2b0ab811d44e24300bc487b2b42d1370_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b0ab811d44e24300bc487b2b42d1370_JaffaCakes118
Size

67KB
MD5

2b0ab811d44e24300bc487b2b42d1370
SHA1

92634d078fbd1eaa27238033feb87ded69956a0b
SHA256

ad9039e3ffcc247b9d6a73a9a421c17ec9e33f66cb8df2c96bcdb5584752e069
SHA512

3a55797a50ba29641fbde6bc3895b75ae4492ca3734c1e627aacaa96307e53625e492559f5345ea7db17af41320fbc76f8bd1c4994681b33f8dcb6c59c6b70ce
SSDEEP

1536:wkv5LciBgI+0fE3xIJSYTe9vsS/pQg6wHzwJyML+nCw2:6iB57EQSYAv3/pQzCwJw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b0ab811d44e24300bc487b2b42d1370_JaffaCakes118

Files

2b0ab811d44e24300bc487b2b42d1370_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dc3d6f2ff977c5c6b4c126ec214e64b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageCallbackW
CharPrevExA
GetCapture
RemovePropW
DdeAbandonTransaction
IsCharLowerA
GetWindowPlacement
SubtractRect
ExitWindowsEx
GetCursorInfo
CharLowerA
CallMsgFilter
SetCapture
VkKeyScanExW
IsWindowUnicode
ChangeDisplaySettingsExW
EndTask
GetMenuItemInfoA
GetMenuItemInfoW
GetDlgItemTextW
GetWindowRgn
SetMenuItemInfoA
TranslateAcceleratorW
GetMenuInfo
AppendMenuW
InsertMenuItemA
SendMessageTimeoutA
UnregisterHotKey
GetPriorityClipboardFormat
ValidateRect
GetSysColor
HideCaret
LoadCursorA
DefWindowProcW
GetKeyState
DeferWindowPos
EditWndProc
DdeSetUserHandle
DdeUninitialize
SetClipboardData
BeginDeferWindowPos
GetKeyboardLayoutList
DispatchMessageA
SetDlgItemTextW
CharNextExA
GetScrollBarInfo
RemoveMenu
SetScrollPos
OpenInputDesktop
LoadCursorFromFileA
UnregisterClassW
GetWindowDC
DestroyIcon
PostThreadMessageW
DdeKeepStringHandle
SetWindowContextHelpId
PeekMessageW
CreateIcon
DrawFrame
ToAsciiEx
InsertMenuA
SystemParametersInfoW
EnumWindowStationsW
ClipCursor
ScrollWindowEx
CallMsgFilterW
RealChildWindowFromPoint
CallNextHookEx
EnumDisplaySettingsA
IsRectEmpty
LoadIconA
LoadBitmapW

shlwapi

PathIsPrefixW
StrDupW
UrlApplySchemeA
StrCSpnW
StrPBrkA
StrSpnA
SHRegGetBoolUSValueA
PathUndecorateW
SHRegDeleteEmptyUSKeyW
PathBuildRootW
SHQueryInfoKeyW
SHEnumKeyExW
PathCombineA
SHRegWriteUSValueA
PathUndecorateA
PathSearchAndQualifyA
SHEnumValueA
PathRemoveFileSpecA
PathCommonPrefixA
PathMakePrettyW
PathIsContentTypeA
PathUnquoteSpacesA
PathRemoveArgsW
UrlUnescapeA
StrCatW
PathIsUNCServerW
SHRegDuplicateHKey
PathIsNetworkPathA
SHQueryValueExA
PathIsLFNFileSpecA
PathIsRelativeW
PathIsNetworkPathW
PathUnquoteSpacesW
PathUnmakeSystemFolderW
StrCmpNW
SHRegGetBoolUSValueW
PathFileExistsA
SHOpenRegStream2W
PathIsLFNFileSpecW
SHSetThreadRef
SHOpenRegStreamA
PathBuildRootA
AssocQueryStringByKeyW
PathStripPathW
StrNCatA
SHRegQueryInfoUSKeyW
UrlEscapeW
SHDeleteEmptyKeyW
SHGetThreadRef
StrTrimW
StrStrW
StrToIntExW
PathRemoveExtensionA
StrChrIA
ColorHLSToRGB
PathIsSystemFolderA
SHDeleteValueW
PathRenameExtensionA
PathIsDirectoryA
PathIsUNCW
PathFindExtensionA
IntlStrEqWorkerA
UrlGetLocationW
UrlIsOpaqueA
PathCombineW

