059792bf7731a158db6ffc1f4eb63869_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

059792bf7731a158db6ffc1f4eb63869_JaffaCakes118
Size

92KB
MD5

059792bf7731a158db6ffc1f4eb63869
SHA1

bec949c678393d7def4297d6b5c6704c27113599
SHA256

872878f8d63d09449c1412e21be2a8ac75e5799c1f2918c583afc885cbe6b02d
SHA512

8035f2c9fde67dca3ad19a46b5d6ae1c149ac5ee38709fa41eec29ce351b5152c11bf1d3011169a948be4d2a701b2e99ed4e9d16cd3b95628a48a7d565445b8f
SSDEEP

1536:4TKjS9hkpc0dXDLM0tBGBgjUlmXWYtab1at5CH00xCRZWb5qXx/G4A2QG4Aa/qwD:mbkpnVDjBhhWYtaItIH00zJ2FJhXI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
059792bf7731a158db6ffc1f4eb63869_JaffaCakes118

Files

059792bf7731a158db6ffc1f4eb63869_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1a859f1dd7cd9251475b647cd4e28c3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashA
AssocQueryStringByKeyW
PathAddBackslashW
PathUnmakeSystemFolderA
StrCmpNA
SHEnumValueW
SHRegQueryInfoUSKeyW
SHRegWriteUSValueA
PathCombineA
PathGetDriveNumberW
SHQueryInfoKeyW
PathIsURLW
SHStrDupA
StrFormatByteSizeA
StrCmpIW
PathCreateFromUrlA
SHRegDeleteUSValueW
StrChrIA
PathFindOnPathA
StrCSpnA
UrlUnescapeW
SHDeleteKeyA
StrRChrIA
SHEnumValueA
SHRegDeleteEmptyUSKeyA
PathGetArgsA
PathMakeSystemFolderA
UrlUnescapeA
SHRegQueryUSValueA
SHRegDeleteEmptyUSKeyW
SHStrDupW
PathIsDirectoryEmptyW
StrStrW
AssocQueryStringByKeyA
HashData
PathRenameExtensionA
PathGetDriveNumberA
SHDeleteEmptyKeyW
UrlCanonicalizeA
PathIsContentTypeW
StrChrIW
UrlGetLocationA
PathGetCharTypeA
PathRemoveBackslashW
PathBuildRootA
StrFormatByteSizeW
ColorRGBToHLS
SHDeleteValueW
wnsprintfA
StrChrW
PathFindSuffixArrayW
SHDeleteEmptyKeyA
PathQuoteSpacesA
PathStripPathW
StrDupA
PathRelativePathToW
PathUnmakeSystemFolderW
UrlIsW
UrlCompareA
PathIsFileSpecW
PathIsSystemFolderW
PathIsRelativeW
StrRStrIA
SHRegGetBoolUSValueA
PathRemoveBlanksW
StrSpnA
SHRegGetUSValueA
PathSearchAndQualifyA
AssocQueryStringA
StrFormatKBSizeA
PathCanonicalizeW
PathIsContentTypeA
SHEnumKeyExW
GetMenuPosFromID
PathCombineW
wnsprintfW

