18d9d171a9e2a7acf1e46d901be7a8cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

18d9d171a9e2a7acf1e46d901be7a8cd_JaffaCakes118
Size

2.8MB
MD5

18d9d171a9e2a7acf1e46d901be7a8cd
SHA1

e8630c248db94416b7cf861167e67c3e7e8a67e3
SHA256

40a2880cfaf68ee2ebe1e53e0f79a7b154769ed99eb75e8c54296bf358362be7
SHA512

5b44b2565ba8bafa2c66b47ba250c28292a5742d1702ae8ec6c814d8e725702d91ed6c3e0e9618728914e77b5d6b9f6b7d31feb3a71c06419f3300b8fbeb5d14
SSDEEP

24576:+Vv+nS/IqqMCIhhfs9pGYCW5uXSA7jTeFadRsx7b/g/J/ulZh3+:+oMjELC8A7/eFwG3lP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18d9d171a9e2a7acf1e46d901be7a8cd_JaffaCakes118

Files

18d9d171a9e2a7acf1e46d901be7a8cd_JaffaCakes118
.exe windows:6 windows x86 arch:x86

12a894209b37a5bddc25f8a4416b0559

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

explorer.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyW
RegGetValueW
RegOpenKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
EventWrite
EventEnabled
GetLengthSid
GetTokenInformation
OpenProcessToken
EventUnregister
EventRegister
GetUserNameW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
TraceMessage
RegOpenKeyW
RegEnumKeyW
RegEnumValueW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
QueryServiceStatus
CheckTokenMembership
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
ConvertSidToStringSidW
StartServiceW
CreateWellKnownSid

kernel32

GetSystemTime
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
FlushInstructionCache
RaiseException
GetSystemWindowsDirectoryW
SetLastError
ReadFile
GetFileSize
CreateFileW
InterlockedCompareExchange
LoadLibraryA
SystemTimeToFileTime
ExpandEnvironmentStringsW
GlobalGetAtomNameW
MultiByteToWideChar
GetEnvironmentVariableW
GetCurrentProcessId
GetModuleHandleW
lstrlenW
OpenEventW
SetEvent
GetBinaryTypeW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
CompareFileTime
GlobalFree
GetTickCount
MulDiv
GetUserDefaultLangID
GetPrivateProfileIntW
GetCurrentThread
GetThreadPriority
GetCurrentThreadId
SetThreadPriority
CompareStringOrdinal
lstrcmpiW
HeapSetInformation
SetErrorMode
CreateMutexW
ReleaseMutex
GetTimeZoneInformation
SetFilePointer
SetProcessShutdownParameters
GetSystemDirectoryW
CreateEventW
SetTermsrvAppInstallMode
RegisterApplicationRestart
ExitProcess
GetModuleFileNameW
GetPrivateProfileStringW
HeapDestroy
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcess
GetProcessHeap
HeapAlloc
QueryPerformanceFrequency
GetFileAttributesExW
QueueUserWorkItem
GetLongPathNameW
GetProcessTimes
TerminateThread
GetProcessId
CreateIoCompletionPort
GetQueuedCompletionStatus
GetWindowsDirectoryW
FormatMessageW
QueryFullProcessImageNameW
GlobalAlloc
DuplicateHandle
GetCurrentDirectoryW
WideCharToMultiByte
WriteFile
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
FindResourceExW
LoadResource
LockResource
GetUserDefaultUILanguage
LoadLibraryW
GetProcAddress
FreeLibrary
WaitForSingleObject
CreateProcessW
GetCommandLineW
GetStartupInfoW
CreateThread
AssignProcessToJobObject
ResumeThread
Sleep
QueryInformationJobObject
LocalAlloc
LocalFree
CloseHandle
OpenProcess
SetPriorityClass
GetPriorityClass
CreateJobObjectW
SetInformationJobObject
GetLastError
InterlockedDecrement
InterlockedIncrement
HeapFree
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedExchange
VirtualAlloc
VirtualFree
DelayLoadFailureHook

