2418ee29b9edc11d09368d735f3ef130_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2418ee29b9edc11d09368d735f3ef130_JaffaCakes118
Size

166KB
MD5

2418ee29b9edc11d09368d735f3ef130
SHA1

7ec2af62a2fc57e83a3ba03a7c9a4e310cbc9a6d
SHA256

91af4fadcb2bc5db85595d065ed2bd9f21b4895a0489daacf572e9e27fc4a3dd
SHA512

0844ad55a54007c769129e00439161f123a732fe2a493d6952c2a2ffe8b83b7f309538428dc3c04f83c5a5a145a75d86c3de9058ca4ab4b73ca383b01eff515f
SSDEEP

3072:i8B8uovmObC4YoIVnc4UspzVzEZ0MLyrJn6QKAw/K0Uf3fgfZBtQyMn4880F:5euqm/XfcqI9y8DAwS9XgB7QyW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2418ee29b9edc11d09368d735f3ef130_JaffaCakes118

Files

2418ee29b9edc11d09368d735f3ef130_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b0996362d973178e6d123f5c0f88f917

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

RemoveFontResourceExW
CreateDIBSection
EngCopyBits
EnableEUDC
TranslateCharsetInfo
GetDCPenColor
GdiEntry12
SetWindowExtEx
SetFontEnumeration
SetBitmapDimensionEx
GdiGetCharDimensions
SelectBrushLocal
GdiEntry14
SetPixel
GetFontAssocStatus
CreateICW
AbortPath
SaveDC
GdiDescribePixelFormat
PolyPolygon
FillPath
EngMarkBandingSurface
RectVisible
CreateCompatibleBitmap
RemoveFontMemResourceEx
SetLayout
QueryFontAssocStatus
PATHOBJ_bEnum
RestoreDC
GetObjectType
EnumFontFamiliesA
GetTextExtentExPointWPri
EnumFontFamiliesExA
GetRelAbs
GdiEndPageEMF
CombineRgn
GetCharWidthFloatW
DeleteObject
RemoveFontResourceW
SetTextCharacterExtra
CreateBitmap
GetFontLanguageInfo
ResetDCW
EngCreateClip
CreatePatternBrush
EnumICMProfilesA
EnumFontsA
GetETM
EngDeleteClip
HT_Get8BPPFormatPalette
TextOutW
OffsetWindowOrgEx
GdiResetDCEMF
GetCharABCWidthsI
GetGlyphOutlineA
EngTransparentBlt
SetICMMode
TextOutA
StretchBlt
GdiEndDocEMF
SetDCBrushColor
GdiIsPlayMetafileDC
DeleteEnhMetaFile
SetViewportOrgEx
GdiEntry6
StartDocW
GdiIsMetaPrintDC
GetGraphicsMode
EngTextOut
CLIPOBJ_bEnum
PtVisible
EngStrokeAndFillPath
GetRandomRgn
EngGetCurrentCodePage
EngCreateDeviceSurface
GdiPlayPrivatePageEMF
SetROP2
GetOutlineTextMetricsA
FONTOBJ_vGetInfo
GetTextColor
GetTextCharset
GetEnhMetaFilePixelFormat

user32

CloseDesktop
CreateIcon
SetRect
GetDCEx
TrackPopupMenu
SetKeyboardState
IsDialogMessageW
MsgWaitForMultipleObjects
GetLastActivePopup
CloseClipboard
CreateWindowStationW
RedrawWindow
AppendMenuW
GetClassLongA
ChangeClipboardChain
GetMenuStringA
InsertMenuA

shlwapi

SHRegGetPathA
PathSearchAndQualifyW
AssocQueryStringA
PathBuildRootW
PathRelativePathToA
SHSetThreadRef
SHGetThreadRef
StrChrIW
SHRegWriteUSValueW
PathIsSystemFolderW
PathIsURLA
SHEnumValueW
StrCmpNIA
PathMakePrettyW
SHGetValueA
PathCompactPathW
SHRegSetPathA
PathRenameExtensionW
PathBuildRootA
PathQuoteSpacesW
StrSpnW
SHRegOpenUSKeyA
SHDeleteValueA
SHRegDeleteEmptyUSKeyA

