07b5b753a99b8a3946f3df9a4e9ba0d2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07b5b753a99b8a3946f3df9a4e9ba0d2_JaffaCakes118
Size

81KB
MD5

07b5b753a99b8a3946f3df9a4e9ba0d2
SHA1

a719b8e30ef3a85c563124d98ffad0a541ccef32
SHA256

b767d63f06acdaa23ce9174f77a13d22c0c199a8357250f8b8f56ab1fc0ba46e
SHA512

ed582f603d760133b12bed38175a72d78c3821bf64c0060a66ddc858581de16d0b0236e8c9cae279d8f4779c5ba82adba42bf7000e04a7c3322c628cf22d0bf0
SSDEEP

1536:/rTDAvvjXqpnM5xKZu5P5zPlADPKBVD9ZTp+AbYYiwb136nzHY/N00oj:z4vvjqqDPREcdbsYg4/NFo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07b5b753a99b8a3946f3df9a4e9ba0d2_JaffaCakes118

Files

07b5b753a99b8a3946f3df9a4e9ba0d2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d448c0329eef9120c3b26320376f49be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

QueryServiceConfigW
CryptSetProvParam
GetSecurityDescriptorDacl
NotifyChangeEventLog
BackupEventLogW
ConvertSecurityDescriptorToAccessA
RegOpenKeyExA
GetEffectiveRightsFromAclA
GetCurrentHwProfileW
AddAccessDeniedAce
OpenBackupEventLogW
MakeSelfRelativeSD
DeleteService
CryptReleaseContext
SetNamedSecurityInfoExA
SetEntriesInAccessListW
SetFileSecurityW
CryptExportKey
RegCreateKeyA
ConvertAccessToSecurityDescriptorA
GetAclInformation
RegRestoreKeyW
IsValidSid
SetServiceObjectSecurity
CopySid
CreateProcessAsUserW
FreeSid
CancelOverlappedAccess
TrusteeAccessToObjectA
RegQueryValueW
GetSidLengthRequired
ClearEventLogA
CryptEnumProvidersW
PrivilegedServiceAuditAlarmA
StartServiceA
RegQueryInfoKeyW
InitiateSystemShutdownW
RegFlushKey
GetNamedSecurityInfoExW
ReportEventW
QueryServiceConfigA
CryptGetHashParam
RegCreateKeyW
CryptGenRandom
CryptGetDefaultProviderW
BuildImpersonateExplicitAccessWithNameA
RegGetKeySecurity
DuplicateTokenEx
CreatePrivateObjectSecurity
AreAllAccessesGranted
ImpersonateNamedPipeClient
CryptGenKey
ConvertSecurityDescriptorToAccessW
CreateProcessAsUserA
GetServiceDisplayNameW
SetSecurityInfoExA
ObjectPrivilegeAuditAlarmA
AddAuditAccessAce
GetNumberOfEventLogRecords
RegEnumKeyExA
UnlockServiceDatabase
GetMultipleTrusteeW
EqualPrefixSid

ole32

CoQueryReleaseObject
CreateILockBytesOnHGlobal
ReadClassStm
OleLoad
OleCreateLinkFromData
OleCreateFromData
CoInitialize
StgOpenStorage
CoCreateGuid
OleConvertOLESTREAMToIStorageEx
GetHookInterface
OleDraw
CoTaskMemRealloc
OleDestroyMenuDescriptor
CreateClassMoniker
StgSetTimes
CoGetInterfaceAndReleaseStream
GetDocumentBitStg
UtConvertDvtd32toDvtd16
DllDebugObjectRPCHook
WriteFmtUserTypeStg
CoMarshalInterface
ReleaseStgMedium
BindMoniker
CoTreatAsClass
CoGetInstanceFromFile
SetDocumentBitStg
RegisterDragDrop
CoLoadLibrary
OleDuplicateData
OleCreateFromDataEx
CoGetClassObject
OleCreateEmbeddingHelper
OleConvertIStorageToOLESTREAM
CoFreeLibrary
RevokeDragDrop
OleCreateDefaultHandler
CoGetCallContext
CoFreeUnusedLibraries
CoSuspendClassObjects
OleGetClipboard
CoTaskMemFree
CoGetCurrentProcess
CreateAntiMoniker
IIDFromString
CreateBindCtx
CreateOleAdviseHolder
CoRegisterMessageFilter
PropVariantCopy
OleRun
CreateItemMoniker
OleFlushClipboard
CoImpersonateClient
CoResumeClassObjects
CoFreeAllLibraries

