24e49e999156df2be94d48f8287c60e7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24e49e999156df2be94d48f8287c60e7_JaffaCakes118
Size

80KB
MD5

24e49e999156df2be94d48f8287c60e7
SHA1

e39839338b11b53c68068e558ede43ce7b9485fb
SHA256

2fa8fe01a116ddebc89f318ccb2a08abc6f598e5f66c0bbaf2521dfb64561a31
SHA512

a7e00bfcdd63dbbf0d26959ff5b43fc92c708d0cf4f76c7399df4132225dce0471fd7aa975475277a00a50062743143adb5aed40446efe4223c775b99d846bd2
SSDEEP

1536:EtA6S7NDHSN7IxPyDnsk/E+jwHzTOsrSaKguV4ogAgquVoquNHX0gLFw:2aN2yxPyIkM+jsHXJKgI4DALHr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24e49e999156df2be94d48f8287c60e7_JaffaCakes118

Files

24e49e999156df2be94d48f8287c60e7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4ee7d7613bd42094d6b9d1c5a45e06e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesW
GetPrivateProfileStructA
EnumDateFormatsExA
GetSystemDefaultLCID
SetErrorMode
GetThreadLocale
VirtualProtect
GetPrivateProfileIntA
GetShortPathNameA
GetSystemDirectoryW
CreateNamedPipeA
GetCompressedFileSizeW
FindFirstFileExW
SetLocaleInfoA
UpdateResourceA
GlobalUnfix
CompareStringW
SetEnvironmentVariableW
SetProcessShutdownParameters
SetLocaleInfoW
WriteFile
CreateProcessA
LoadResource
SetCommConfig
GetAtomNameW
FreeResource
SetConsoleCP
GetCompressedFileSizeA
GetModuleFileNameW
UnlockFileEx
GetProfileIntA
IsBadHugeWritePtr
BuildCommDCBAndTimeoutsA
HeapFree
ReadFileEx
lstrcmpiA
GetStartupInfoA
WritePrivateProfileStringW
WriteTapemark
CreateIoCompletionPort
GetDateFormatW
GetFileType
GetThreadSelectorEntry
ReleaseMutex
GetProcessWorkingSetSize
GetLogicalDriveStringsA
WriteConsoleOutputAttribute
OpenWaitableTimerW
SuspendThread
GetHandleInformation
IsDBCSLeadByteEx
SetSystemTime
GetCommandLineW
WriteProfileSectionA
CreateFileMappingA
BuildCommDCBW
GetCommConfig
GetLastError
SetProcessAffinityMask
CreateDirectoryW
LockFile
CreateThread
ConnectNamedPipe
SetThreadAffinityMask
GenerateConsoleCtrlEvent
lstrcmpi
GetCurrentProcess
SetLocalTime
OpenSemaphoreA
SizeofResource
GetSystemTime
SystemTimeToTzSpecificLocalTime
FlushViewOfFile
SetConsoleCursorInfo
EnumSystemLocalesW
CreateMailslotW
LoadLibraryExW
SetEnvironmentVariableA
GetCommModemStatus
PeekConsoleInputA
GetConsoleScreenBufferInfo
GlobalFix
GetBinaryType
SearchPathW
FreeEnvironmentStringsA
GetCurrencyFormatW
WritePrivateProfileStructA
SetConsoleWindowInfo
GetCurrentThreadId
WaitForSingleObjectEx
DisconnectNamedPipe
FindAtomA
GetAtomNameA
LockFileEx
GetConsoleCP
BuildCommDCBA
OpenEventW
RequestDeviceWakeup
AddAtomW
CreateMutexW
UnhandledExceptionFilter
SetEvent
ScrollConsoleScreenBufferW
GetEnvironmentVariableA
VirtualAlloc
LocalUnlock
MoveFileW
GetTimeFormatW
EnumResourceTypesA
DebugBreak
GetCPInfoExW
SetConsoleCtrlHandler
GetVersionExA
BackupRead
GetConsoleCursorInfo
HeapCreate
SetThreadPriorityBoost
QueryPerformanceCounter
CreateWaitableTimerA
IsBadCodePtr
GetVersion
QueryDosDeviceW
GetDiskFreeSpaceExW
SetThreadContext
VirtualFreeEx
lstrcpyW
GetThreadContext
DeleteFileA
GetNumberFormatW
CreateTapePartition
GetSystemPowerStatus
CreateEventW
FreeLibrary
TransmitCommChar
GetThreadPriority
SetComputerNameA

