24b6c997f4092e219136189433376961_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24b6c997f4092e219136189433376961_JaffaCakes118
Size

87KB
MD5

24b6c997f4092e219136189433376961
SHA1

3b08d90bad34dff5bf2befdd8c79e7c5c8e8b7df
SHA256

1bdae91c345b749ec28736ea0170194b452589bb53120953cc34c12104157412
SHA512

27347074fb0b5b9bf4d246ff937cdd1058848a760aa27ebfdba75f3f8f49c9e60f0549445cf20227eb1599f18af8e50eb411a20139ec927eb9106a0d9d92e641
SSDEEP

1536:7nVfHyIIKQSEbNtJNtPPyFpC7+F107QC1RutmGXQbd3vG1LKALgbAcGP4t/gUd:DxSI5aNfPfS4Rut5UI1LKALOAcGP4t/3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24b6c997f4092e219136189433376961_JaffaCakes118

Files

24b6c997f4092e219136189433376961_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f5fc4616f7d92b0a081f7df005bedc37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ObjectPrivilegeAuditAlarmA
QueryServiceLockStatusA
EqualSid
GetAuditedPermissionsFromAclA
CryptEnumProviderTypesA
GetNamedSecurityInfoA
RegLoadKeyW
CryptDestroyKey
RegConnectRegistryA
BuildImpersonateTrusteeA
GetSecurityDescriptorControl
AddAccessDeniedAce
FreeSid
ReportEventA
SetEntriesInAclA
CryptGetHashParam
AreAnyAccessesGranted
PrivilegedServiceAuditAlarmA
RegConnectRegistryW
OpenBackupEventLogW
ObjectOpenAuditAlarmA
SetEntriesInAccessListA
AdjustTokenPrivileges
OpenBackupEventLogA
RegEnumKeyExW
EnumServicesStatusA
SetSecurityDescriptorGroup
GetServiceKeyNameW
GetMultipleTrusteeA
CryptVerifySignatureW
GetTrusteeNameW
MakeSelfRelativeSD
CryptImportKey
RegUnLoadKeyA
InitializeSid
AbortSystemShutdownW
SetPrivateObjectSecurity
RegOpenKeyW
TrusteeAccessToObjectW
RegisterServiceCtrlHandlerA
CreateProcessAsUserA
LookupPrivilegeDisplayNameA
SetSecurityDescriptorDacl
DuplicateToken
FindFirstFreeAce
ChangeServiceConfigW
RegCreateKeyExA
BuildTrusteeWithSidW
CreateServiceW
LookupAccountNameA
DeleteAce
SetFileSecurityA
InitiateSystemShutdownA
CryptSetProviderW
GetSecurityDescriptorGroup
CryptDuplicateKey
GetUserNameW
OpenProcessToken
RegisterServiceCtrlHandlerW
RegCloseKey
RegSaveKeyA
SetNamedSecurityInfoExA
GetSecurityInfo
NotifyBootConfigStatus
CryptDestroyHash
BuildExplicitAccessWithNameW
IsTextUnicode
CryptHashData
RegDeleteValueW
RegOpenKeyExW
CreatePrivateObjectSecurity
DeregisterEventSource
GetEffectiveRightsFromAclW
DestroyPrivateObjectSecurity
GetExplicitEntriesFromAclA
EnumDependentServicesA
GetNamedSecurityInfoExW
ReadEventLogA
RegRestoreKeyW
AddAuditAccessAce
SetAclInformation
GetSecurityDescriptorDacl
SetEntriesInAclW
RegQueryValueExA
SetEntriesInAuditListA
CryptGetDefaultProviderW
SetTokenInformation
RegUnLoadKeyW
ConvertSecurityDescriptorToAccessNamedW
OpenServiceA
ConvertSecurityDescriptorToAccessW
MapGenericMask
LogonUserA
GetSidLengthRequired
CryptHashSessionKey
PrivilegedServiceAuditAlarmW
BuildSecurityDescriptorA
OpenSCManagerW
GetSecurityDescriptorLength
RegQueryValueW
GetSecurityInfoExW
GetMultipleTrusteeOperationA
EnumServicesStatusW
GetAccessPermissionsForObjectW
RegQueryValueExW

