3ae7428e172f43186da18ad4_JaffaCakes118
Size

2.8MB
MD5

6e6d6b9f3ae7428e172f43186da18ad4
SHA1

7f6173d3182c1536e1fc323a1069b9d31c824a21
SHA256

66508bb1069e760c85b1703cb6ef4fff79b29f1c120624874c2198a13d313625
SHA512

a03880e52791db2b509959f4906d7b705b4e4c5b4095cd53313f94f19eb1c062a1ad7ba5ba3a4ffff7b6ef4a0a59fc8596cb3e12cb35b757ca46fe9188f21333
SSDEEP

24576:8dMBl7ld3vTuARs3R/Yfk8PpQX6bkZbNza:gMH3vKK2XDZbNm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e6d6b9f3ae7428e172f43186da18ad4_JaffaCakes118

Files

6e6d6b9f3ae7428e172f43186da18ad4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

33a9ed3734683bd164374d987a4ac710

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenJobObjectA
GetStartupInfoW
SetThreadAffinityMask
ReleaseSemaphore
SetTapeParameters
CreateNamedPipeA
GetSystemWindowsDirectoryA
GetVolumeNameForVolumeMountPointA
PeekNamedPipe
ConvertDefaultLocale
GetDateFormatA
GetDriveTypeA
DefineDosDeviceW
CreateDirectoryExW
OpenWaitableTimerA
AssignProcessToJobObject
FindAtomA
TlsAlloc
CancelIo
GetCompressedFileSizeW
DeleteTimerQueueTimer
GlobalReAlloc
GetEnvironmentVariableA
SetEnvironmentVariableW
CreateWaitableTimerW
GetVolumePathNameW
VerSetConditionMask
GetEnvironmentStringsW
CreateMailslotW
GetStringTypeW
AreFileApisANSI
MultiByteToWideChar
GetModuleHandleW
EnumCalendarInfoExA
GetFileTime
CreateMutexA
GetEnvironmentStrings
GetFileSizeEx
DnsHostnameToComputerNameA
GetProfileStringA
OpenFileMappingW
GetThreadLocale
SetNamedPipeHandleState
CopyFileW
ChangeTimerQueueTimer
Module32NextW
FindResourceExW
GetProcessIoCounters
GetPrivateProfileIntW
RtlUnwind
GetConsoleAliasExesA
OpenMutexW
SetFileAttributesW
GetModuleHandleA
GetCPInfoExW
CreateMailslotA
GetConsoleCP
SetProcessPriorityBoost
FindResourceExA
GetConsoleAliasExesLengthW
SetLocaleInfoA
lstrcatA
CopyFileExW
IsValidLocale
DnsHostnameToComputerNameW
FindFirstVolumeA
GetFullPathNameW
GetFileSize
GetStringTypeA
WriteConsoleA
FlushConsoleInputBuffer
FormatMessageA
MapViewOfFile
LCMapStringA
GetWindowsDirectoryW
SetHandleInformation
RemoveDirectoryA
CreateSemaphoreA
GetPrivateProfileStructW
CompareStringW
DeleteTimerQueue
CreateIoCompletionPort
SetCalendarInfoA
ReadDirectoryChangesW
GetTempFileNameA
GetDiskFreeSpaceExW
OpenSemaphoreA
GetLocaleInfoA
GetUserDefaultLangID
ExitThread
GetPrivateProfileSectionA
GetConsoleScreenBufferInfo
CreateDirectoryW
GetPrivateProfileStringA
SetUnhandledExceptionFilter
GetLongPathNameA
SetStdHandle
GetProfileIntA
GetPrivateProfileSectionNamesA
GetProcessVersion
VirtualAlloc
GetDateFormatW
GetConsoleOutputCP
SetConsoleOutputCP
GetConsoleCursorInfo
GetStdHandle
DosDateTimeToFileTime
CreateSemaphoreW
GetCompressedFileSizeA
GetCPInfo
CreateJobObjectW
FindVolumeMountPointClose
OpenFileMappingA
FormatMessageW
GetAtomNameA
GetCalendarInfoW
GetNamedPipeHandleStateA
GetFileInformationByHandle
CreateDirectoryA
CreateNamedPipeW
GetNamedPipeHandleStateW
FlushFileBuffers
GetLogicalDrives
OpenMutexA
GetPriorityClass
ProcessIdToSessionId
GetConsoleAliasExesW
GetPrivateProfileStructA
lstrcpyW
GetConsoleAliasesA
GetCurrentConsoleFont
GetCPInfoExA
DeleteTimerQueueEx
GetPrivateProfileStringW
FindFirstVolumeMountPointA
GetSystemDefaultUILanguage
SetPriorityClass
GetConsoleMode
FindFirstFileA
SearchPathA
CreateDirectoryExA
GetUserDefaultLCID
GetTapeStatus
GetDiskFreeSpaceA
OpenWaitableTimerW
GetPrivateProfileSectionNamesW
SwitchToThread
GetFileType
CreateProcessA
FindResourceA
GetBinaryTypeA
CreateTapePartition
SetEvent
GetDevicePowerState
GetCurrentThread
GetDiskFreeSpaceW
FindAtomW
GetSystemDefaultLCID
GetAtomNameW
GetTimeFormatA
VirtualProtect
GetThreadTimes
SystemTimeToFileTime
FlushViewOfFile
WideCharToMultiByte
SetThreadPriorityBoost
ResumeThread
FoldStringA
GetDriveTypeW
ExpandEnvironmentStringsA
CreateProcessW
FindFirstFileExA
GetSystemDirectoryW
VerifyVersionInfoW
SetConsoleCP
SetMailslotInfo
IsBadReadPtr
GetCurrencyFormatA
QueryInformationJobObject
GetProfileIntW
Module32Next
MapViewOfFileEx
GetFileAttributesExW
SetCurrentDirectoryA
GetLogicalDriveStringsW
GetFileAttributesA
EnumCalendarInfoA
GetShortPathNameA
GetFileAttributesW
GetNumberFormatW
GetCurrencyFormatW
GetBinaryTypeW
OpenThread
GetShortPathNameW
MoveFileWithProgressA
GetComputerNameExW
GetPrivateProfileSectionW

