17f0fa2dd4b328c34e3b04c9585205a5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

17f0fa2dd4b328c34e3b04c9585205a5_JaffaCakes118
Size

81KB
MD5

17f0fa2dd4b328c34e3b04c9585205a5
SHA1

ad815b2e0ace04c96ca8caa74e22c8023b54544b
SHA256

488f70de4c7b2c78b4327bd2d1260dcc3acfe42a8104234d508f4bd1bd10f01b
SHA512

eb37f0331e82c4c15254ee9bbe32154279b81f9d7b4b3e5dd881ff80c858cc8dc163f239e846634831908a3953704d3de8ab6eb5565b27e49629035adeacb1d8
SSDEEP

1536:KAr81O1DIS8N1H2b6BXnUZTwvqLHbaerb9j18jCf4QSfEpQMfhupY:MsDIvN1H2uBkZTfa6tm24REpQMpP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17f0fa2dd4b328c34e3b04c9585205a5_JaffaCakes118

Files

17f0fa2dd4b328c34e3b04c9585205a5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b9440d8eeb8c2e649cb6cb4af895a2eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

QueryServiceLockStatusW
ClearEventLogA
CryptGetDefaultProviderW
RegQueryValueW
GetExplicitEntriesFromAclA
CryptGenRandom
RegOpenKeyW
SetTokenInformation
GetOldestEventLogRecord
GetNumberOfEventLogRecords
GetAccessPermissionsForObjectA
LookupPrivilegeValueA
GetCurrentHwProfileA
SetEntriesInAuditListA
ConvertSecurityDescriptorToAccessNamedA
AreAnyAccessesGranted
RegSetKeySecurity
GetSecurityDescriptorDacl
RegCreateKeyExA
QueryServiceObjectSecurity
GetEffectiveRightsFromAclW
AddAccessDeniedAce
SetSecurityDescriptorDacl
SetKernelObjectSecurity
ImpersonateSelf
RegQueryInfoKeyW
AdjustTokenGroups
SetNamedSecurityInfoExA
SetPrivateObjectSecurity
AllocateLocallyUniqueId
GetTrusteeNameW
RegEnumValueA
RegEnumValueW
GetLengthSid
SetServiceStatus
RegQueryValueExW
ChangeServiceConfigA
NotifyChangeEventLog
GetMultipleTrusteeOperationA
RegSaveKeyA
GetSidLengthRequired
MakeAbsoluteSD
RegSetValueA
SetEntriesInAccessListA
BuildExplicitAccessWithNameW
SetSecurityDescriptorSacl
DuplicateToken
InitiateSystemShutdownW
BackupEventLogW
BuildImpersonateTrusteeA
GetAce
CryptHashSessionKey
CryptSignHashA
RegLoadKeyW
BuildSecurityDescriptorW
CryptEnumProviderTypesW
RegEnumKeyExA
RegRestoreKeyW
GetNamedSecurityInfoExW
LogonUserW

shlwapi

StrPBrkW
PathStripToRootW
PathRenameExtensionA
PathSearchAndQualifyA
SHQueryValueExA
PathIsURLW
SHCreateStreamOnFileW
StrChrW
UrlCreateFromPathA
SHRegQueryUSValueA
PathGetArgsW
PathRemoveBlanksW
PathIsContentTypeA
AssocQueryStringByKeyW
UrlUnescapeA
PathSetDlgItemPathW
PathIsDirectoryA
StrCmpIW
PathRemoveFileSpecA
PathCompactPathExW
PathRemoveBlanksA
StrRChrW
UrlHashA
wnsprintfA
StrIsIntlEqualA
StrToIntExW
StrIsIntlEqualW
StrPBrkA
GetMenuPosFromID
SHRegDeleteEmptyUSKeyW
UrlGetLocationW
PathCreateFromUrlA
UrlGetPartA
PathIsPrefixA
SHRegDeleteUSValueW
StrCmpNIW
PathGetCharTypeA
StrChrIW
StrFormatByteSizeW
PathMakeSystemFolderW
PathParseIconLocationW
PathFindExtensionA
PathStripPathA
SHRegOpenUSKeyW
PathGetCharTypeW
StrCpyNW
PathSearchAndQualifyW
UrlCompareA
SHRegOpenUSKeyA
PathCanonicalizeW
StrCpyW
StrDupW
ColorRGBToHLS
SHRegCreateUSKeyW
PathQuoteSpacesA
PathStripPathW
StrRChrA
UrlUnescapeW

