23164482fd6124722caceb4728cdb940_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

23164482fd6124722caceb4728cdb940_JaffaCakes118
Size

92KB
MD5

23164482fd6124722caceb4728cdb940
SHA1

bbd51d576dbbd33ec8ce81eb368469e97aa55ed1
SHA256

267bbec6f2bfeabbea5b2a9364286d6ab4e717f7bd4244977b86b52ef807da06
SHA512

81740be093f188d6e72103d63a1725e8f7c7700e369ed447714d3290838a96d2b6d9139a4f43c8c98dba90b2fc10dd4384891c4162e1d8a9670e3817a585ee16
SSDEEP

1536:zQaCUO1fFxUYsIFS5YsYj8eVMmCIzbgHYyBYbYaOHM9Agk:zQV1lTqizdq5gYObhOHM9zk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23164482fd6124722caceb4728cdb940_JaffaCakes118

Files

23164482fd6124722caceb4728cdb940_JaffaCakes118
.exe windows:5 windows x86 arch:x86

91c80b11aa1b880b8846c9c8646a38c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextVolumeMountPointW
FindNextVolumeW
FindVolumeClose
FlushViewOfFile
FreeLibrary
GetCalendarInfoA
GetCommMask
GetComputerNameExA
GetConsoleAliasExesW
GetConsoleAliasesLengthA
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentThreadId
GetDateFormatA
GetDriveTypeA
GetEnvironmentVariableA
GetExitCodeProcess
GetHandleInformation
GetNamedPipeHandleStateA
GetNamedPipeInfo
GetNumberFormatW
GetNumberOfConsoleInputEvents
GetOverlappedResult
GetPrivateProfileSectionNamesA
GetProfileStringA
GetThreadLocale
GetThreadTimes
GetTimeFormatW
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersionExW
GlobalFlags
GlobalReAlloc
GlobalUnfix
IsDBCSLeadByteEx
IsDebuggerPresent
LCMapStringW
FindAtomA
MapViewOfFileEx
Module32Next
MoveFileW
OpenFileMappingA
PulseEvent
ReadConsoleOutputA
ReadFileScatter
SetConsoleCursor
SetConsoleCursorInfo
SetConsoleMode
SetConsoleScreenBufferSize
SetCurrentDirectoryA
SetDefaultCommConfigW
SetEnvironmentVariableW
SetMessageWaitingIndicator
SetStdHandle
SetThreadPriorityBoost
SetTimeZoneInformation
SetVolumeLabelW
SwitchToFiber
UnlockFile
UnregisterWait
VerifyVersionInfoW
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteConsoleInputW
WriteConsoleOutputCharacterA
WriteProcessMemory
WriteProfileStringA
WriteTapemark
_llseek
_lopen
lstrcmpi
lstrcpyA
FillConsoleOutputAttribute
ExpandEnvironmentStringsA
EnumTimeFormatsA
EnumDateFormatsW
EnterCriticalSection
EndUpdateResourceA
DuplicateHandle
DeviceIoControl
DeleteVolumeMountPointW
DeleteFiber
CreateFileW
CreateWaitableTimerW
CreateThread
CreateFileA
CreateDirectoryExA
ConnectNamedPipe
CompareStringW
ClearCommBreak
BackupRead
VirtualAlloc
GetWindowsDirectoryW
lstrlenW
lstrcpyW
LocalShrink