rpcrt4

RpcRevertToSelfEx
RpcStringBindingComposeA
RpcBindingInqObject
RpcAsyncGetCallStatus
RpcServerRegisterIf2
NdrClearOutParameters
UuidFromStringW
RpcBindingCopy
RpcMgmtSetCancelTimeout
MesDecodeIncrementalHandleCreate
NdrInterfacePointerUnmarshall
RpcErrorGetNextRecord
RpcBindingInqAuthClientW
NDRCContextBinding
NdrConformantArrayBufferSize
RpcSsFree
RpcBindingSetObject
RpcImpersonateClient
NdrConformantStringMarshall
MesEncodeDynBufferHandleCreate
RpcErrorClearInformation
RpcSmDestroyClientContext
RpcErrorEndEnumeration
RpcStringBindingParseW
RpcServerInqCallAttributesA
RpcMgmtInqStats
UuidCreate
RpcServerYield
RpcFreeAuthorizationContext
MesBufferHandleReset
NdrServerInitialize
RpcServerUseProtseqIfW
NdrAsyncClientCall
RpcServerInqDefaultPrincNameW
NdrSimpleStructUnmarshall
NdrMesTypeDecode2
RpcServerInqCallAttributesW
NdrPointerBufferSize
NdrConvert
RpcBindingToStringBindingA
RpcServerTestCancel
RpcBindingSetAuthInfoExA
RpcMgmtIsServerListening
RpcErrorGetNumberOfRecords
RpcServerUseProtseqEpA
NdrCorrelationFree
RpcStringBindingComposeW
RpcCancelThread
NdrStubCall
NdrConvert2
RpcServerUseAllProtseqsIf
RpcBindingInqAuthClientExA
RpcServerUnregisterIf
RpcServerRegisterAuthInfoA
RpcStringFreeA
RpcStringBindingParseA
RpcMgmtInqServerPrincNameW
UuidCreateNil
RpcObjectSetType
RpcMgmtSetComTimeout
RpcAsyncCompleteCall
MesDecodeBufferHandleCreate
NdrMesTypeAlignSize2

user32

OpenWindowStationW
CharLowerBuffW
GetWindowLongW
GetAltTabInfoA

comctl32

ord17
CreatePropertySheetPageW
ImageList_DrawEx
ImageList_EndDrag
ImageList_SetImageCount
ImageList_LoadImageW
ImageList_DragLeave
ImageList_Read
FlatSB_SetScrollPos
_TrackMouseEvent
CreatePropertySheetPageA
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_AddMasked
CreateStatusWindowW
ImageList_Add
InitializeFlatSB
InitCommonControlsEx
PropertySheetA
ImageList_SetIconSize
ImageList_GetDragImage
DestroyPropertySheetPage
ImageList_Write
ImageList_DragShowNolock
ImageList_GetImageCount
ImageList_Destroy
ImageList_LoadImageA
FlatSB_GetScrollInfo
ImageList_GetBkColor
FlatSB_GetScrollPos
ImageList_BeginDrag
ImageList_Copy
ImageList_DragEnter
PropertySheetW
ImageList_SetDragCursorImage
CreateToolbarEx
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_GetImageInfo
ImageList_GetIcon
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Remove
FlatSB_SetScrollProp
ImageList_DrawIndirect
ImageList_GetIconSize
ImageList_Create