kernel32

SetHandleInformation
SetCurrentDirectoryA
GetStringTypeA
GetPrivateProfileIntW
GetProfileSectionA
WaitForDebugEvent
BuildCommDCBW
GetCommandLineW
ReadConsoleOutputA
SleepEx
GlobalHandle
GetSystemDirectoryA
IsBadReadPtr
GetStartupInfoW
GlobalSize
SetFileApisToOEM
FlushViewOfFile
GetSystemDefaultLangID
RemoveDirectoryW
GetBinaryTypeW
FindClose
FlushFileBuffers
DuplicateHandle
Process32Next
CreateDirectoryExA
BuildCommDCBAndTimeoutsW
GlobalMemoryStatus
DefineDosDeviceA
SetThreadExecutionState
CloseHandle
GetSystemTimeAsFileTime
FillConsoleOutputAttribute
WaitForSingleObject
GetFileSize
DeleteFileA
PeekNamedPipe
LCMapStringA
GetQueuedCompletionStatus
WinExec
CreateSemaphoreW
CreateEventW
SetDefaultCommConfigA
GetLargestConsoleWindowSize
VirtualProtect
GetProcessHeap
EnumSystemLocalesW
CallNamedPipeW
FoldStringW
GetProcessVersion
FindFirstFileW
GetEnvironmentVariableW
VirtualQuery
lstrcpyA
GetCommMask
GetStringTypeW
EnumResourceTypesA
EnumResourceNamesW
FindResourceA
FindFirstFileA
GetVersionExA
GetVersionExW
GetVolumeInformationA
GetPrivateProfileSectionNamesA
CreateMailslotA
EnumDateFormatsExW
GetCalendarInfoA
GetDateFormatA
WriteConsoleOutputCharacterA
SetWaitableTimer
FileTimeToDosDateTime
GetTempPathW
GenerateConsoleCtrlEvent
PurgeComm
VirtualAlloc
CreateSemaphoreA
GetTempPathA
SetThreadContext
GetDefaultCommConfigA
EnumSystemCodePagesA
SetThreadLocale
RaiseException
lstrcmpA
GetProfileIntA
GetBinaryTypeA
GetLastError
EnumTimeFormatsW
OpenEventW
BackupRead
GlobalFree
GetThreadSelectorEntry
GetCommState
GetEnvironmentStrings
GetCurrentThread
GetCommModemStatus
ReadFileEx
InitializeCriticalSectionAndSpinCount
GlobalFlags
SetEnvironmentVariableW
SetFileTime
GetCurrentProcess
IsBadCodePtr
InitAtomTable
GetLogicalDriveStringsW
OpenEventA
GetStringTypeExW
HeapValidate
WriteConsoleInputA
GetFullPathNameW
IsDBCSLeadByte
lstrcmpiA
CreateFiber
SetCommState
WaitForMultipleObjects
lstrcpynW
IsBadStringPtrA
ReadConsoleOutputCharacterW
SetCalendarInfoW
BuildCommDCBAndTimeoutsA
SetSystemTimeAdjustment
GlobalFindAtomW
ExitProcess
BuildCommDCBA
WriteProfileStringW
Heap32ListFirst
ReleaseMutex
OpenWaitableTimerA
GetSystemInfo
SuspendThread
SetProcessPriorityBoost
CreateMailslotW
GetLocaleInfoW
IsSystemResumeAutomatic
CallNamedPipeA
GetCurrencyFormatA
IsDBCSLeadByteEx
Thread32Next
GetThreadPriority
SetVolumeLabelA
GetCPInfo
GetThreadTimes
UnhandledExceptionFilter
LockFile
VirtualAllocEx
GetModuleHandleA