kernel32

DeleteTimerQueueTimer
SetCurrentDirectoryW
WaitForDebugEvent
FindFirstVolumeA
SetConsoleTextAttribute
Module32First
Thread32Next
QueueUserWorkItem
CreateToolhelp32Snapshot
LoadLibraryExW
SetVolumeMountPointA
WritePrivateProfileSectionW
FillConsoleOutputCharacterW
TlsSetValue
Process32Next
IsBadWritePtr
FindClose
WriteConsoleOutputA
CreateEventA
LoadModule
OutputDebugStringA
GetCurrencyFormatA
GetConsoleTitleW
GetProfileSectionA
WriteFileEx
MoveFileExW
CreateProcessW
LockFile
WriteProfileSectionA
TlsFree
SwitchToFiber
VirtualQueryEx
GetNumberOfConsoleMouseButtons
WriteTapemark
SetVolumeLabelA
ReadConsoleOutputA
GetVolumeInformationW
GetCalendarInfoW
WaitForSingleObjectEx
RequestDeviceWakeup
LCMapStringA
lstrcpyA
GlobalUnWire
SetCalendarInfoW
SetEndOfFile
RequestWakeupLatency
GetDefaultCommConfigA
GetOverlappedResult
SetThreadIdealProcessor
SetMailslotInfo
PrepareTape
FindFirstVolumeW
GetCommModemStatus
GetDiskFreeSpaceExW
GetCommandLineW
RegisterWaitForSingleObject
Module32Next
GetNumberFormatA
FindNextFileW
BackupWrite
ReadFileEx
CommConfigDialogA
FreeLibrary
FlushViewOfFile
EnumCalendarInfoW
GetThreadContext
GetProcessIoCounters
SetConsoleWindowInfo
SetConsoleMode
FindNextVolumeMountPointW
GetPrivateProfileStructA
WriteConsoleOutputCharacterW
SearchPathW
GlobalFindAtomW
lstrcmpW
Process32First
CreateEventW
IsBadHugeReadPtr
IsValidLocale
SetVolumeLabelW
GetExitCodeThread
OpenMutexA
GetPriorityClass
SetErrorMode
lstrcatA
EnumTimeFormatsA
PulseEvent
WaitNamedPipeA
GetSystemWindowsDirectoryW
SetConsoleOutputCP
WaitForMultipleObjects
EnumUILanguagesA
FindNextChangeNotification
CreateProcessA
FindVolumeMountPointClose
FileTimeToLocalFileTime
OutputDebugStringW
ExitProcess
GetPrivateProfileStringW
GetConsoleAliasExesLengthW
WriteConsoleInputA
SetHandleInformation
GlobalFindAtomA
ReadConsoleA
SetLocaleInfoA
HeapUnlock
GetPrivateProfileSectionW
GetTapeParameters
BackupSeek
IsBadReadPtr
EnumSystemLanguageGroupsA
GetConsoleAliasesLengthW
GetProfileSectionW
GlobalGetAtomNameW
DeleteVolumeMountPointA
CancelIo
GetBinaryType
WinExec
CreateTapePartition
SetVolumeMountPointW
ExitThread
GlobalSize
FindFirstChangeNotificationW
IsBadStringPtrA
lstrcmpiA
DeleteTimerQueueEx
FatalAppExitA
PostQueuedCompletionStatus
CreateIoCompletionPort
EnumLanguageGroupLocalesA
MapUserPhysicalPages
lstrcpynA
SwitchToThread
ResetEvent
VerLanguageNameW
Sleep
GetFileSizeEx
Module32NextW
GetComputerNameA
PeekNamedPipe
GlobalFlags
IsSystemResumeAutomatic
GlobalGetAtomNameA
DebugBreak
MoveFileW
EnumSystemCodePagesA
GetAtomNameW
SetConsoleScreenBufferSize
HeapFree
GetTempPathW
GetProfileIntA
ReleaseMutex
GetNumberFormatW
EraseTape
SetSystemPowerState
GetCurrentProcess
FindFirstFileExA
VirtualLock
DosDateTimeToFileTime
CreateTimerQueueTimer
LCMapStringW
GlobalReAlloc
GetCalendarInfoA
LockFileEx
SetConsoleActiveScreenBuffer
CreateConsoleScreenBuffer
LocalSize
LoadLibraryA
GetACP
VerLanguageNameA
CompareFileTime
DnsHostnameToComputerNameA
FillConsoleOutputAttribute
GetComputerNameExW
SetInformationJobObject
CreatePipe
GetConsoleDisplayMode
SetFileAttributesA
LocalShrink
SetProcessShutdownParameters
GetProcAddress
GetTimeZoneInformation
GetFileInformationByHandle
OpenProcess
RtlUnwind
FindResourceExA
GetDiskFreeSpaceExA
lstrlen
FindAtomA
CloseHandle
CreateNamedPipeA
WriteConsoleOutputCharacterA
GetStdHandle
GetLastError
CreateWaitableTimerA
ExpandEnvironmentStringsA
SetTapePosition
CancelWaitableTimer
GetPrivateProfileSectionA
LocalAlloc
ReadConsoleOutputW
FatalAppExitW
GetProcessPriorityBoost
TransmitCommChar
GetCommState
AddAtomA
GlobalLock
GetCurrentConsoleFont
GetTempPathA
SetCriticalSectionSpinCount
GetThreadPriorityBoost
SetDefaultCommConfigW
VirtualFreeEx
GetConsoleAliasesLengthA
OpenWaitableTimerW
FindResourceA
HeapCreate
MoveFileWithProgressW
GetNamedPipeHandleStateW
SetConsoleTitleA
MapViewOfFile
BeginUpdateResourceA
ReadConsoleOutputAttribute