ole32

CoRevokeMallocSpy
StringFromCLSID
IIDFromString
StgOpenStorage
CoGetInstanceFromIStorage
StgIsStorageFile
EnableHookObject
CreateItemMoniker
CoLoadLibrary
OleQueryLinkFromData
CoRevokeClassObject
OleInitialize
GetHGlobalFromILockBytes
OleCreateFromDataEx
CoGetClassObject
StgGetIFillLockBytesOnILockBytes
OleCreate
WriteFmtUserTypeStg
CoQueryReleaseObject
OleConvertOLESTREAMToIStorage
ProgIDFromCLSID
OleBuildVersion
SetConvertStg
CreateStreamOnHGlobal
GetDocumentBitStg
OleLoad
CoTaskMemAlloc
OleIsCurrentClipboard
CreateDataAdviseHolder
OleCreateFromFile
CoDisconnectObject
CoUnmarshalInterface
StgCreateDocfile
OleGetClipboard
PropVariantClear
UtGetDvtd16Info
CoInitializeSecurity
OleSetClipboard
CoQueryAuthenticationServices
OleGetAutoConvert
OleCreateLinkToFile
OleSetContainedObject
OleCreateFromData
OleConvertIStorageToOLESTREAM
CoFreeUnusedLibraries
OleRegEnumFormatEtc
StringFromIID
OleSetAutoConvert
CoSetProxyBlanket
CreateOleAdviseHolder
CoAddRefServerProcess
CoInitializeEx
CoMarshalInterface
CoGetInstanceFromFile
DoDragDrop
PropVariantCopy
OleUninitialize
CLSIDFromProgID
UtConvertDvtd16toDvtd32
CoRevertToSelf
UpdateDCOMSettings
StgCreateDocfileOnILockBytes
CoRegisterChannelHook
MonikerCommonPrefixWith
StgGetIFillLockBytesOnFile

kernel32

VirtualProtect
MoveFileW
WaitForDebugEvent
PostQueuedCompletionStatus
SetProcessShutdownParameters
CreateTapePartition
GetLastError
SwitchToThread
PurgeComm
SetLocaleInfoW
LockFileEx
DeleteFileW
EnumCalendarInfoW
SetCalendarInfoA
SetTapeParameters
HeapWalk
DisableThreadLibraryCalls
PeekConsoleInputW
CreateFileW
TerminateProcess
IsSystemResumeAutomatic
CopyFileA
EnumResourceTypesA
EnumDateFormatsExW
VirtualUnlock
ReadConsoleOutputCharacterW
GetNumberFormatW
SetDefaultCommConfigA
CreateNamedPipeA
FlushViewOfFile
GlobalFree
EnumResourceNamesW
GetTimeZoneInformation
EnumSystemLocalesW
WriteProfileStringA
lstrcpynA
VirtualFreeEx
WritePrivateProfileSectionA
EndUpdateResourceW
MapViewOfFileEx
HeapUnlock
LoadLibraryExA
DefineDosDeviceW
WaitForMultipleObjectsEx
GetDiskFreeSpaceExA
GetMailslotInfo
LockResource
IsValidLocale
VirtualAlloc
ClearCommError
ResetEvent
WriteConsoleInputW
SetUnhandledExceptionFilter
DebugActiveProcess
RemoveDirectoryW
ClearCommBreak
ReadConsoleInputA
GetBinaryType
GetFileAttributesExA
SetVolumeLabelA
GetConsoleScreenBufferInfo
LoadLibraryExW
WriteConsoleInputA
FindFirstChangeNotificationW
GetCurrentDirectoryW
VerLanguageNameA
EnumResourceTypesW
SleepEx
LockFile
FatalAppExitW
SetHandleCount
BuildCommDCBA
GetPrivateProfileSectionA
EnumTimeFormatsA
GetConsoleMode
FlushInstructionCache
Thread32Next
SetConsoleMode
GetProcessTimes