user32

CreatePopupMenu
SetSysColors
IsRectEmpty
GetKeyboardLayoutList
DestroyCaret
GetTitleBarInfo
GetGuiResources
EndPaint
TranslateMessage
GetWindowDC
DdeQueryStringW
SetClassWord
GetDlgCtrlID
GetUserObjectInformationW
GetKeyNameTextW
GetClassLongA
DdeAddData
ScrollWindow
CreateWindowStationW
GetClipboardFormatNameA
ChangeClipboardChain
SetMenuInfo
RedrawWindow
IsCharAlphaNumericA
SetForegroundWindow
GetWindowTextLengthA
CheckMenuRadioItem
MenuItemFromPoint
DrawEdge
GetMenuStringA
SendNotifyMessageA
GetWindowPlacement
GetMenuItemID
CreateDesktopW
CreateAcceleratorTableW
ToUnicodeEx
SetScrollInfo
UnregisterHotKey
AttachThreadInput
GrayStringW
GetLastActivePopup
DefMDIChildProcW
IsCharUpperW
DdeDisconnect
SendMessageA
GetKeyboardType
SetRect
GetWindowInfo
DefFrameProcA
DdeImpersonateClient
ArrangeIconicWindows
LoadCursorFromFileW
MoveWindow
GetTopWindow
GetMessagePos
GetWindow
PostMessageA
GetPropA

ole32

CoTreatAsClass
CoInitialize
OleRegEnumFormatEtc
CoQueryReleaseObject
GetConvertStg
CoQueryProxyBlanket
CoFreeUnusedLibraries
CoReleaseServerProcess
OleCreateLinkToFile
OleMetafilePictFromIconAndLabel
CoRegisterChannelHook
CoGetObject
OleSaveToStream
WriteClassStg
PropVariantClear
OleCreateFromFile
CoGetMalloc
OleRun
CreateObjrefMoniker
CreateILockBytesOnHGlobal
OleTranslateAccelerator
SetConvertStg
CoRevokeMallocSpy
OleGetAutoConvert
OleGetClipboard
StgCreateStorageEx
OleCreateLink
CoLockObjectExternal
IsAccelerator
CreateDataCache
CoAddRefServerProcess
OleDoAutoConvert
CoTaskMemAlloc
OleDuplicateData
OleRegGetMiscStatus
OleCreateMenuDescriptor
CreatePointerMoniker
OleCreateFromDataEx
OleRegEnumVerbs
StgOpenStorage
CoGetCallerTID
CoGetCurrentLogicalThreadId
CoCreateInstanceEx
WriteStringStream
StgIsStorageFile
EnableHookObject
CoCopyProxy
CoRegisterMallocSpy
StringFromIID
GetDocumentBitStg
CoDisconnectObject
ReadFmtUserTypeStg
MonikerCommonPrefixWith
OpenOrCreateStream
OleSetContainedObject
GetHGlobalFromILockBytes

kernel32

SetTapeParameters
EnumDateFormatsW
ReadProcessMemory
SwitchToThread
GetProcessAffinityMask
ReadFileEx
VirtualFreeEx
GlobalFindAtomA
GetPrivateProfileStringA
FreeEnvironmentStringsW
GetFileAttributesExW
GetBinaryType
FoldStringA
LocalFree
GetPrivateProfileStructW
lstrcmpiA
GetTapePosition
Heap32ListFirst
SetWaitableTimer
GetUserDefaultLCID
GetMailslotInfo
IsValidCodePage
lstrcpynW
QueryPerformanceFrequency
TlsGetValue
FindResourceW
MapViewOfFile
VirtualProtect
GetConsoleCP
BeginUpdateResourceA
WritePrivateProfileStringW
SetLastError
WritePrivateProfileStructW
IsDBCSLeadByte
WriteConsoleW
LocalShrink
SetDefaultCommConfigW
GetCommModemStatus
FileTimeToLocalFileTime
SetThreadLocale
VirtualLock
ReadFile
WritePrivateProfileStructA
ReadConsoleW
IsDBCSLeadByteEx
Heap32ListNext
ScrollConsoleScreenBufferA
GlobalWire
GetSystemDirectoryW
GetCalendarInfoA
EnumSystemCodePagesW
SetStdHandle
VirtualAllocEx
TransactNamedPipe
SetProcessShutdownParameters
WaitNamedPipeA
WaitForMultipleObjectsEx
Module32Next
GetLocaleInfoA
CloseHandle
GetEnvironmentVariableA
GetDriveTypeW
SetThreadPriorityBoost
Thread32Next
MultiByteToWideChar
GetProcessTimes
VirtualQuery
DefineDosDeviceW
GetFileType
GetCommTimeouts
SetCalendarInfoA
VirtualAlloc
CreateFileW

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b9440d8eeb8c2e649cb6cb4af895a2eb

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

user32

ole32

kernel32

Sections

.text Size: 70KB - Virtual size: 70KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 20KB

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 20KB