2a2419d34c7990297d9a2f7413a9af2a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2a2419d34c7990297d9a2f7413a9af2a_JaffaCakes118
Size

93KB
MD5

2a2419d34c7990297d9a2f7413a9af2a
SHA1

885641316960019cce05bb5b9c7dee8c0f4e4443
SHA256

91e8b2c4b3e8e7c7a30f39f28bc6c6c830afe69541cc7581cfb0bb914a8d1859
SHA512

a486f43ed9022ad59f888a23b594681a66989009f0fd2134e410d974ac842d1d7780340fd7218d9245ff8b815830e4d343167aaf52244b73d1c68994503270be
SSDEEP

1536:m56MA8rsg1OT3Rnv/pdoAULBXoO+Y+cancUAduuyDl2KjRR4jRRkPhzs6F:O6DBbv/pX0XoO1Qcvuh2Kjf4jfkPhzB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a2419d34c7990297d9a2f7413a9af2a_JaffaCakes118

Files

2a2419d34c7990297d9a2f7413a9af2a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c1d6bd41dfe06eafa1ecd349f5150e2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockFileEx
ScrollConsoleScreenBufferA
FileTimeToDosDateTime
EnumResourceNamesA
lstrcmp
GetPrivateProfileStructA
SetDefaultCommConfigW
FindFirstFileExA
FindFirstFileA
MultiByteToWideChar
PeekConsoleInputW
PrepareTape
VirtualFree
GetNamedPipeHandleStateW
FreeEnvironmentStringsW
GetModuleHandleA
UnlockFileEx
GetProcessTimes
Toolhelp32ReadProcessMemory
WaitNamedPipeW
WritePrivateProfileSectionA
GetTempPathA
ReadConsoleInputA
GetTempFileNameA
TlsGetValue
ReadProcessMemory
SetFileAttributesW
WritePrivateProfileStructW
SleepEx
GetFileAttributesExA
CreateMutexA
SetConsoleTitleA
Heap32ListNext
HeapFree
GetCPInfoExW
GetTempPathW
SearchPathW
SetConsoleCtrlHandler
ReadConsoleOutputCharacterW
LocalSize
lstrcpynA
GetFileAttributesExW
lstrcpyn
GlobalMemoryStatus
EnumDateFormatsW
GetVolumeInformationA
SetHandleInformation
MapViewOfFileEx
OpenMutexA
DuplicateHandle
GetCurrentProcessId
OpenFile
SetConsoleCP
IsBadStringPtrA
CompareFileTime
GetBinaryTypeA
SetConsoleOutputCP
HeapValidate
Heap32ListFirst
CreateEventA
CompareStringA
ReadConsoleOutputCharacterA
GenerateConsoleCtrlEvent
GlobalHandle
QueryPerformanceCounter
lstrcmpA
GetBinaryTypeW
ClearCommError
GetFileAttributesW
ReadConsoleOutputA
EnumTimeFormatsA
BackupRead
CreateMutexW
ReadConsoleInputW
OpenSemaphoreA
SetProcessWorkingSetSize
IsValidLocale
GetSystemPowerStatus
GetComputerNameW
BeginUpdateResourceA
GetCompressedFileSizeW
GetPrivateProfileSectionNamesA
GetPrivateProfileIntW
CancelIo
OutputDebugStringA
GetCommState
GetFileAttributesA
GetWindowsDirectoryA
WaitForMultipleObjects
PostQueuedCompletionStatus
HeapCreate
CreateMailslotA
GetProfileStringA
lstrcpyW
SetStdHandle
SetComputerNameA
SetMailslotInfo
FindNextFileA
LocalReAlloc
WriteTapemark
WriteConsoleA
CreateRemoteThread
VirtualProtect
SetConsoleScreenBufferSize
Heap32Next
SetThreadIdealProcessor
GetProcAddress
SetConsoleTextAttribute
GetProfileIntA
SetVolumeLabelA
lstrcmpi
FindNextFileW
GetProcessHeap
Process32First
Heap32First
SetConsoleCursorPosition
VerLanguageNameA
lstrlenW
IsBadHugeWritePtr
SearchPathA
UnhandledExceptionFilter
CallNamedPipeA
VirtualAlloc