gdi32

GetStockObject
CombineRgn
GetLayout
CreatePatternBrush
OffsetViewportOrgEx
GdiAlphaBlend
GetTextExtentPoint32W
ExtTextOutW
SetWindowOrgEx
GetPixel
PatBlt
CreateRectRgn
GetClipRgn
IntersectClipRect
GetViewportOrgEx
SetViewportOrgEx
SelectClipRgn
GetBkColor
CreateCompatibleBitmap
OffsetWindowOrgEx
SetBkColor
GetTextExtentPointW
GetClipBox
CreateDIBSection
CreateRectRgnIndirect
SetTextColor
SetBkMode
GetTextMetricsW
CreateFontIndirectW
CreateSolidBrush
GetObjectW
DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps

user32

GetDlgItem
LoadCursorW
RegisterClassW
IsChild
SetTimer
MonitorFromRect
SetWindowTextW
SetClassLongW
GetClassInfoW
GetClassLongW
KillTimer
GetClassInfoExW
IsWindowEnabled
GetShellWindow
GetIconInfo
SetScrollInfo
GetLastActivePopup
GetSystemMenu
IsIconic
IsZoomed
EnableMenuItem
IsWindowVisible
IsWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowInfo
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetFocus
SetForegroundWindow
LoadMenuW
SetMenuInfo
SetMenuDefaultItem
GetSubMenu
TrackPopupMenuEx
LoadImageW
InsertMenuItemW
DestroyIcon
DeleteMenu
GetMenuItemInfoW
SetMenuItemInfoW
CharUpperBuffW
PostQuitMessage
LoadStringW
ShutdownBlockReasonCreate
GetWindowLongA
SetWindowLongW
UnregisterDeviceNotification
RegisterDeviceNotificationW
RegisterWindowMessageW
SetWindowPos
RegisterClassExW
GetDesktopWindow
UpdateWindow
InvalidateRect
BeginPaint
LoadBitmapW
SetLayeredWindowAttributes
EndPaint
ShowWindow
DefWindowProcW
MoveWindow
DestroyWindow
UnregisterClassW
SetProcessDPIAware
PeekMessageW
CreateWindowExW
DialogBoxParamW
MsgWaitForMultipleObjects
GetKeyboardLayout
ActivateKeyboardLayout
IsProcessDPIAware
PrintWindow
GetDCEx
GetPropW
GetNextDlgGroupItem
GetNextDlgTabItem
GetDlgCtrlID
ChildWindowFromPointEx
GetCapture
GetGUIThreadInfo
SetWindowLongA
CharUpperW
GetWindowDC
RegisterClipboardFormatW
UnhookWinEvent
SetWinEventHook
ReleaseCapture
GetUserObjectInformationW
GetProcessWindowStation
FlashWindowEx
GetForegroundWindow
PostMessageW
CreatePopupMenu
GetWindowThreadProcessId
EqualRect
MsgWaitForMultipleObjectsEx
CharPrevW
CharNextW
DispatchMessageW
TranslateMessage
UnionRect
MapWindowPoints
GetClientRect
EnumWindows
EndTask
SetThreadDesktop
GetThreadDesktop
TrackPopupMenu
GetMenuItemID
IsHungAppWindow
DrawTextW
GetSysColor
SendMessageCallbackW
GetParent
DeregisterShellHookWindow
EndDialog
IsDlgButtonChecked
LoadIconW
GetSysColorBrush
CloseDesktop
OpenInputDesktop
SetActiveWindow
IsRectEmpty
GetAsyncKeyState
RegisterShellHookWindow
FillRect
GetCursorPos
SetPropW
CopyRect
LockSetForegroundWindow
MonitorFromPoint
InflateRect
GetClassNameW
SubtractRect
RedrawWindow
EnumDisplayMonitors
OffsetRect
IntersectRect
GetMenuState
GhostWindowFromHungWindow
HungWindowFromGhostWindow
SetWindowRgn
GetWindowPlacement
RemovePropW
SendMessageTimeoutW
UnregisterHotKey
InsertMenuW
ModifyMenuW
ClientToScreen
ScreenToClient
GetMenuItemCount
GetFocus
GetScrollInfo
InternalGetWindowText
GetKeyState
RegisterHotKey
GetWindowLongW
EnumChildWindows
SendMessageW
GetWindow
GetWindowRect
PtInRect
ChangeDisplaySettingsW
SetCursor
ChildWindowFromPoint
SetCursorPos
GetMessagePos
LoadAcceleratorsW
WaitMessage
TranslateAcceleratorW
GetWindowRgnBox
GetActiveWindow
MessageBeep
SetWindowPlacement
SetRect
SendNotifyMessageW
UpdateLayeredWindow
GetLastInputInfo
AllowSetForegroundWindow
RemoveMenu
CallWindowProcW
SetParent
EnableWindow
GetDlgItemInt
SetDlgItemInt
CheckDlgButton
CopyIcon
DrawFocusRect
NotifyWinEvent
ExitWindowsEx
DrawEdge
WindowFromPoint
GetDoubleClickTime
SetCapture
TrackMouseEvent
LockWorkStation
AppendMenuW
CheckMenuItem
SetScrollPos
SetRectEmpty
AdjustWindowRectEx
BringWindowToTop
CascadeWindows
GetMessageW
GetSystemMetrics
SystemParametersInfoW
FindWindowW
ReleaseDC
TileWindows
GetAncestor
SwitchToThisWindow
SendDlgItemMessageW
GetMenuDefaultItem
DestroyMenu
GetDC
ShowWindowAsync