advapi32

CryptHashData
GetMultipleTrusteeA
DeleteAce
RegSetValueExW
RegReplaceKeyA
DestroyPrivateObjectSecurity
ConvertAccessToSecurityDescriptorA
RegEnumValueA
CopySid
GetAce
DuplicateToken
ConvertSecurityDescriptorToAccessNamedA
GetNamedSecurityInfoW
SetServiceStatus
ReportEventW
ReportEventA
StartServiceCtrlDispatcherA
CreatePrivateObjectSecurity
GetSecurityInfo
AddAuditAccessAce
RegCreateKeyA
RegUnLoadKeyW
LogonUserA
GetEffectiveRightsFromAclA
RegisterEventSourceW
RegOpenKeyA
InitializeSecurityDescriptor
GetSecurityDescriptorLength
GetLengthSid
RegLoadKeyW
RegCreateKeyExW
RegRestoreKeyA
ReadEventLogA
OpenSCManagerW
OpenServiceW
RegUnLoadKeyA
StartServiceA
RegQueryValueA
IsValidSid
RegSetValueW
GetTrusteeTypeW
GetSidSubAuthorityCount
ObjectOpenAuditAlarmW
LookupPrivilegeValueA
PrivilegedServiceAuditAlarmA
DeregisterEventSource
GetExplicitEntriesFromAclA
RegQueryMultipleValuesW
RegOpenKeyExW
RegQueryInfoKeyA
BuildExplicitAccessWithNameW
RegQueryValueW
GetSecurityDescriptorGroup
GetExplicitEntriesFromAclW
MakeAbsoluteSD
InitializeSid
GetAccessPermissionsForObjectW
AreAllAccessesGranted
IsTextUnicode
CryptEncrypt
RegDeleteValueW
ConvertSecurityDescriptorToAccessNamedW
GetServiceKeyNameA
RegFlushKey
RegisterEventSourceA
CryptDeriveKey
FreeSid
StartServiceW
OpenEventLogW
BuildTrusteeWithSidW
GetAuditedPermissionsFromAclW
CreateProcessAsUserA
LookupPrivilegeNameW
AccessCheckAndAuditAlarmW
BuildSecurityDescriptorW
CryptSetProviderW

user32

CharToOemBuffA
GetAsyncKeyState
DdeInitializeW
CreateWindowExW
GetKeyboardLayoutList
ValidateRect
SetDlgItemTextW
GetDoubleClickTime
FindWindowExW
HiliteMenuItem
GetWindowRect
GetKeyboardType
CallMsgFilter
CharUpperW
WaitForInputIdle
GetDlgItem
IsCharAlphaNumericA
GetMenuCheckMarkDimensions
SetProcessWindowStation
EnumDisplayDevicesA
SetMessageQueue
GetDlgCtrlID
DrawTextExA
DdeUninitialize
GetWindowWord
LoadImageW
MonitorFromRect
SetWindowRgn
CreateIconFromResource
VkKeyScanA
GetScrollInfo
GetCursorInfo
InsertMenuItemW
GetWindowInfo
CopyAcceleratorTableW
InsertMenuItemA
AppendMenuA
SetFocus
CreateDesktopA
CharPrevA
DdeGetLastError
DialogBoxIndirectParamA
UnregisterDeviceNotification
SetParent
GetWindowModuleFileNameW
LoadKeyboardLayoutW
ReuseDDElParam
GetCapture
WinHelpA
EndTask
GetProcessWindowStation
ChangeDisplaySettingsA
ValidateRgn
RegisterHotKey
TabbedTextOutA
DefFrameProcW
FindWindowA
DdeReconnect
DdeDisconnectList
GetDlgItemInt
GetUserObjectSecurity
GetThreadDesktop
DdeAbandonTransaction
SetRectEmpty
EnumChildWindows
DrawStateW
WindowFromPoint
OpenClipboard
EnumClipboardFormats
CreateCursor
AdjustWindowRect
DdeImpersonateClient
GetClientRect
IsZoomed
GetScrollRange
DefFrameProcA
DdeQueryStringW
ReplyMessage
SetScrollPos
EnumDesktopWindows
ReleaseDC
IsWindow
GetMenuItemInfoW
SwapMouseButton
ImpersonateDdeClientWindow
IsDialogMessageW
CharToOemBuffW
GetClassInfoA
DrawTextExW
DdeConnectList
SetClassWord
CharLowerW
CloseWindowStation
EndPaint
DialogBoxParamA
SetMenuDefaultItem

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a859f1dd7cd9251475b647cd4e28c3d

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ole32

kernel32

advapi32

user32

Sections

.text Size: 79KB - Virtual size: 79KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 12KB

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 12KB