user32

ShowCursor
ShowScrollBar
ToUnicodeEx
UnloadKeyboardLayout
UnregisterHotKey
WINNLSGetEnableStatus
wvsprintfW
SetScrollPos
LoadIconA
AnimateWindow
AppendMenuA
ArrangeIconicWindows
BlockInput
CharNextExA
CharPrevW
CharToOemA
CharUpperBuffW
ClientToScreen
CopyAcceleratorTableW
CreateCaret
CreateDialogParamA
CreateDialogParamW
CreateIcon
DdeCmpStringHandles
DdeDisconnect
DdeDisconnectList
DdeQueryNextServer
DestroyCaret
DestroyWindow
DlgDirListComboBoxA
DrawFrame
DrawMenuBar
EndDeferWindowPos
EnumChildWindows
EnumDisplayDevicesA
EnumPropsA
FlashWindowEx
GetAltTabInfoW
GetClassLongW
GetClipboardOwner
GetClipboardViewer
GetComboBoxInfo
GetDialogBaseUnits
GetInputState
GetKeyNameTextW
GetKeyboardLayoutNameW
GetMenuBarInfo
GetMenuItemInfoA
GetMenuStringW
GetPriorityClipboardFormat
GetScrollPos
GetSubMenu
GetSystemMenu
GetThreadDesktop
GetTopWindow
GetUpdateRgn
GetWindow
GetWindowModuleFileNameA
GetWindowRgn
IMPQueryIMEW
IsCharAlphaNumericW
IsDialogMessageW
IsMenu
LoadAcceleratorsW
LoadBitmapA
LoadBitmapW
LoadCursorFromFileA
LoadImageA
LoadMenuA
LoadMenuIndirectW
LockSetForegroundWindow
LookupIconIdFromDirectoryEx
MessageBoxIndirectA
ModifyMenuA
MonitorFromRect
OpenDesktopW
OpenInputDesktop
PackDDElParam
PaintDesktop
PostMessageA
PostQuitMessage
RealGetWindowClassA
RegisterClassA
RegisterWindowMessageA
ReplyMessage
ScrollDC
SetRectEmpty
SetProcessWindowStation
SetMenuItemBitmaps
SetCursor
SetClassWord
SendMessageTimeoutA
ScrollWindow

comdlg32

ChooseFontA
ChooseFontW
CommDlgExtendedError
FindTextA
FindTextW
GetFileTitleA
GetFileTitleW
GetOpenFileNameA
GetOpenFileNameW
ChooseColorW
GetSaveFileNameW
PageSetupDlgA
PageSetupDlgW
PrintDlgA
PrintDlgExA
PrintDlgExW
PrintDlgW
ReplaceTextA
ReplaceTextW
GetSaveFileNameA
ChooseColorA

advapi32

RegOpenKeyExA

shell32

DragQueryFileAorW
DragQueryFileA
DragQueryFile
DragFinish
DragAcceptFiles
DoEnvironmentSubstW
CheckEscapesW
DragQueryFileW
WOWShellExecute
Shell_NotifyIconW
Shell_NotifyIconA
Shell_NotifyIcon
ShellExecuteExA
ShellExecuteEx
ShellAboutW
ShellAboutA
SHQueryRecycleBinW
SHQueryRecycleBinA
SHPathPrepareForWriteW
SHLoadNonloadedIconOverlayIdentifiers
SHLoadInProc
SHIsFileAvailableOffline
SHInvokePrinterCommandW
SHGetSpecialFolderPathW
SHGetSettings
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetMalloc
SHGetInstanceExplorer
SHGetFolderPathA
SHGetFolderLocation
SHGetFileInfoW
SHGetFileInfo
SHGetDiskFreeSpaceExW
SHGetDiskFreeSpaceA
SHGetDesktopFolder
SHGetDataFromIDListW
SHFreeNameMappings
SHFileOperationW
SHEmptyRecycleBinW
SHCreateProcessAsUserW
SHCreateDirectoryExA
SHBrowseForFolderA
SHBindToParent
SHAppBarMessage
SHAddToRecentDocs
FindExecutableW
ExtractIconW
ExtractIconExW
ExtractIconEx
ExtractIconA
ExtractAssociatedIconW
ExtractAssociatedIconExW
ExtractAssociatedIconExA
ExtractAssociatedIconA
DuplicateIcon
DragQueryPoint