user32

UnhookWindowsHook
GetUserObjectSecurity
GetKeyNameTextW
DialogBoxIndirectParamW
GetCaretPos
GetWindowModuleFileNameW
ExcludeUpdateRgn
SetWindowsHookExW
CountClipboardFormats
ClientToScreen
DdeQueryStringW
SetScrollInfo
DdeImpersonateClient
DragObject
SwapMouseButton
IsCharAlphaW
SetMenuItemBitmaps
GetClassLongA
SetMenuItemInfoW
WaitMessage
EnumClipboardFormats
CheckDlgButton
CreateDialogIndirectParamA
ImpersonateDdeClientWindow
TabbedTextOutA
DialogBoxIndirectParamA
FrameRect
IsDlgButtonChecked
DdeSetUserHandle
CopyImage
ToUnicode
CharUpperBuffW
PostQuitMessage
DrawStateW
CreateAcceleratorTableW
LoadImageA
CreateAcceleratorTableA
AppendMenuA
IsChild
MapVirtualKeyW
SetClipboardViewer
LoadImageW
IsWindowEnabled
GetProcessDefaultLayout
UnregisterClassA
CreateIconFromResourceEx
CopyIcon
GetKeyboardLayoutNameW
GetWindowLongA
LoadMenuA
AdjustWindowRectEx
ChangeDisplaySettingsA
InsertMenuItemW
UpdateWindow
GetUserObjectInformationA
DdeSetQualityOfService
OpenWindowStationA
GetClientRect

kernel32

LCMapStringW
FreeConsole
LocalCompact
ExitProcess
GetLocaleInfoW
WriteConsoleA
CancelWaitableTimer
DeviceIoControl
VirtualProtect
GetSystemTimeAdjustment
SystemTimeToFileTime
lstrcpyn
WriteProfileSectionW
CreateFileW
SetLocaleInfoA
CreateWaitableTimerA
FindFirstFileA
WaitCommEvent
CreateThread
SetErrorMode
GetVolumeInformationA
SearchPathW
FreeLibraryAndExitThread
RequestWakeupLatency
SetProcessAffinityMask
VirtualAlloc
LocalShrink
RemoveDirectoryW
lstrcatW
Module32First
GetExitCodeThread
GetProcessAffinityMask
WritePrivateProfileStringA
GetTempPathA
DefineDosDeviceW
BuildCommDCBAndTimeoutsW
DisconnectNamedPipe
CreateMutexA
WriteConsoleInputA
Heap32First
lstrcpyW
HeapDestroy
SetThreadContext
SetVolumeLabelW
GetModuleHandleW
IsBadStringPtrA
CreateSemaphoreW
FoldStringW
VirtualQuery
VirtualFreeEx
lstrlenW
lstrcmpi
FlushInstructionCache
GetThreadLocale
GlobalLock
EnumTimeFormatsA
GetFileAttributesA
GetCommConfig
InitAtomTable
EndUpdateResourceW
SetConsoleTextAttribute
SetConsoleCursorInfo
GetDiskFreeSpaceW

shlwapi

UrlGetLocationA
PathFindNextComponentA
PathIsDirectoryW
AssocQueryStringByKeyW
PathUndecorateA
UrlIsA
SHDeleteEmptyKeyA
SHEnumKeyExW
StrRetToStrA
PathIsRelativeW
UrlCreateFromPathW
PathMakePrettyW
SHDeleteKeyA
PathRemoveArgsA
PathGetDriveNumberW
PathIsSameRootA
SHEnumKeyExA
SHSkipJunction
PathIsUNCServerW
PathCreateFromUrlA
SHCreateShellPalette
UrlIsOpaqueA
PathUnmakeSystemFolderW
PathFindExtensionA
StrRChrIW
StrCatBuffA
HashData
StrPBrkA
SHEnumValueW
PathRemoveArgsW
StrChrIA
StrCmpIW
PathAddExtensionW
SHDeleteKeyW
UrlIsOpaqueW
StrSpnA
SHSetValueA
SHRegQueryInfoUSKeyW
PathStripPathA
wnsprintfA
StrChrIW
PathSkipRootA
SHRegCreateUSKeyA
StrChrW
UrlCombineW
PathIsURLA
StrStrIA
StrDupW
SHQueryInfoKeyA
PathIsFileSpecW
SHDeleteValueW
PathUnquoteSpacesA
PathAddBackslashW
SHOpenRegStreamA
PathSetDlgItemPathA
UrlGetPartA
SHRegEnumUSKeyW
SHRegDeleteEmptyUSKeyA
PathMatchSpecA
ColorRGBToHLS
PathFindSuffixArrayA
PathIsDirectoryA
StrRChrIA
UrlCombineA
StrRetToBufA
SHCreateStreamOnFileA
SHRegDeleteEmptyUSKeyW
PathIsUNCServerA
StrCatBuffW
PathIsPrefixA
PathRenameExtensionW

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d448c0329eef9120c3b26320376f49be

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

user32

kernel32

shlwapi

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 24KB

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 24KB