kernel32

SetThreadIdealProcessor
GetTempFileNameA
OpenProcess
InitializeCriticalSectionAndSpinCount
WriteConsoleA
lstrcmpiA
Beep
QueryPerformanceCounter
BackupWrite
FlushViewOfFile
MapViewOfFile
CreateFiber
FindNextFileW
ReadConsoleW
GetEnvironmentStringsA
MoveFileExA
GlobalHandle
VirtualAlloc
GetThreadTimes
FillConsoleOutputCharacterW
LocalUnlock
PrepareTape
CloseHandle
GetVolumeInformationW
GetSystemDefaultLangID
PurgeComm
SuspendThread
CopyFileW
Process32First
WriteConsoleInputA
GetCPInfoExA
DeleteFileA
FatalAppExitW
SetEnvironmentVariableA
SetThreadLocale
ReadFileScatter
GetCalendarInfoW
GetLogicalDriveStringsW
CreateEventW
GetConsoleScreenBufferInfo
CopyFileExA
FreeLibrary
RequestDeviceWakeup
LoadLibraryExW
SetConsoleCtrlHandler
CreateNamedPipeW
GetFileAttributesExA
CommConfigDialogW
MapViewOfFileEx
ResumeThread
ReadConsoleOutputAttribute
DefineDosDeviceW
SetCalendarInfoW
EnumCalendarInfoW
GetTapePosition
GetCommState
lstrcmpA
ReleaseMutex
SetTapePosition
FindFirstFileExA
VirtualProtect
GlobalDeleteAtom
GetCurrencyFormatA
SetConsoleCursorPosition
SetHandleInformation
CreateMailslotW

advapi32

CryptSetProviderW
GetOverlappedAccessResults
CryptGetDefaultProviderA
DuplicateToken
RegEnumKeyW
CryptGetDefaultProviderW
AddAccessAllowedAce
OpenServiceW
GetSecurityInfoExA
LookupAccountSidA
ImpersonateLoggedOnUser
NotifyChangeEventLog
StartServiceW
ConvertSecurityDescriptorToAccessNamedA
ObjectCloseAuditAlarmA
LookupPrivilegeValueA
CryptGetHashParam
LookupSecurityDescriptorPartsA
EqualPrefixSid
LockServiceDatabase
RegDeleteValueA
SetNamedSecurityInfoExW
GetCurrentHwProfileA
CryptGenKey
UnlockServiceDatabase
RegQueryValueW
CryptSignHashA
RegOpenKeyExA
BuildTrusteeWithSidA
RegGetKeySecurity
CryptGetProvParam
BuildImpersonateTrusteeA
GetUserNameA
GetSecurityInfo
SetEntriesInAccessListW
GetServiceDisplayNameA
PrivilegedServiceAuditAlarmA
ControlService
BuildExplicitAccessWithNameA
EnumServicesStatusA
GetPrivateObjectSecurity
CryptGenRandom
SetEntriesInAuditListW
GetSidLengthRequired
RegQueryValueExW
GetMultipleTrusteeOperationW
CryptReleaseContext
RegUnLoadKeyW
InitializeAcl
CreateProcessAsUserW

ole32

CoGetCallContext
CreateItemMoniker
CoFileTimeNow
WriteOleStg
CoCopyProxy
StgGetIFillLockBytesOnFile
BindMoniker
CoFreeLibrary
ReadOleStg
CLSIDFromProgID
OleRun
OleRegEnumFormatEtc
CoGetInterfaceAndReleaseStream
OleCreateLinkFromDataEx
CoReleaseMarshalData
WriteFmtUserTypeStg
OleQueryLinkFromData
CreateFileMoniker
CoRegisterChannelHook
CoBuildVersion
CreateClassMoniker
StringFromGUID2
CoQueryProxyBlanket
OleBuildVersion
CoCreateFreeThreadedMarshaler
CoRegisterMessageFilter
CoUnmarshalHresult
CoImpersonateClient
CreateILockBytesOnHGlobal
CoMarshalInterThreadInterfaceInStream
CoQueryReleaseObject
CoTaskMemAlloc
CoInitializeSecurity
StgGetIFillLockBytesOnILockBytes
CoUnmarshalInterface
MonikerCommonPrefixWith
OleDestroyMenuDescriptor
CoResumeClassObjects
ReadStringStream
MkParseDisplayName
CoDisconnectObject
CLSIDFromString
OleCreateFromFileEx
OleDoAutoConvert
CoRevertToSelf
CoSuspendClassObjects
CoInitialize
WriteClassStg
CoGetStandardMarshal
CoCreateInstance
GetHGlobalFromILockBytes
OpenOrCreateStream
SetDocumentBitStg
CreateDataCache
CoGetMarshalSizeMax

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dc3d6f2ff977c5c6b4c126ec214e64b8

Headers

DLL Characteristics

File Characteristics

Imports

user32

shlwapi

kernel32

advapi32

ole32

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 12KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 12KB