GetTimeFormatW
SetFilePointerEx
DeleteVolumeMountPointW
CompareStringA
LocalHandle
SetFileAttributesW
WriteProcessMemory
SetComputerNameA
HeapCompact
PeekConsoleInputW
GetUserDefaultLangID
VerifyVersionInfoW
SetFileApisToANSI
GetModuleHandleA
VerifyVersionInfoA
FindResourceW
GetConsoleCursorInfo
GlobalCompact
CreateHardLinkA
GetLogicalDrives
TerminateJobObject
ReleaseSemaphore
GetEnvironmentVariableW
UnregisterWait
WaitCommEvent
WriteConsoleOutputW
CreateJobObjectA
ReplaceFileA
DisconnectNamedPipe
GetSystemPowerStatus
CancelTimerQueueTimer
CreateDirectoryExW
CreateThread
SetCalendarInfoA
SetThreadExecutionState
GetCurrencyFormatW
UnlockFile
OpenJobObjectA
CopyFileExA
Heap32ListFirst
Thread32First
FatalExit
GetVersion
SetEnvironmentVariableW
CreateMutexA
UnlockFileEx
TryEnterCriticalSection
GetHandleInformation
GetLocaleInfoW
SetConsoleCursorPosition
OpenFile
SetConsoleCP
EnumSystemCodePagesW
CreateHardLinkW
UnhandledExceptionFilter
GetCommProperties
GetDriveTypeW
GetLargestConsoleWindowSize
GetConsoleAliasA
CreateFileMappingW
GetPrivateProfileStringA
VirtualQuery
ReplaceFileW
GetVersionExW
GetCurrentDirectoryA
DefineDosDeviceA
WaitForSingleObject
GetDevicePowerState
SetThreadLocale
SetDefaultCommConfigA
ChangeTimerQueueTimer
GetFileAttributesExA
GetPrivateProfileIntW
IsBadHugeWritePtr
GetDateFormatW
ReplaceFile
lstrcpyW
FormatMessageW
SetTapeParameters
GetConsoleAliasesA
GetWriteWatch
GetCommandLineA
GetConsoleAliasW
GetExitCodeProcess
ContinueDebugEvent
GetLocalTime
GetModuleFileNameW
LocalFlags
lstrlenW
DeleteCriticalSection
GlobalUnlock
CreateSemaphoreW
EnumResourceTypesW
IsValidLanguageGroup
GetWindowsDirectoryA
QueryDosDeviceW
SetComputerNameExW
CreateNamedPipeW
RemoveDirectoryA
FindNextVolumeMountPointA
GetFileAttributesExW
LoadResource
OpenFileMappingW
EnumResourceLanguagesW
ConvertThreadToFiber
WriteConsoleW
FindNextFileA
SetComputerNameExA
LoadLibraryExA
GetConsoleTitleA
EnumSystemLocalesA
SetTimerQueueTimer
SetConsoleCursor
SetFileTime
CreateMutexW
SetProcessPriorityBoost
LeaveCriticalSection
GetSystemDefaultLCID
Heap32Next
QueueUserAPC
GetNamedPipeHandleStateA
GetStartupInfoA
SetSystemTimeAdjustment
OpenEventW
Heap32ListNext
ReadFileScatter
FileTimeToSystemTime
SetupComm
Module32FirstW
TransactNamedPipe
EnumCalendarInfoA
WriteProfileStringW
MultiByteToWideChar
MoveFileWithProgressA
GetSystemDirectoryA
GetProcessHeaps
GetProcessShutdownParameters
FoldStringW
WaitForMultipleObjectsEx
FindFirstVolumeMountPointA
SetUnhandledExceptionFilter
GetFullPathNameA
FindNextVolumeA
EnumDateFormatsA
GlobalAddAtomA
BuildCommDCBA
GetDiskFreeSpaceW
LocalLock
GetMailslotInfo
SetLocalTime
FlushInstructionCache
ReadConsoleW
OpenWaitableTimerA
GetVolumePathNameA
ExpandEnvironmentStringsW
lstrcmpA
IsProcessorFeaturePresent
ReadConsoleOutputCharacterA
SignalObjectAndWait
GetUserDefaultLCID
HeapDestroy
FileTimeToDosDateTime
FindFirstChangeNotificationA
IsDBCSLeadByteEx
WriteFile
SleepEx
GetNamedPipeInfo
FindFirstVolumeMountPointW
GetLogicalDriveStringsA
GetBinaryTypeA
OpenEventA
GetFullPathNameW
VirtualAlloc
VirtualProtect

ole32

StgConvertPropertyToVariant
CoWaitForMultipleHandles
OleLoadFromStream
CoRegisterChannelHook
OleCreateDefaultHandler
StringFromCLSID
CreateOleAdviseHolder

advapi32

LookupAccountNameW
ChangeServiceConfigW
AccessCheckAndAuditAlarmA
ReportEventA
NotifyBootConfigStatus
IsTokenRestricted
ImpersonateNamedPipeClient
ChangeServiceConfig2W
TraceEvent
ConvertStringSidToSidW
OpenSCManagerA
LookupPrivilegeDisplayNameA
AccessCheckByTypeResultListAndAuditAlarmByHandleW

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0996362d973178e6d123f5c0f88f917

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

shlwapi

kernel32

ole32

advapi32

Sections

.text Size: 139KB - Virtual size: 138KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 139KB - Virtual size: 138KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 1KB