advapi32

RegConnectRegistryW
RegQueryMultipleValuesA
RegSetValueExW
SetTokenInformation
RegSetKeySecurity
GetSidSubAuthority
GetCurrentHwProfileW
RegNotifyChangeKeyValue
GetSidIdentifierAuthority
GetKernelObjectSecurity
RegSetValueA
SetKernelObjectSecurity
GetTokenInformation
AreAllAccessesGranted
GetSidLengthRequired
RegSetValueW
CryptDestroyHash
InitializeAcl
RegCreateKeyExW
RegCreateKeyExA
AddAuditAccessAce
AddAccessDeniedAce
RegCloseKey
AreAnyAccessesGranted
SetNamedSecurityInfoW
RegDeleteKeyA
DuplicateTokenEx
InitializeSecurityDescriptor
RegSetValueExA
GetSidSubAuthorityCount
RegQueryMultipleValuesW
RegQueryValueExA
AddAccessAllowedAce
AddAce
QueryServiceConfigW
RegisterEventSourceW
GetSecurityDescriptorGroup
RegQueryInfoKeyW
OpenServiceW
DeregisterEventSource
GetCurrentHwProfileA
RegDeleteValueW

shell32

SHGetFileInfoW
SHBrowseForFolderW
CommandLineToArgvW
SHBindToParent
SHGetFolderPathW
SHChangeNotify
SHGetSpecialFolderPathW
SHFileOperationW
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteExW
SHGetMalloc
SHGetDesktopFolder

ole32

CoGetObjectContext
HBITMAP_UserSize
CoGetMarshalSizeMax
PropVariantCopy
OleQueryLinkFromData
OleSave
PropVariantClear
HPALETTE_UserUnmarshal
CoSwitchCallContext
CoUnmarshalHresult
CoGetCallContext
STGMEDIUM_UserFree
OleCreateLink
ProgIDFromCLSID
StgOpenPropStg
OleFlushClipboard
CoSuspendClassObjects
CoQueryClientBlanket
GetRunningObjectTable
OleRun
CoFileTimeNow
CoCreateInstance
CoMarshalHresult
OleCreateFromFile
HDC_UserFree
CoCancelCall
CoCreateInstanceEx
CreateItemMoniker
HBITMAP_UserMarshal
CoGetInterfaceAndReleaseStream
HMENU_UserSize
OleConvertIStorageToOLESTREAMEx
StgCreateDocfileOnILockBytes
OleGetIconOfClass
OleIsCurrentClipboard
OleSetContainedObject
CreateDataAdviseHolder
CoInitializeEx
CoDisconnectObject
CLIPFORMAT_UserMarshal
CoAllowSetForegroundWindow
CoTaskMemAlloc
OleInitialize
OleConvertIStorageToOLESTREAM
HDC_UserSize
SetConvertStg
OleLoadFromStream
CLIPFORMAT_UserSize
CoSetProxyBlanket
CreateOleAdviseHolder
HPALETTE_UserMarshal

oleaut32

VariantChangeTypeEx
VariantClear
SafeArrayPtrOfIndex
VariantInit
SysFreeString
SysStringLen
SysAllocStringLen
SysAllocStringByteLen
VariantChangeType
SafeArrayGetLBound
SetErrorInfo
SafeArrayCreate
VariantCopyInd
SysReAllocStringLen
VariantCopy
GetActiveObject
GetErrorInfo
CreateErrorInfo
SafeArrayGetUBound

Sections

.text
Size: 929KB - Virtual size: 929KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.4aub
Size: 508KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1ca
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.s0k7f
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kra
Size: 430KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ivxj
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33a9ed3734683bd164374d987a4ac710

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

user32

comctl32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 929KB - Virtual size: 929KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 256KB

.4aub Size: 508KB - Virtual size: 507KB

.1ca Size: 408KB - Virtual size: 407KB

.s0k7f Size: 284KB - Virtual size: 284KB

.kra Size: 430KB - Virtual size: 429KB

.ivxj Size: 265KB - Virtual size: 264KB

.rsrc Size: 48KB - Virtual size: 48KB

.text
Size: 929KB - Virtual size: 929KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 256KB

.4aub
Size: 508KB - Virtual size: 507KB

.1ca
Size: 408KB - Virtual size: 407KB

.s0k7f
Size: 284KB - Virtual size: 284KB

.kra
Size: 430KB - Virtual size: 429KB

.ivxj
Size: 265KB - Virtual size: 264KB

.rsrc
Size: 48KB - Virtual size: 48KB