158617d91e975dbc8c9e01ac142657fd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

158617d91e975dbc8c9e01ac142657fd_JaffaCakes118
Size

210KB
MD5

158617d91e975dbc8c9e01ac142657fd
SHA1

79e00967258229c1e89d3faf71babd10e50f6344
SHA256

da4ffe3b37d5c5ff963fd4945edcb8e50717657b91ee11b37bc3fb3041bdc41c
SHA512

7dbc5cfc401480cf518dfc50f85b5ab8049ddaed756b5e084d548570d3a393146a5903916232fdc4d63b8ae757a991f1e352e01920acd2c8830677d3b407e0ba
SSDEEP

3072:SDhlmTbbok6+H1dIQqG1j7UZuVIdkB/173EuxGyEKx5jvOVgSLqYE7U1u9vIiz7:Cq6m1d2G1j7UZuVIK7LEujEKfWWbYun

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
158617d91e975dbc8c9e01ac142657fd_JaffaCakes118

Files

158617d91e975dbc8c9e01ac142657fd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

74afb0177539f3096cb08ea11615d7d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
FindFirstFileW
FindFirstVolumeMountPointA
FindNextChangeNotification
GetAtomNameA
GetBinaryType
GetCommConfig
GetCompressedFileSizeW
GetComputerNameA
GetConsoleAliasW
GetConsoleCursorInfo
GetConsoleFontSize
GetCurrentProcessId
GetDefaultCommConfigA
GetEnvironmentVariableA
GetFileInformationByHandle
GetFileTime
GetHandleInformation
GetLogicalDriveStringsW
GetNumberOfConsoleInputEvents
GetPrivateProfileStructW
GetProfileStringA
GetStartupInfoA
GetStringTypeExW
GetSystemInfo
GetTempFileNameA
GetTempPathA
GetTempPathW
GetThreadLocale
GetUserDefaultLCID
GetVersion
GlobalAlloc
GlobalFlags
GlobalGetAtomNameA
GlobalUnWire
GlobalWire
Heap32ListNext
LoadLibraryA
FindFirstChangeNotificationA
LocalFlags
LocalHandle
LocalReAlloc
LocalSize
LocalUnlock
LockResource
MapViewOfFile
MulDiv
OpenEventA
Process32NextW
PurgeComm
QueryDosDeviceW
RaiseException
ReadConsoleInputA
ReplaceFileW
RtlMoveMemory
SetConsoleCP
SetConsoleCursorInfo
SetFileAttributesW
SetFilePointerEx
SetLocaleInfoW
SetThreadIdealProcessor
SetThreadPriority
SetupComm
SwitchToThread
TerminateProcess
VerifyVersionInfoW
VirtualQuery
WideCharToMultiByte
WriteConsoleOutputA
WriteConsoleOutputCharacterW
WritePrivateProfileStringW
WritePrivateProfileStructA
WriteProfileStringW
_lclose
lstrcmpi
lstrcpynW
FindClose
FatalAppExitW
ExpandEnvironmentStringsW
EnumUILanguagesW
EnumTimeFormatsW
EnumResourceTypesA
EnumCalendarInfoA
DuplicateHandle
CreateFileW
DosDateTimeToFileTime
DefineDosDeviceW
DebugBreak
CopyFileA
CancelTimerQueueTimer
BuildCommDCBAndTimeoutsA
BeginUpdateResourceW
Beep
VirtualAlloc
GetWindowsDirectoryW
lstrlenW
lstrcpyW
LocalCompact