shlwapi

PathIsContentTypeA
PathGetCharTypeW
StrCSpnW
PathFindNextComponentA
StrStrIA
SHSetValueA
SHRegGetBoolUSValueA
ChrCmpIA
PathRelativePathToA
PathIsSameRootA
PathRemoveBackslashW
SHOpenRegStreamW
SHDeleteValueW
ColorHLSToRGB
SHEnumValueW
PathSearchAndQualifyA
SHGetValueW
StrRChrA
PathCompactPathA
PathCommonPrefixA
StrChrA
PathAddBackslashA
PathSetDlgItemPathW
SHRegQueryInfoUSKeyA
UrlGetLocationW
StrRetToBufW
SHRegEnumUSValueW
StrStrA
AssocQueryKeyA
AssocQueryKeyW
SHRegDeleteUSValueA
UrlIsA
PathRenameExtensionA
PathRemoveExtensionW
ColorAdjustLuma
wvnsprintfA
SHQueryValueExA
PathIsNetworkPathA
StrCatBuffW
SHStrDupA
StrRChrIA
PathAppendW
StrRChrIW
StrRStrIA
SHOpenRegStream2W
PathUnmakeSystemFolderA
PathGetCharTypeA
PathCombineA
PathIsRelativeW
StrCatBuffA
StrCmpNW
PathUnquoteSpacesA
SHCreateShellPalette
PathMakePrettyW
UrlIsNoHistoryW
UrlCanonicalizeW
SHRegCreateUSKeyW
PathRemoveBlanksW
PathRemoveFileSpecW
PathFindFileNameA
StrToIntExA
ChrCmpIW
PathGetArgsW
StrFormatKBSizeW
StrFormatKBSizeA
PathIsRootA
SHRegCloseUSKey
PathIsURLW
PathAddExtensionW
UrlCombineA
PathCompactPathExA
PathMakePrettyA
PathFindOnPathW
StrCSpnIW
PathFileExistsA
SHRegWriteUSValueA
PathIsPrefixW
SHRegQueryInfoUSKeyW
SHAutoComplete
SHIsLowMemoryMachine
PathFindFileNameW
AssocQueryStringByKeyW
PathCommonPrefixW
SHRegDeleteEmptyUSKeyA
SHRegQueryUSValueW
StrNCatW
wnsprintfW
PathRemoveFileSpecA
UrlHashW
AssocQueryStringW
StrPBrkA
PathMakeSystemFolderW
PathRenameExtensionW
PathIsSystemFolderW
PathSkipRootA
PathIsURLA
SHGetValueA
PathAppendA
AssocQueryStringByKeyA
PathIsPrefixA
StrStrW
PathFindExtensionW
StrPBrkW
wnsprintfA
StrRStrIW
StrFromTimeIntervalW
UrlEscapeA
PathCanonicalizeA
SHRegOpenUSKeyA
SHEnumKeyExA
PathRemoveBackslashA
StrToIntExW