advapi32

GetSecurityDescriptorGroup
CryptSetProviderA
SetSecurityInfoExW
RegReplaceKeyA
RegQueryInfoKeyW
ObjectDeleteAuditAlarmW
ConvertAccessToSecurityDescriptorW
LookupAccountNameW
ConvertAccessToSecurityDescriptorA
GetNamedSecurityInfoExW
SetSecurityDescriptorGroup
RegFlushKey
BuildTrusteeWithNameW
GetSecurityInfo
ChangeServiceConfigA
SetSecurityDescriptorOwner
GetAclInformation
GetSidSubAuthorityCount
GetAuditedPermissionsFromAclA
RegReplaceKeyW
RegDeleteValueA
OpenEventLogW
MapGenericMask
IsTextUnicode
RegOpenKeyW
RegQueryValueA
ControlService
ImpersonateLoggedOnUser
MakeAbsoluteSD
ImpersonateSelf
RegCreateKeyA
GetTrusteeTypeA
OpenProcessToken
GetExplicitEntriesFromAclW
EqualPrefixSid
CryptGetProvParam
InitiateSystemShutdownW
AddAuditAccessAce
SetEntriesInAclA
GetCurrentHwProfileA
DestroyPrivateObjectSecurity
DeregisterEventSource
RegQueryValueW
ConvertSecurityDescriptorToAccessW
SetPrivateObjectSecurity
EnumDependentServicesA
GetNumberOfEventLogRecords
RegSetKeySecurity
PrivilegedServiceAuditAlarmW
GetTrusteeTypeW
CryptSetProviderExW
CryptExportKey
BuildTrusteeWithNameA
CryptHashSessionKey
BuildImpersonateTrusteeW
CryptGetKeyParam
CryptVerifySignatureW
OpenServiceA
SetEntriesInAuditListA
RegLoadKeyW
RegQueryMultipleValuesA
PrivilegeCheck
RegOpenKeyA
GetCurrentHwProfileW
ObjectOpenAuditAlarmW
RegQueryValueExA
SetAclInformation
GetPrivateObjectSecurity
RegOpenKeyExA
StartServiceCtrlDispatcherW
ChangeServiceConfigW
GetTokenInformation
RegDeleteValueW
BuildSecurityDescriptorA
GetEffectiveRightsFromAclA
NotifyChangeEventLog
ConvertSecurityDescriptorToAccessA
BuildImpersonateExplicitAccessWithNameA
LookupAccountNameA
CryptGenKey
BuildTrusteeWithSidW
RegCreateKeyExA
RegUnLoadKeyW
CloseEventLog
CreateProcessAsUserW
ObjectDeleteAuditAlarmA
GetSecurityDescriptorDacl
ClearEventLogA
GetEffectiveRightsFromAclW
LookupPrivilegeDisplayNameA
RegNotifyChangeKeyValue
SetEntriesInAclW
MakeSelfRelativeSD
SetSecurityInfo
LookupPrivilegeDisplayNameW
RegSetValueExA
AdjustTokenPrivileges
CryptAcquireContextW
GetSidLengthRequired
SetEntriesInAuditListW
InitiateSystemShutdownA
BackupEventLogW
PrivilegedServiceAuditAlarmA
SetSecurityDescriptorDacl
CryptImportKey
GetAce
GetServiceKeyNameW
AccessCheck
RegQueryMultipleValuesW
RegGetKeySecurity
OpenThreadToken
GetFileSecurityW
ReadEventLogW
RegSaveKeyA
ReadEventLogA
CryptContextAddRef
BuildImpersonateExplicitAccessWithNameW
IsValidSid
EqualSid
RegEnumKeyExA
CreateProcessAsUserA
CryptEncrypt
SetServiceStatus
AllocateLocallyUniqueId
SetTokenInformation
RevertToSelf
BuildExplicitAccessWithNameA
RegCreateKeyExW
CryptGetDefaultProviderA