user32

mouse_event
wvsprintfA
wvsprintfW
VkKeyScanA
UpdateWindow
LoadIconA
AnimateWindow
ArrangeIconicWindows
BeginDeferWindowPos
CallMsgFilterW
ChangeMenuA
CharNextW
CharToOemBuffA
ChildWindowFromPointEx
CreateAcceleratorTableA
CreateAcceleratorTableW
CreateIcon
CreatePopupMenu
DdeAccessData
DdeQueryStringA
DdeSetUserHandle
DefMDIChildProcA
DefWindowProcW
DeregisterShellHookWindow
DestroyAcceleratorTable
DialogBoxIndirectParamW
DialogBoxParamA
DlgDirListComboBoxW
DlgDirSelectExA
DrawStateA
DrawTextExA
DrawTextW
EnableMenuItem
EnableScrollBar
EndDeferWindowPos
EndMenu
EnumDisplayDevicesA
EnumDisplayMonitors
EnumPropsExW
EnumPropsW
ExitWindowsEx
GetClassWord
GetClientRect
GetClipboardOwner
GetClipboardSequenceNumber
GetCursorPos
GetDlgItemInt
GetDlgItemTextA
GetKeyNameTextA
GetKeyboardType
GetMenuItemInfoA
GetMessageTime
GetSysColor
GetTabbedTextExtentA
GetWindow
GetWindowDC
GetWindowTextA
IMPQueryIMEW
InsertMenuItemW
IsChild
IsRectEmpty
IsWindowVisible
LoadAcceleratorsA
LoadAcceleratorsW
LoadIconW
LoadImageA
LoadImageW
LoadMenuW
LoadStringW
MonitorFromPoint
OemToCharA
OemToCharBuffW
PostThreadMessageW
RegisterDeviceNotificationW
ReleaseDC
SendIMEMessageExA
SendMessageA
SendMessageTimeoutA
SendMessageTimeoutW
SendMessageW
SendNotifyMessageW
SetFocus
SetMenu
SetScrollInfo
TrackPopupMenuEx
ToUnicodeEx
ToAsciiEx
TileWindows
ShowCursor
ShowCaret
SetWindowRgn
SetWindowPlacement
SetUserObjectInformationW

comdlg32

ChooseFontA
ChooseFontW
CommDlgExtendedError
FindTextW
GetFileTitleA
GetFileTitleW
GetOpenFileNameA
GetOpenFileNameW
ChooseColorW
PageSetupDlgA
PageSetupDlgW
PrintDlgA
PrintDlgExA
PrintDlgExW
PrintDlgW
ReplaceTextA
ReplaceTextW
GetSaveFileNameA
ChooseColorA

advapi32

RegOpenKeyExA

shell32

DoEnvironmentSubstW
DoEnvironmentSubstA
CommandLineToArgvW
DragFinish
DragQueryFileA
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteExA
ShellExecuteEx
ShellExecuteA
ShellAboutW
ShellAboutA
SHQueryRecycleBinA
SHPathPrepareForWriteW
SHPathPrepareForWriteA
SHLoadNonloadedIconOverlayIdentifiers
SHLoadInProc
SHInvokePrinterCommandA
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetPathFromIDList
SHGetMalloc
SHGetInstanceExplorer
SHGetIconOverlayIndexW
SHGetIconOverlayIndexA
SHGetFolderPathW
SHGetFileInfoW
SHGetFileInfo
SHGetDiskFreeSpaceExW
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceA
SHGetDesktopFolder
SHGetDataFromIDListA
SHFreeNameMappings
SHFileOperationA
SHFileOperation
SHEmptyRecycleBinW
SHCreateProcessAsUserW
SHCreateDirectoryExW
SHCreateDirectoryExA
SHBrowseForFolderW
SHBrowseForFolderA
SHAppBarMessage
SHAddToRecentDocs
ExtractIconW
ExtractIconExW
ExtractIconExA
ExtractIconEx
ExtractAssociatedIconExA
ExtractAssociatedIconA
DragQueryPoint
DragQueryFileW
DragQueryFileAorW