ole32

IsAccelerator
CoCreateInstance
OleCreateLinkFromDataEx
CoUnmarshalHresult
StgCreateDocfileOnILockBytes
CreateAntiMoniker
StgGetIFillLockBytesOnILockBytes
CreateStreamOnHGlobal
UtGetDvtd16Info
OleCreateLinkToFile
CoQueryClientBlanket
CreateObjrefMoniker
CoGetMalloc
OleRun
CoMarshalHresult
OleCreateFromDataEx
OleDraw
CoAddRefServerProcess
OleRegGetMiscStatus
ProgIDFromCLSID
CoFreeLibrary
GetHGlobalFromILockBytes
ReadOleStg
PropVariantCopy
WriteStringStream
OleBuildVersion
OleLoad
CoInitializeEx
OleCreate
MkParseDisplayName
ReadClassStm
OleDestroyMenuDescriptor
CoMarshalInterThreadInterfaceInStream
WriteOleStg
CoGetInterfaceAndReleaseStream
CoInitialize
IIDFromString
ReadClassStg
CoRevertToSelf
PropVariantClear
OleSetAutoConvert
CoCopyProxy
CoMarshalInterface
OleDoAutoConvert
OleCreateLinkToFileEx
StringFromCLSID
OleLockRunning
CoGetClassObject
CoGetStandardMarshal
MonikerRelativePathTo
EnableHookObject
CreateFileMoniker
OleQueryLinkFromData
OleRegEnumFormatEtc
OleNoteObjectVisible
OleConvertOLESTREAMToIStorage
WriteFmtUserTypeStg
CoGetCallContext
StgOpenStorage
CoGetCallerTID
CoResumeClassObjects
UtConvertDvtd32toDvtd16
CoIsHandlerConnected
CoRegisterMessageFilter
OleLoadFromStream
OleCreateDefaultHandler
StgOpenAsyncDocfileOnIFillLockBytes
CoGetMarshalSizeMax
ReadFmtUserTypeStg
StgIsStorageFile
OleSaveToStream
CoCreateInstanceEx
CoInitializeSecurity
OleCreateLinkEx
OleQueryCreateFromData
OleConvertIStorageToOLESTREAMEx
OleSetContainedObject
OleSave
CoFreeAllLibraries
OleCreateFromFileEx
OleUninitialize
CoGetCurrentProcess
CoGetInstanceFromFile
OleGetIconOfClass
CoDisconnectObject
StgCreateDocfile
CoCreateGuid
CreateDataCache
CreateClassMoniker
CoRegisterMallocSpy
CoTaskMemFree
OleInitialize
OleCreateFromFile
CoTreatAsClass
CLSIDFromProgID
UpdateDCOMSettings
OleSetClipboard
CreateGenericComposite
CoCreateFreeThreadedMarshaler
BindMoniker
UtGetDvtd32Info
CoTaskMemAlloc
IsEqualGUID

user32

EnumWindowStationsW
SendIMEMessageExW
ArrangeIconicWindows
ReplyMessage
LoadKeyboardLayoutA
LoadCursorW
ClipCursor
MessageBoxIndirectW
CreateMenu
SetDoubleClickTime
GetClassWord
DispatchMessageA
GetNextDlgGroupItem
GetInputState
SetDeskWallpaper
TranslateMessage
GetClipboardSequenceNumber
MoveWindow
GetWindowTextA
CreateIcon
SetWindowTextW
EnumThreadWindows
SetWindowsHookW
CopyAcceleratorTableW
UnpackDDElParam
GetCapture
OpenClipboard
SetWindowRgn
BringWindowToTop
GetScrollBarInfo
RegisterDeviceNotificationA
SetCaretPos
HideCaret
ShowWindow
CreateDialogParamA
DdeQueryStringA
LoadCursorFromFileW
SetScrollPos
GetWindowThreadProcessId
SetMessageExtraInfo
RemovePropW
SetClipboardViewer
DrawStateW
EnableMenuItem
GetTopWindow
GetDlgItemTextA
OpenWindowStationA
PostMessageA
GetWindowLongW
GetMenuItemInfoW
ReuseDDElParam
FreeDDElParam
EnumDisplaySettingsA
WINNLSGetIMEHotkey
OpenInputDesktop
ChangeDisplaySettingsW
DefWindowProcW
RegisterClassW
SetMenuInfo
CharPrevA
RemoveMenu
DefMDIChildProcA
SetForegroundWindow
FillRect
ScrollDC
SetMenuDefaultItem
GetMenuStringW
GetMenuBarInfo
GetWindowTextLengthW
SetWindowsHookExA
LoadCursorA
GetClassInfoExA
LoadAcceleratorsA
DrawFocusRect
UnhookWindowsHookEx
CharNextExA
LoadAcceleratorsW
LoadMenuIndirectW
ClientToScreen
SetWindowTextA
CountClipboardFormats
AttachThreadInput
GetScrollPos
IsWindowEnabled
GetMonitorInfoW
DdeKeepStringHandle
GetListBoxInfo
IsWindowVisible
LoadImageW
CreateDialogParamW
GetMessageW
CheckDlgButton
SetParent
DrawTextA
RemovePropA
InvertRect
ChangeClipboardChain
EqualRect
DdeAddData
GetKeyboardLayout
OpenDesktopW
UnregisterClassA
GetScrollRange
DrawMenuBar
GetCursorInfo
DlgDirSelectComboBoxExA
UpdateWindow
GetClassInfoExW
ShowCursor
VkKeyScanExA
IsRectEmpty
CreateMDIWindowW
SetUserObjectInformationA
GetWindow
ScrollWindow
TranslateAcceleratorW
PostQuitMessage
GetClipCursor
CharNextW
SetMenuItemBitmaps
SetDlgItemTextW
LockWindowUpdate
EnumWindows
LoadStringA
DefFrameProcA
SetCapture
MapWindowPoints