ole32

WriteStringStream
WdtpInterfacePointer_UserSize
StringFromCLSID
StgSetTimes
StgOpenStorageOnILockBytes
StgOpenStorage
StgOpenPropStg
StgOpenAsyncDocfileOnIFillLockBytes
StgIsStorageFile
StgGetIFillLockBytesOnILockBytes
StgCreatePropStg
SetDocumentBitStg
SetConvertStg
STGMEDIUM_UserUnmarshal
STGMEDIUM_UserMarshal
STGMEDIUM_UserFree
SNB_UserUnmarshal
ReadStringStream
ReadFmtUserTypeStg
PropVariantCopy
PropStgNameToFmtId
OleUninitialize
OleSaveToStream
OleSave
OleRegEnumVerbs
OleRegEnumFormatEtc
OleQueryCreateFromData
OleLockRunning
OleInitialize
OleGetIconOfClass
OleGetAutoConvert
OleFlushClipboard
OleDuplicateData
OleCreateMenuDescriptor
OleCreateLinkToFileEx
OleCreateLinkToFile
OleCreateLinkEx
OleCreateEx
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAM
IsAccelerator
IIDFromString
HkOleRegisterObject
HWND_UserUnmarshal
HPALETTE_UserUnmarshal
HPALETTE_UserFree
HMETAFILE_UserSize
HMETAFILE_UserMarshal
HMETAFILEPICT_UserMarshal
HMENU_UserUnmarshal
HMENU_UserFree
HICON_UserUnmarshal
HGLOBAL_UserSize
HENHMETAFILE_UserUnmarshal
HBRUSH_UserMarshal
HACCEL_UserSize
HACCEL_UserFree
GetRunningObjectTable
GetDocumentBitStg
DoDragDrop
CreateOleAdviseHolder
CreateItemMoniker
CreateILockBytesOnHGlobal
CoSetCancelObject
CoRevokeClassObject
CoRevertToSelf
CoReleaseServerProcess
CoRegisterMallocSpy
CoRegisterClassObject
CoQueryProxyBlanket
CoQueryAuthenticationServices
CoMarshalInterThreadInterfaceInStream
CoIsOle1Class
CoIsHandlerConnected
CoInitializeSecurity
CoGetStandardMarshal
CoGetPSClsid
CoGetObjectContext
CoGetObject
CoGetCurrentLogicalThreadId
CoGetClassVersion
CoGetCallContext
CoGetApartmentID
CoFileTimeToDosDateTime
CoEnableCallCancellation
CoDisableCallCancellation
CoCreateObjectInContext
CLIPFORMAT_UserFree

oleaut32

VarI4FromUI1
VarI4FromI1
VarI2FromUI4
VarI2FromR4
VarI1FromR8
VarI1FromR4
VarI1FromI2
VarFormatPercent
VarFormatFromTokens
VarFix
VarDiv
VarDecSu
VarDecRound
VarDecNeg
VarDecMul
VarDecInt
VarDecFromR4
VarDecFromCy
VarDecFromBool
VarDecCmpR8
VarDecAdd
VarDateFromUdate
VarDateFromUI4
VarDateFromUI1
VarDateFromDec
VarCyNeg
VarCyMul
VarCyFromUI4
VarCyFromUI1
VarCyFromR4
VarCyFromDisp
VarCyFromDate
VarCyCmpR8
VarBstrFromUI1
VarBstrFromR8
VARIANT_UserFree
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArraySetRecordInfo
SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayDestroyDescriptor
SafeArrayCreateVectorEx
SafeArrayCreateVector
SafeArrayCopyData
SafeArrayCopy
RevokeActiveObject
OleTranslateColor
OleLoadPictureEx
OleCreatePropertyFrameIndirect
OleCreatePropertyFrame
LoadTypeLi
LoadRegTypeLi
LPSAFEARRAY_UserSize
LPSAFEARRAY_Unmarshal
LHashValOfNameSys
DispGetIDsOfNames
VariantCopy
VarUI4FromUI1
VarUI4FromI4
VarUI4FromI2
VarUI4FromI1
VarUI4FromDisp
VarUI4FromDec
VarUI2FromI4
VarI4FromUI4
VarIdiv
VarMod
VarNumFromParseNum
VarR4FromBool
VarR4FromDate
VarR4FromDisp
VarR4FromUI4
VarR8FromI1
VarR8FromStr
VarR8Pow
VarTokenizeFormatString
VarUI1FromUI2
VarUI2FromDec
VarUI1FromUI4

shlwapi

StrCmpNA
StrCmpNW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrStrA
StrStrIA
StrStrIW
StrChrW

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91c80b11aa1b880b8846c9c8646a38c7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 180B

.data3 Size: 1024B - Virtual size: 1000B

.data2 Size: 1024B - Virtual size: 1000B

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 180B

.data3
Size: 1024B - Virtual size: 1000B

.data2
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 2KB