ole32

WriteOleStg
WdtpInterfacePointer_UserMarshal
WdtpInterfacePointer_UserFree
UtGetDvtd16Info
UpdateDCOMSettings
StringFromCLSID
StgOpenStorage
StgIsStorageFile
StgGetIFillLockBytesOnILockBytes
StgCreateDocfile
StgConvertPropertyToVariant
SetConvertStg
STGMEDIUM_UserSize
SNB_UserUnmarshal
SNB_UserSize
SNB_UserMarshal
RegisterDragDrop
PropStgNameToFmtId
OleUninitialize
OleSetMenuDescriptor
OleRegGetMiscStatus
OleRegEnumFormatEtc
OleNoteObjectVisible
OleInitializeWOW
OleGetIconOfClass
OleGetAutoConvert
OleFlushClipboard
OleDestroyMenuDescriptor
OleCreateFromData
OleConvertOLESTREAMToIStorageEx
OleConvertIStorageToOLESTREAMEx
MonikerRelativePathTo
MonikerCommonPrefixWith
IsEqualGUID
HWND_UserMarshal
HMETAFILE_UserUnmarshal
HMETAFILE_UserMarshal
HMETAFILE_UserFree
HMETAFILEPICT_UserFree
HMENU_UserMarshal
HGLOBAL_UserUnmarshal
HENHMETAFILE_UserSize
HENHMETAFILE_UserFree
HBITMAP_UserMarshal
HBITMAP_UserFree
HACCEL_UserSize
HACCEL_UserFree
GetHookInterface
FreePropVariantArray
FmtIdToPropStgName
EnableHookObject
DllDebugObjectRPCHook
CreateStdProgressIndicator
CreatePointerMoniker
CreateFileMoniker
CreateClassMoniker
CoTestCancel
CoTaskMemRealloc
CoTaskMemFree
CoSetCancelObject
CoRevokeClassObject
CoResumeClassObjects
CoRegisterSurrogateEx
CoRegisterSurrogate
CoQueryReleaseObject
CoQueryProxyBlanket
CoMarshalHresult
CoInitializeEx
CoImpersonateClient
CoGetTreatAsClass
CoGetObject
CoGetMalloc
CoGetInterfaceAndReleaseStream
CoGetInstanceFromIStorage
CoGetInstanceFromFile
CoGetClassVersion
CoGetClassObject
CoGetCallerTID
CoFreeUnusedLibraries
CoFileTimeNow
CoDeactivateObject
CoCreateInstanceEx
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoCancelCall
CLSIDFromProgIDEx
CLIPFORMAT_UserUnmarshal
CLIPFORMAT_UserFree

oleaut32

VarR8FromCy
VarR8FromBool
VarR4FromI4
VarR4FromDate
VarNumFromParseNum
VarMonthName
VarImp
VarI4FromUI4
VarI4FromR8
VarI4FromR4
VarI4FromI2
VarI4FromDisp
VarI4FromDate
VarI2FromUI1
VarI2FromR8
VarI2FromDec
VarI2FromBool
VarI1FromStr
VarI1FromCy
VarFormatCurrency
VarDecFromStr
VarDecFromI2
VarDecDiv
VarDateFromR8
VarDateFromI2
VarDateFromI1
VarDateFromDisp
VarDateFromCy
VarCySu
VarCyMul
VarCyFromUI4
VarCyFromUI1
VarCyFromI2
VarCyFromDec
VarCyCmp
VarCyAbs
VarCmp
VarBstrFromDate
VarBoolFromUI2
VarBoolFromUI1
VarBoolFromI1
VarBoolFromDate
VarAnd
VarAbs
VARIANT_UserSize
VARIANT_UserFree
SysReAllocStringLen
SysFreeString
SafeArraySetRecordInfo
SafeArraySetIID
SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElemsize
SafeArrayCreateVector
SafeArrayCreateEx
SafeArrayAllocDescriptorEx
SafeArrayAllocData
RevokeActiveObject
OleCreatePropertyFrame
OleCreateFontIndirect
OaBuildVersion
LPSAFEARRAY_UserSize
LPSAFEARRAY_Unmarshal
LHashValOfNameSysA
GetRecordInfoFromTypeInfo
DispCallFunc
VariantTimeToSystemTime
VariantCopyInd
VariantCopy
VariantChangeTypeEx
VarUdateFromDate
VarR8FromDate
VarR8FromDisp
VarR8FromR4
VarR8FromStr
VarR8Pow
VarSu
VarUI1FromBool
VarUI1FromDec
VarUI1FromDisp
VarUI1FromR8
VarUI1FromUI4
VarUI2FromDec
VarUI2FromUI1
VarUI4FromStr
VarUI4FromUI1
VarUI4FromCy

shlwapi

StrCmpNA
StrCmpNW
StrRChrA
StrRChrIA
StrRChrW
StrStrIW
StrStrIA
StrStrA
StrRStrIA
StrChrIA

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74afb0177539f3096cb08ea11615d7d1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 199KB - Virtual size: 198KB

.data Size: 512B - Virtual size: 204B

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 199KB - Virtual size: 198KB

.data
Size: 512B - Virtual size: 204B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 3KB - Virtual size: 2KB