964ed8980e89f031b974d61898a220f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

964ed8980e89f031b974d61898a220f1_JaffaCakes118
Size

128KB
MD5

964ed8980e89f031b974d61898a220f1
SHA1

e37e486a191084c4ed004c2f0d582b904c43c269
SHA256

a41fa58f5a7b2c663f0b6a052f8d94ab80533615451e99af2ca04e95e05388f1
SHA512

9ecd66ce98c0949cdc836ccbf76e201a31499f2bd220f2af3cae478f315fb231f93730b3d81438e1db91715d05ad9bed596de53a882ba31087721deca0ff4e74
SSDEEP

3072:fuiTmQnHYK+WSC+vfgbMCxCtT3hGJ8DQ1/8UdG2:fJTmQnHYK+WSJmxC9Me8mUQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
964ed8980e89f031b974d61898a220f1_JaffaCakes118

Files

964ed8980e89f031b974d61898a220f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

17fc0c85ff6495f2e07b3cf3e59c4945

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSidIdentifierAuthority
RegSetValueExA
QueryServiceConfigW
SetSecurityDescriptorSacl
LookupAccountNameW
RegRestoreKeyW
RegCreateKeyA
StartServiceCtrlDispatcherW
GetKernelObjectSecurity
ReportEventA
RegCreateKeyW
SetEntriesInAclW
AllocateAndInitializeSid
AdjustTokenPrivileges
GetSidSubAuthorityCount
SetFileSecurityA
SetSecurityDescriptorGroup

user32

OffsetRect
DestroyCursor
SendInput
SetClipboardData
LoadBitmapW
DrawTextA
DialogBoxParamA
IsClipboardFormatAvailable
GetSysColorBrush
GetScrollPos
CreateDialogIndirectParamA
FindWindowExW
InvalidateRect
PostMessageW
SetRectEmpty
ScrollWindow
IsDlgButtonChecked
IsChild
GetCursorPos
GetSysColor
ClientToScreen
AppendMenuW
CopyAcceleratorTableW
GetUserObjectInformationW
DrawTextExA
ShowScrollBar
EmptyClipboard
CheckMenuItem
GetLastActivePopup
DeferWindowPos
GetClassNameA
EnumDisplaySettingsW
SetWindowPlacement
ValidateRect
FindWindowA
FindWindowW
SystemParametersInfoA
ShowOwnedPopups
CreateMenu
CharPrevW
TranslateAcceleratorW
KillTimer
PostMessageA
RemovePropA
CharNextA
LockWindowUpdate
SetForegroundWindow
ReuseDDElParam
CharLowerA
CopyImage
GetCaretPos
RemoveMenu
TranslateMDISysAccel
PostQuitMessage
PeekMessageW
CharPrevA
LoadIconA
GetKeyboardLayoutList
SetWindowPos

shlwapi

PathIsFileSpecA
StrFormatByteSizeW
SHRegDeleteEmptyUSKeyW
SHGetValueW
PathIsSameRootA
PathMakePrettyW
SHQueryInfoKeyW
PathGetDriveNumberW
PathIsRelativeW
PathRenameExtensionA
PathIsRootW
PathAddExtensionW
SHQueryValueExA
PathFindFileNameA
SHDeleteValueW
SHDeleteKeyW
PathRemoveArgsW
StrCmpW
StrCatW
SHRegGetBoolUSValueA
PathFindOnPathW
PathRemoveBlanksA
StrSpnW
SHEnumValueW
PathAppendA
StrToIntW
ChrCmpIW
PathQuoteSpacesW
SHRegGetBoolUSValueW
PathUnquoteSpacesW
PathStripPathA
SHDeleteEmptyKeyW
PathRemoveFileSpecW
PathMatchSpecA
PathCommonPrefixA
PathIsUNCA
StrCpyW
PathIsDirectoryW
PathFileExistsA
PathParseIconLocationW
StrToIntExA
StrToIntA
StrToIntExW
SHRegSetUSValueW
PathRemoveExtensionA
PathIsRelativeA
StrCmpIW
SHRegEnumUSValueW
PathIsUNCW
PathIsUNCServerShareA
PathRemoveBackslashA
PathStripToRootA
PathFileExistsW
SHRegDeleteUSValueW
PathRemoveFileSpecA
PathIsSameRootW
PathCombineW
PathUnquoteSpacesA
PathAddBackslashA
SHDeleteEmptyKeyA
PathParseIconLocationA
PathCompactPathW
PathRelativePathToW
PathRenameExtensionW
StrCSpnW
SHSetValueA
PathIsDirectoryA
PathCombineA
PathCompactPathExA
PathMatchSpecW
StrPBrkA
SHEnumKeyExA
PathSetDlgItemPathW
SHRegQueryUSValueW
PathFindExtensionW
PathGetArgsA
PathIsPrefixW
PathGetCharTypeA
PathMakeSystemFolderW
PathBuildRootW
SHDeleteKeyA
StrFromTimeIntervalW
PathRemoveBackslashW
SHGetValueA