shlwapi

StrFormatKBSizeA
wvnsprintfW
StrRStrIW
StrTrimW
SHRegWriteUSValueW
StrRChrIA
SHRegEnumUSKeyA
StrFormatKBSizeW
PathIsDirectoryA
StrCpyNW
PathStripToRootA
StrIsIntlEqualW
PathStripToRootW
PathRemoveFileSpecW
PathAppendA
PathRemoveBackslashA
PathIsUNCServerA
PathGetDriveNumberA
PathSetDlgItemPathA
UrlGetLocationA
PathUndecorateA
SHSkipJunction
PathAddBackslashW
StrCmpW
SHRegQueryInfoUSKeyA
UrlApplySchemeA
PathRemoveArgsW
PathIsSameRootA
PathIsDirectoryEmptyW
SHRegCloseUSKey
PathGetDriveNumberW
HashData
UrlUnescapeW
StrDupW
StrStrIW
SHRegGetUSValueA
PathFindFileNameW
UrlCreateFromPathA
SHRegEnumUSKeyW
PathIsDirectoryEmptyA
SHRegDeleteUSValueW
SHStrDupA
PathFindNextComponentA
PathIsContentTypeA
StrNCatA
GetMenuPosFromID
PathIsUNCServerW
StrStrW
StrFromTimeIntervalA
PathCanonicalizeW
SHRegGetBoolUSValueW
PathStripPathA
ColorAdjustLuma
PathIsSystemFolderA
PathGetArgsA
SHStrDupW
SHOpenRegStream2W
SHCreateShellPalette
ColorHLSToRGB
SHDeleteKeyA
StrStrA
SHDeleteKeyW
PathCompactPathExA
SHRegOpenUSKeyA
PathFindNextComponentW
SHGetInverseCMAP
PathIsURLA
StrCmpNW
SHRegQueryInfoUSKeyW
StrRetToBufW
SHEnumValueW
SHCreateStreamOnFileW
PathSkipRootW
UrlCompareW
StrCpyW
PathRemoveArgsA
StrFromTimeIntervalW
SHDeleteEmptyKeyW
StrRChrIW
SHRegDuplicateHKey
StrFormatByteSizeA
UrlCompareA
SHRegCreateUSKeyA
PathRemoveBackslashW
UrlIsA
ColorRGBToHLS
SHDeleteValueA
UrlUnescapeA
PathMatchSpecW
PathIsPrefixW
SHDeleteValueW
StrCmpNA
ChrCmpIA
StrCatBuffW
StrRChrA
PathRelativePathToW
ChrCmpIW
StrSpnA
StrCmpIW
PathRenameExtensionW
StrCatW
PathCommonPrefixA
StrChrW
PathMakeSystemFolderA
SHCreateStreamOnFileA
StrCmpNIW
IntlStrEqWorkerW
AssocQueryStringByKeyA
PathFileExistsW
PathAddExtensionW

ole32

CoMarshalInterface
CoRegisterSurrogate
WriteOleStg
OleCreateLinkFromDataEx
OleDuplicateData
StgGetIFillLockBytesOnILockBytes
CoGetCallerTID
SetConvertStg
CoLockObjectExternal
CoInitialize
CoSwitchCallContext
CreateAntiMoniker
OpenOrCreateStream
CoMarshalHresult
StgSetTimes
CreateGenericComposite
CoInitializeEx
OleSetAutoConvert
OleCreateLinkEx
CoQueryAuthenticationServices
WriteClassStg
CoSuspendClassObjects
IIDFromString
GetHGlobalFromILockBytes
CoRegisterMessageFilter
OleBuildVersion
StgOpenStorage
OleCreateLinkToFile
OleCreateFromFile
CoIsOle1Class
SetDocumentBitStg
OleGetClipboard
CoRegisterPSClsid
MonikerRelativePathTo
CoCreateInstanceEx
UpdateDCOMSettings
CoGetCurrentProcess
CoGetInstanceFromIStorage
EnableHookObject
StgOpenAsyncDocfileOnIFillLockBytes
CoCreateFreeThreadedMarshaler
RegisterDragDrop
OleIsRunning
CreatePointerMoniker
OleSaveToStream
ReleaseStgMedium
OleGetIconOfClass
CoQueryClientBlanket
StgCreateStorageEx
CoRegisterClassObject
CoResumeClassObjects
OleLoadFromStream
CoDisconnectObject
OleConvertIStorageToOLESTREAM
OleCreateDefaultHandler
CoLoadLibrary
CoReleaseMarshalData
CreateBindCtx
CoGetPSClsid
OleMetafilePictFromIconAndLabel
DllDebugObjectRPCHook
RevokeDragDrop
CoRegisterMallocSpy
GetRunningObjectTable
StgGetIFillLockBytesOnFile
CreateDataAdviseHolder
StgOpenStorageEx
CoQueryReleaseObject
OleRegEnumVerbs
CoFreeUnusedLibraries
OleCreateFromDataEx
StringFromGUID2
StgCreateDocfileOnILockBytes
CoCreateInstance
OleSetContainedObject
CoGetInterfaceAndReleaseStream
CoAddRefServerProcess
UtConvertDvtd16toDvtd32
OleConvertIStorageToOLESTREAMEx
StgOpenStorageOnILockBytes
PropVariantClear
CoUnmarshalInterface
BindMoniker
WriteClassStm
OleQueryLinkFromData
CreateObjrefMoniker
CoTaskMemAlloc
CoTreatAsClass
StringFromIID
CoUnmarshalHresult
CoTaskMemFree