msvcrt

memset
_unlock
_except_handler4_common
_ftol2_sse
memcpy
free
memmove
realloc
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
_vsnwprintf
malloc
__wgetmainargs
_cexit
_exit
__set_app_type
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

ntdll

NtQueryInformationToken
NtOpenThreadToken
NtOpenProcessToken
RtlGetProductInfo
NtClose
NtQueryInformationProcess
NtSetSystemInformation
WinSqmAddToStream
NtSetInformationProcess

shlwapi

PathGetDriveNumberW
ord197
ord292
PathRemoveFileSpecW
ord157
ord478
SHRegGetUSValueW
ord433
StrDupW
PathQuoteSpacesW
ord467
ord479
ord163
ord193
StrChrIW
ord388
ord548
ord256
SHRegOpenUSKeyW
SHRegQueryUSValueW
StrCmpW
AssocQueryStringW
ord199
ord204
ord165
ord630
ord629
AssocQueryKeyW
PathParseIconLocationW
PathIsPrefixW
ord509
PathRemoveExtensionW
SHOpenRegStream2W
PathFileExistsW
ord348
ord631
ord184
ord212
StrRetToBufW
PathFindExtensionW
ord460
ord213
ord192
ord413
ord279
ord16
ord278
ord240
SHDeleteKeyW
PathAppendW
SHDeleteValueW
ord174
ord635
ord618
PathRemoveArgsW
PathRemoveBlanksW
StrCmpNIW
PathFindFileNameW
ord437
SHSetValueW
SHGetValueW
SHCreateThreadRef
SHSetThreadRef
ord158
ord270
PathCombineW
SHRegGetValueW
StrToIntW
ord8
ord9
ord10
PathGetArgsW
StrChrW
ord176
ord175
ord172
ord164
SHStrDupW
ord219
SHQueryInfoKeyW
ord171
ord484
ord178
ord236
ord439
ord2
ord217
ord24
ord476
StrRetToStrW
ord154
ord215
StrStrIW
ord177
ord194
ord156
PathMatchSpecW
PathIsRootW
PathIsNetworkPathW
SHQueryValueExW
AssocCreate
StrCmpIW
ord513
ord512
ord571
StrCmpNW
ord237
ord628
ord487
StrPBrkW
ord639
ord168
PathStripToRootW
ord225
PathIsDirectoryW
ord632