gdi32

CreateFontIndirectW
GetTextMetricsA
GetPixel
BeginPath
GetObjectType
SetViewportExtEx
DeleteDC
EndPath
TextOutA
CreateBitmap
ScaleWindowExtEx
SetAbortProc
CreateDCA
SetWindowExtEx
GetCharWidthA
SetPolyFillMode
GetWinMetaFileBits
StrokePath
GetTextCharsetInfo
FillRgn
EnumFontFamiliesExW
SetStretchBltMode
RectVisible
CreateICA
SetTextCharacterExtra
CreateFontA
Polyline
GetClipBox
CopyEnhMetaFileW
SelectPalette
CreateDCW
GetWindowOrgEx

kernel32

GetCurrentDirectoryW
GlobalGetAtomNameW
HeapCompact
GetProcessHeaps
AddAtomA
CreateRemoteThread

urlmon

RegisterFormatEnumerator
CreateAsyncBindCtxEx
UrlMkSetSessionOption
URLDownloadToCacheFileW
UrlMkGetSessionOption
CoInternetQueryInfo
IsLoggingEnabledA
RevokeFormatEnumerator
CreateURLMoniker
HlinkSimpleNavigateToString
RegisterBindStatusCallback
HlinkGoForward
CoInternetGetProtocolFlags
HlinkNavigateMoniker
URLOpenBlockingStreamA
CoInternetCreateSecurityManager
URLOpenPullStreamW
URLOpenPullStreamA
ReleaseBindInfo
RevokeBindStatusCallback
HlinkGoBack
CoInternetCompareUrl
CopyStgMedium
CoGetClassObjectFromURL
HlinkNavigateString
SetSoftwareUpdateAdvertisementState
URLOpenBlockingStreamW
MkParseDisplayNameEx
GetClassURL
IsValidURL
ObtainUserAgentString
CoInternetCreateZoneManager
FindMimeFromData
RegisterMediaTypeClass
FindMediaType
CoInternetParseUrl
RegisterMediaTypes
CreateFormatEnumerator
HlinkSimpleNavigateToMoniker
CoInternetGetSecurityUrl
CreateAsyncBindCtx
URLDownloadToCacheFileA
GetClassFileOrMime
WriteHitLogging
CoInternetGetSession
IsAsyncMoniker

wininet

DeleteUrlCacheEntry
InternetOpenUrlA
InternetSetOptionA
RetrieveUrlCacheEntryFileA
FindNextUrlCacheEntryExW
HttpSendRequestExW
GopherGetLocatorTypeW
InternetReadFileExA
InternetGoOnline
FindNextUrlCacheEntryW
InternetReadFileExW
FtpRenameFileA
InternetSetCookieW
HttpEndRequestW
FtpGetCurrentDirectoryA
InternetConnectW
GetUrlCacheEntryInfoExA
InternetOpenW
InternetCheckConnectionW
InternetConfirmZoneCrossing
InternetAutodialHangup
FtpDeleteFileA
HttpAddRequestHeadersA
FtpSetCurrentDirectoryW
InternetConnectA
InternetCloseHandle
FtpGetFileW
InternetGetLastResponseInfoA
InternetCreateUrlW
SetUrlCacheEntryGroup
CommitUrlCacheEntryW
InternetQueryOptionW
RetrieveUrlCacheEntryFileW
FindFirstUrlCacheEntryA
FtpCreateDirectoryW
RetrieveUrlCacheEntryStreamA
FindFirstUrlCacheEntryExA
HttpSendRequestExA
CreateUrlCacheEntryW
DeleteUrlCacheGroup
InternetCombineUrlA
UnlockUrlCacheEntryStream
InternetCreateUrlA
SetUrlCacheEntryInfoA
InternetGetCookieW
FtpSetCurrentDirectoryA
GopherCreateLocatorA
InternetErrorDlg
InternetCrackUrlW
InternetLockRequestFile
GopherGetAttributeW
InternetOpenA
GopherFindFirstFileA
InternetFindNextFileA
InternetTimeToSystemTime
GopherFindFirstFileW
InternetCanonicalizeUrlW
FindCloseUrlCache
GetUrlCacheEntryInfoExW
GopherOpenFileA
FtpFindFirstFileW
InternetCrackUrlA
HttpQueryInfoW
InternetSetDialState
InternetCheckConnectionA
InternetDial
InternetAttemptConnect
FtpPutFileW
FtpRenameFileW
InternetWriteFile
CreateUrlCacheGroup
GetUrlCacheEntryInfoA
CreateUrlCacheEntryA
InternetOpenUrlW
FtpDeleteFileW
FtpOpenFileW
HttpSendRequestA
HttpSendRequestW
FtpCreateDirectoryA
FindFirstUrlCacheEntryW
FtpFindFirstFileA
GopherGetAttributeA
HttpQueryInfoA
FindNextUrlCacheEntryExA
InternetGetLastResponseInfoW
InternetQueryOptionA
InternetSetOptionW
HttpOpenRequestA
InternetSetCookieA
GetUrlCacheEntryInfoW

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17fc0c85ff6495f2e07b3cf3e59c4945

Headers

File Characteristics

Imports

advapi32

user32

shlwapi

gdi32

kernel32

urlmon

wininet

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 46KB

.rsrc Size: 24KB - Virtual size: 20KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 46KB

.rsrc
Size: 24KB - Virtual size: 20KB