user32

GetMenuItemCount
CharNextW
BeginDeferWindowPos
OpenInputDesktop
PtInRect
CharLowerBuffA
GetUpdateRgn
IsIconic
EnumDisplayDevicesW
GetClassWord
EndPaint
SetMenuContextHelpId
SetUserObjectInformationW
GetMenuStringA
CountClipboardFormats
ChangeDisplaySettingsExA
CharUpperA
CopyAcceleratorTableW
DefWindowProcW
DlgDirListComboBoxA
DdeClientTransaction
ShowOwnedPopups
IsCharAlphaNumericA
GetCaretBlinkTime
RegisterClipboardFormatA
DdeCreateStringHandleA
LoadMenuA
TranslateAcceleratorW
TabbedTextOutW
IsDialogMessageW
GetGuiResources
SystemParametersInfoA
WINNLSGetIMEHotkey
SetWindowsHookExW
SetTimer
GetWindowThreadProcessId
OffsetRect
IsWindowVisible
GetClassLongA
PostMessageA
DlgDirListW
GetPropW
LoadMenuW
DdeUnaccessData
SwitchToThisWindow
CreateWindowStationA
GetSysColorBrush
ValidateRgn
SendNotifyMessageW
DdeKeepStringHandle
GetQueueStatus
MessageBoxIndirectW
GetMenuDefaultItem
SwapMouseButton
PostMessageW
DestroyCaret
EnumDisplaySettingsExW
GetInputDesktop
DefDlgProcW
GetDlgItemTextA
DdeFreeStringHandle
SetWindowTextA
SendIMEMessageExW
DefMDIChildProcA
TrackMouseEvent
CreateIconFromResourceEx
EnableScrollBar
GetScrollInfo
WINNLSEnableIME
SetUserObjectInformationA
DlgDirListComboBoxW
SetPropW
SetRect
DdeInitializeW
GetMenuItemID
BlockInput
GetScrollBarInfo
CharPrevA
EndMenu
GetMenuItemInfoA
CopyRect
MapDialogRect
SetUserObjectSecurity
RegisterClassW
GetFocus
GetWindowPlacement
GetCaretPos
OemToCharBuffW
AdjustWindowRect
UnloadKeyboardLayout
GetWindowModuleFileNameA
GetClipboardSequenceNumber
LoadCursorFromFileA
SetWindowContextHelpId
GetSystemMetrics
GetNextDlgTabItem
CreateMDIWindowW
DialogBoxParamA
UnregisterDeviceNotification
BringWindowToTop
ShowWindowAsync
OpenDesktopW
MapWindowPoints
GetScrollPos
OpenWindowStationW
CreateWindowExA
InvalidateRect
CopyAcceleratorTableA
GetWindowTextLengthW
ChildWindowFromPointEx
SetDlgItemTextW
OemToCharW
GetLastActivePopup
GetKeyboardLayoutNameW
CheckDlgButton
EndTask
CascadeWindows
CharLowerA
RemovePropA
FrameRect
SetDlgItemTextA
DdeUninitialize
DrawIconEx
IsDialogMessageA
HideCaret
LoadKeyboardLayoutW
LoadCursorW
DdePostAdvise
PostQuitMessage
IsClipboardFormatAvailable
GetCapture
SystemParametersInfoW

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c1d6bd41dfe06eafa1ecd349f5150e2d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

ole32

user32

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 8KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 8KB