shell32

ord193
ord790
ord787
ord732
ord24
ord719
ord134
ord22
SHGetDesktopFolder
ord261
SHBindToFolderIDListParent
ord152
ord196
ord28
SHGetIDListFromObject
ord265
ord814
ord815
ord747
ord821
ord820
ord839
ord836
ord849
SHCreateShellItemArrayFromIDLists
ord826
ord830
ord818
SHCreateItemFromIDList
SHCreateShellItemArrayFromShellItem
ord154
ord6
SHBindToFolderIDListParentEx
SHChangeNotify
SHAddToRecentDocs
DuplicateIcon
ord244
ord733
ord54
ShellExecuteW
ord91
ord254
SHGetPathFromIDListA
SHUpdateRecycleBinIcon
SHGetKnownFolderIDList
SHGetFolderPathEx
SHFileOperationW
ord731
ord711
ord102
ord60
ord21
ord90
SHGetPathFromIDListW
ord64
ord61
ord753
ord16
ord19
ord2
ord644
ord645
ord137
ExtractIconExW
ord727
ord4
ord181
ord162
SHGetSpecialFolderLocation
ord17
ord23
SHBindToParent
Shell_NotifyIconW
SHGetFolderPathAndSubDirW
Shell_GetCachedImageIndexW
ord67
ord132
SHEvaluateSystemCommandTemplate
ord241
ord236
ord149
ord188
ord660
ord680
ord852
ord201
ord89
ord68
ord200
SHBindToObject
ord25
ShellExecuteExW
ord245
ord723
SHGetSpecialFolderPathW
ord176
SHParseDisplayName
ord155
SHGetFolderLocation
ord190
ord18
ord100
ord85
SHGetFolderPathW

ole32

CoTaskMemFree
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoGetClassObject
OleInitialize
OleUninitialize
CoGetObject
StringFromGUID2
CoUninitialize
CoInitialize
RevokeDragDrop
RegisterDragDrop
CoRegisterMessageFilter
CoGetInterfaceAndReleaseStream
CoFreeUnusedLibraries
CoTaskMemAlloc
PropVariantClear
DoDragDrop
CoInitializeEx
CreateBindCtx
CoMarshalInterThreadInterfaceInStream

oleaut32

VariantInit
VariantClear
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString

shdocvw

ord110
ord111

uxtheme

GetThemeRect
IsThemePartDefined
GetThemeBackgroundRegion
DrawThemeTextEx
GetThemeFont
GetThemeColor
GetThemeBool
IsCompositionActive
IsAppThemed
GetThemeInt
SetWindowTheme
DrawThemeText
GetThemeTextExtent
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeParentBackground
GetThemePartSize
GetThemeMetric
GetThemeBackgroundContentRect
GetThemeMargins

powrprof

GetPwrCapabilities

dwmapi

DwmQueryThumbnailSourceSize
DwmEnableBlurBehindWindow
ord105
DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmGetColorizationColor
DwmUpdateThumbnailProperties
DwmRegisterThumbnail
DwmUnregisterThumbnail

gdiplus

GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipSetCompositingMode
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDeleteGraphics
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStreamICM

slc

SLGetWindowsInformationDWORD

rpcrt4

RpcBindingFree
RpcStringFreeW
RpcBindingFromStringBindingW
NdrClientCall2
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW

propsys

PSGetPropertyKeyFromName
PSPropertyKeyFromString
PropVariantToStringAlloc
PSGetNameFromPropertyKey
VariantToBooleanWithDefault
VariantToInt32WithDefault
VariantToStringWithDefault
VariantToStringAlloc
PSGetPropertyDescription

browseui

ord118
ord135

Sections

.text
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12a894209b37a5bddc25f8a4416b0559

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

shlwapi

shell32

ole32

oleaut32

shdocvw

uxtheme

powrprof

dwmapi

gdiplus

slc

rpcrt4

propsys

browseui

Sections

.text Size: 429KB - Virtual size: 429KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 75KB - Virtual size: 74KB

.text
Size: 429KB - Virtual size: 429KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 75KB - Virtual size: 74KB