user32

EditWndProc
CopyAcceleratorTableW
DdeFreeDataHandle
MapVirtualKeyExW
FindWindowW
GetWindowModuleFileNameW
SetWindowTextW
LoadAcceleratorsA
GetListBoxInfo
ToAsciiEx
CallNextHookEx
GetWindow
CreateDialogIndirectParamA
CharToOemBuffA
GetClassLongA
GetPropW
IsDialogMessageA
DdeAccessData
DdeCreateStringHandleA
GetMenuDefaultItem
CharUpperBuffW
GetClassInfoExA
DdeCreateDataHandle
SetClipboardViewer
EndTask
SwitchDesktop
InvalidateRgn
PaintDesktop
RegisterClassExA
EnableMenuItem
SetUserObjectInformationA
SendNotifyMessageW
TabbedTextOutA
CountClipboardFormats
SetCursorPos
SetDlgItemInt
TileWindows
AttachThreadInput
WINNLSEnableIME
GetDlgCtrlID
SetRectEmpty
IsCharUpperW
DdeUnaccessData
CreateWindowStationW
RegisterClassExW
GetClipboardSequenceNumber
GetDCEx
ToUnicode
DefDlgProcA
WaitForInputIdle
OemToCharBuffA
UnionRect
MapDialogRect
LoadStringA
GetMenuBarInfo
DragObject
ExcludeUpdateRgn
SetMenuItemInfoA
CreateIconFromResource
GetProcessWindowStation
LoadStringW
GetWindowTextW
CharLowerA
GetScrollRange
SetKeyboardState
CreateIconFromResourceEx
ShowWindow
GetNextDlgTabItem
SendDlgItemMessageW
PostQuitMessage
SendMessageCallbackW
DdeQueryStringA
DdeNameService
CheckMenuItem
GetClipCursor
SendInput
SetActiveWindow
IsZoomed
CallMsgFilter
SetWindowsHookA
DdeInitializeA
GetForegroundWindow
MessageBoxExW
GetMenuItemID
WindowFromPoint
ValidateRect
EnumWindowStationsW
SetDlgItemTextW
LoadMenuIndirectW
GetCapture
DeleteMenu
IsCharUpperA
InsertMenuItemA
PostThreadMessageW
GetDesktopWindow
CreateIconIndirect
MessageBoxA
GetWindowInfo
OffsetRect
GetAltTabInfo
SetMenuItemBitmaps
GetDC
GetAncestor
GetUserObjectInformationA
GetQueueStatus
DeferWindowPos
EnumDesktopsA
PeekMessageA
MessageBoxExA
GetDlgItemInt
GetUserObjectInformationW
RegisterClassA
DrawFrameControl
ChangeMenuW
IsWindow
DefMDIChildProcA
NotifyWinEvent
SystemParametersInfoA
GrayStringW
GetUserObjectSecurity
CreateWindowExW
GetMenuStringA
AdjustWindowRectEx
SetThreadDesktop
ChangeClipboardChain
GetGuiResources
DrawMenuBar
GetMenuInfo

ole32

GetClassFile
CoGetMalloc
OleQueryLinkFromData
UpdateDCOMSettings
WriteFmtUserTypeStg
OleCreate
UtGetDvtd32Info
OleCreateLinkFromData
StringFromCLSID
OleIsCurrentClipboard
RegisterDragDrop
CreateILockBytesOnHGlobal
CoSwitchCallContext
CoGetStandardMarshal
CreateObjrefMoniker
StgOpenStorageOnILockBytes
CreateBindCtx
CoGetInstanceFromIStorage
OleConvertIStorageToOLESTREAM
CoGetPSClsid
CreateGenericComposite
OleConvertOLESTREAMToIStorageEx
OleGetClipboard
CoInitializeSecurity
StringFromGUID2
CoTaskMemRealloc
GetHookInterface
CoGetCallContext
EnableHookObject
OleDuplicateData
DllDebugObjectRPCHook
UtConvertDvtd32toDvtd16
OleInitialize
CoRegisterClassObject
OleCreateEx
CoRevertToSelf
StgGetIFillLockBytesOnFile
CoTreatAsClass
OleCreateLinkFromDataEx
StgOpenAsyncDocfileOnIFillLockBytes
PropVariantClear
CreateItemMoniker
CreateDataCache
ReadClassStg
OleUninitialize
OleCreateFromData
DoDragDrop
WriteClassStm
CoInitialize
OleMetafilePictFromIconAndLabel
CoResumeClassObjects
OleFlushClipboard
OleQueryCreateFromData
CoIsOle1Class
ReleaseStgMedium
CoGetCurrentLogicalThreadId
OleNoteObjectVisible
CoRegisterChannelHook
OleCreateLinkToFileEx
SetConvertStg
SetDocumentBitStg
CoFreeAllLibraries
CoQueryClientBlanket
CoGetObject
ReadFmtUserTypeStg
CoFreeLibrary
OleRegEnumVerbs
OleConvertIStorageToOLESTREAMEx
CoCopyProxy
OleSave
ProgIDFromCLSID
ReadClassStm
OleCreateDefaultHandler
CoReleaseMarshalData
RevokeDragDrop
OleCreateFromDataEx
CoReleaseServerProcess
CoSetProxyBlanket
OleCreateFromFile
OleRun
CoMarshalInterface
CreatePointerMoniker
StringFromIID
CoImpersonateClient
GetRunningObjectTable
OleDestroyMenuDescriptor
CoQueryReleaseObject
OpenOrCreateStream
CreateAntiMoniker
StgSetTimes
CoBuildVersion
CoGetClassObject
OleGetIconOfClass
CoInitializeEx
CreateFileMoniker
OleGetAutoConvert
OleSetClipboard
CoFileTimeToDosDateTime
OleCreateLink
GetConvertStg
FreePropVariantArray
OleDraw