advapi32

FreeSid
ClearEventLogW
GetPrivateObjectSecurity
RegSaveKeyA
LookupSecurityDescriptorPartsW
CryptReleaseContext
CryptCreateHash
CreatePrivateObjectSecurity
GetSecurityDescriptorControl
BuildTrusteeWithSidA
SetNamedSecurityInfoW
RevertToSelf
CryptVerifySignatureW
SetEntriesInAclA
AreAnyAccessesGranted
CryptDuplicateHash
AllocateAndInitializeSid
GetSidSubAuthorityCount
RegDeleteKeyW
EnumDependentServicesA
LookupPrivilegeNameA
CreateServiceA
RegEnumKeyW
SetEntriesInAccessListW
IsValidAcl
SetServiceObjectSecurity
DeregisterEventSource
GetServiceKeyNameA
OpenEventLogA
GetMultipleTrusteeOperationW
GetSecurityDescriptorOwner
CryptEnumProvidersW
GetSidSubAuthority
CryptDestroyKey
GetSidLengthRequired
IsValidSid
QueryServiceLockStatusA
SetEntriesInAccessListA
GetEffectiveRightsFromAclA
RegQueryInfoKeyW
BuildImpersonateTrusteeA
GetKernelObjectSecurity
CryptSetHashParam
GetAce
QueryServiceConfigA
PrivilegeCheck
RegUnLoadKeyA
LogonUserW
CryptDuplicateKey
SetEntriesInAuditListW
CryptEncrypt
GetTrusteeNameW
LockServiceDatabase
OpenProcessToken
LogonUserA
RegEnumKeyExW
CryptSetProviderW
RegisterEventSourceA
RegQueryInfoKeyA
AddAccessAllowedAce
GetAclInformation
CryptSetProviderExW
ConvertSecurityDescriptorToAccessNamedA
MakeAbsoluteSD
ImpersonateLoggedOnUser
LookupAccountNameW
CryptDeriveKey
ConvertSecurityDescriptorToAccessNamedW
AbortSystemShutdownA
GetUserNameW
ObjectOpenAuditAlarmA
RegReplaceKeyA
CreateServiceW
CreateProcessAsUserW
PrivilegedServiceAuditAlarmW
PrivilegedServiceAuditAlarmA
AreAllAccessesGranted
GetAccessPermissionsForObjectW
AccessCheck
GetExplicitEntriesFromAclW
ConvertAccessToSecurityDescriptorW
BuildImpersonateExplicitAccessWithNameW
GetSecurityDescriptorGroup
CryptImportKey
GetSecurityInfo
CryptGetKeyParam
StartServiceA
RegQueryValueExW
AbortSystemShutdownW
ObjectDeleteAuditAlarmW
AdjustTokenGroups
CryptSetKeyParam
OpenSCManagerA
GetAccessPermissionsForObjectA
RegCloseKey
MakeSelfRelativeSD
RegOpenKeyExW
CreateProcessAsUserA
GetNamedSecurityInfoExA
RegDeleteKeyA
CryptContextAddRef
RegQueryMultipleValuesW
RegCreateKeyA
CryptEnumProviderTypesA
RegConnectRegistryW
GetSidIdentifierAuthority
CryptAcquireContextW
GetMultipleTrusteeA
IsValidSecurityDescriptor
RegLoadKeyA
IsTextUnicode
ReportEventW
CryptSignHashA
LookupAccountSidA
GetSecurityDescriptorLength
RegGetKeySecurity
ObjectCloseAuditAlarmW

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 355B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4ee7d7613bd42094d6b9d1c5a45e06e7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

ole32

user32

advapi32

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 355B

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 355B