shlwapi

SHRegDeleteEmptyUSKeyW
PathFindNextComponentW
PathFileExistsA
StrChrIW
SHRegCloseUSKey
PathIsDirectoryEmptyA
PathAddBackslashW
ChrCmpIW
StrPBrkA
PathIsDirectoryA
PathMatchSpecA
UrlCreateFromPathW
SHStrDupW
StrCmpW
StrStrIW
UrlUnescapeA
PathIsFileSpecW
PathRemoveArgsW
PathIsDirectoryEmptyW
SHRegDuplicateHKey
SHRegWriteUSValueW
SHRegQueryUSValueW
PathSearchAndQualifyA
SHOpenRegStream2W
PathFindExtensionW
PathFindSuffixArrayA
SHEnumValueA
SHCopyKeyA
StrFormatByteSize64A
StrChrIA
PathRemoveBackslashA
SHGetValueW
GetMenuPosFromID
SHRegOpenUSKeyW
PathCompactPathExW
UrlHashA
PathUnquoteSpacesA
PathCreateFromUrlA
PathQuoteSpacesA
StrCatBuffW
PathIsLFNFileSpecA
PathAddBackslashA
SHQueryValueExW
PathStripToRootA
PathGetCharTypeW
SHEnumValueW
StrCSpnIA
SHRegOpenUSKeyA
SHRegWriteUSValueA
UrlGetLocationA
SHGetValueA
SHRegGetUSValueW
PathFileExistsW
ChrCmpIA
StrCSpnA
StrToIntExW
StrSpnW
UrlIsW
SHDeleteEmptyKeyW
PathSkipRootW
SHDeleteKeyW
PathStripToRootW
PathCommonPrefixA
StrStrIA
SHAutoComplete
UrlIsA
SHGetInverseCMAP
PathRelativePathToA
PathFindNextComponentA
StrRetToStrW
SHRegEnumUSValueA
StrFromTimeIntervalA
PathFindFileNameW
StrToIntW
StrNCatW
SHRegQueryInfoUSKeyA
StrToIntA
StrIsIntlEqualA
PathRemoveFileSpecA
SHCreateShellPalette
SHDeleteEmptyKeyA
UrlApplySchemeW
SHCreateStreamOnFileW
SHRegQueryUSValueA
StrRStrIA
SHRegSetUSValueA
UrlGetPartW
PathSetDlgItemPathA
PathIsDirectoryW
SHRegDeleteEmptyUSKeyA
SHRegEnumUSKeyW
PathUnmakeSystemFolderW
PathRemoveBackslashW
PathCanonicalizeW
AssocQueryStringByKeyW
StrFormatByteSizeA
StrCmpIW
PathRelativePathToW
StrDupW
StrCpyW
SHEnumKeyExW
PathIsNetworkPathW
SHSetThreadRef
UrlCombineA
PathCombineW
PathRemoveBlanksA

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f5fc4616f7d92b0a081f7df005bedc37

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

ole32

shlwapi

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 334B

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 334B