2bb159f87e68fd3498f52265e39093c1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2bb159f87e68fd3498f52265e39093c1_JaffaCakes118
Size

31KB
MD5

2bb159f87e68fd3498f52265e39093c1
SHA1

44a7f27b8977ff79a644c71a8bb8331fe6511ffd
SHA256

b7e9d66d01f76105e8b6c0f6fa0e6808ea554189335bf08dffac79a369470da0
SHA512

64d4729ef06fdc55ccbffcb487a6945f42f0a8c592f90f672c0f611c1ab21b87d1369163bdf34ff6770910de7af649bf5057362f34d4c7b0f82a473c33497db5
SSDEEP

768:hhqnA2eWTiIky5J1RnSYMGCj5qRoDda4m4Q0kMP2mFYX5ND+D:hhqA2esJVGjIqDdcb/3X/+D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bb159f87e68fd3498f52265e39093c1_JaffaCakes118

Files

2bb159f87e68fd3498f52265e39093c1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b4706fe58c9f079eab3e5739d32a96ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntW
PathAppendW

kernel32

HeapFree
GlobalLock
GetModuleHandleA
CreateFileW
SizeofResource
WritePrivateProfileSectionW
FreeLibrary
LocalFree
GetLastError
SetCurrentDirectoryW
GetTickCount
FormatMessageW
IsBadStringPtrW
CreateProcessW
LeaveCriticalSection
GetSystemTimeAsFileTime
GetModuleHandleW
InterlockedIncrement
lstrlenW
FindClose
GetSystemWindowsDirectoryW
DeleteFileW
lstrcpyW
lstrcmpW
OutputDebugStringW
CreateEventW
TerminateProcess
FreeConsole
SetThreadLocale
SetEvent
GetTempPathW
GetCurrentThread
CloseHandle
EnterCriticalSection
GetThreadLocale
SetUnhandledExceptionFilter
FindFirstFileW
LoadLibraryExW
VirtualAlloc
WritePrivateProfileStringW
ReadFile
lstrcmpiW
OutputDebugStringA
GlobalAlloc
LoadResource
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
Sleep
CreateThread
LoadLibraryExA
GetWindowsDirectoryW
LoadLibraryW
GetUserDefaultLangID
CompareStringW
QueryPerformanceCounter
IsBadWritePtr
CopyFileW
GetSystemDirectoryW
InterlockedDecrement
GlobalFree
HeapAlloc
DeleteCriticalSection
CreateDirectoryW
UnhandledExceptionFilter
lstrcatW
SetLastError
GetExitCodeThread
ExpandEnvironmentStringsW
LocalAlloc
TryEnterCriticalSection
GetProcessHeap
LockResource
FindResourceW
MultiByteToWideChar
GetProcAddress
WriteFile
GlobalUnlock
SetFilePointer
WideCharToMultiByte
WaitForSingleObject
GetUserDefaultUILanguage
GetFileAttributesW
GetTempFileNameW
GetModuleFileNameW
GetVersion
lstrcpynW
LocalReAlloc

scecli

SceEnumerateServices
SceGetObjectChildren
SceCreateDirectory
SceSvcQueryInfo
SceGetServerProductType
SceSvcSetInformationTemplate
SceSvcConvertTextToSD
SceAddToNameList
SceWriteSecurityProfileInfo
SceFreeProfileMemory
SceCompareSecurityDescriptors
SceConfigureSystem
SceSvcFree
SceUpdateObjectInfo
SceRollbackTransaction
SceGetScpProfileDescription
SceFreeMemory
SceCloseProfile
SceGetSecurityProfileInfo
SceLookupPrivRightName
SceCompareNameList
SceAddToNameStatusList
SceSvcGetInformationTemplate
SceUpdateSecurityProfile
SceOpenProfile
SceAppendSecurityProfileInfo
SceStartTransaction
SceGetObjectSecurity
SceAnalyzeSystem
SceSvcUpdateInfo
SceCommitTransaction
SceCopyBaseProfile

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetMalloc

atl

AtlAxGetHost

cmdial32

AutoDialFunc

netapi32

DsGetDcNameW
NetApiBufferFree

advapi32

IsValidSecurityDescriptor
SetSecurityDescriptorDacl
MapGenericMask
AllocateAndInitializeSid
LookupPrivilegeDisplayNameW
GetSecurityDescriptorSacl
RegQueryInfoKeyW
MakeSelfRelativeSD
ConvertSidToStringSidW
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorSacl
RegOpenKeyExW
RegDeleteValueW
GetSecurityDescriptorLength
RegQueryValueExW
RegCreateKeyExW
EqualSid
GetLengthSid
IsValidSid
LsaFreeMemory
OpenThreadToken
LsaLookupSids
LsaClose
CopySid
GetSecurityDescriptorControl
LsaQueryInformationPolicy
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
RegDeleteKeyW
LookupAccountNameW
IsTextUnicode
CreateWellKnownSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
SetSecurityDescriptorOwner
ConvertSecurityDescriptorToStringSecurityDescriptorW
FreeSid
LookupAccountSidW
RegEnumKeyExW
LsaOpenPolicy
RegSetValueExW

user32

SetClipboardData
MapDialogRect
TranslateMessage
SetWindowPos
DestroyWindow
ScrollWindow
BringWindowToTop
LoadCursorW
IsWindowVisible
GetClientRect
LoadImageW
EnableWindow
MapWindowPoints
DestroyIcon
WinHelpW
SetScrollPos
GetDlgCtrlID
DrawFocusRect
GetParent
ShowWindow
SetCursor
TrackPopupMenu
IsWindowEnabled
GetDlgItem
LoadBitmapW
RegisterClassW
GetDC
SystemParametersInfoW
GetScrollInfo
ChildWindowFromPointEx
GetSystemMetrics
DispatchMessageW
RegisterClipboardFormatW
CloseClipboard
MsgWaitForMultipleObjects
MessageBoxW
GetWindow
PostThreadMessageW
SetScrollInfo
LoadStringW
IsWindow
SetWindowLongW
PeekMessageW
InflateRect
GetWindowLongW
GetSysColor
SetFocus
GetMessagePos
ReleaseDC
AppendMenuW
RedrawWindow
GetSysColorBrush
IsClipboardFormatAvailable
CreatePopupMenu
FrameRect
SendMessageW
EmptyClipboard
CreateWindowExW
SetScrollRange
SendDlgItemMessageW
PostMessageW
OpenClipboard
wsprintfW
MoveWindow
PtInRect
LoadIconW
SetWindowTextW
GetFocus
GetWindowRect
DefWindowProcW
ScreenToClient

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

msvcrt

vswprintf
__RTDynamicCast
_wtol
_findclose
_wfindfirst
swprintf
wcstoul
_wtoi
__dllonexit
_wcslwr
_purecall
wcscat
_wfindnext
malloc
_onexit
setlocale
wcscpy
free
wcsncpy
_adjust_fdiv
wcschr
_wchdir
_wcsnicmp
_wcsicmp
_except_handler3
wcslen
_CxxThrowException
__CxxFrameHandler
_initterm
wcscmp

ole32

StringFromGUID2
StringFromCLSID
CreateStreamOnHGlobal
CoCreateInstance
ReleaseStgMedium
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket
CoInitialize

gdi32

SetMapMode
GetPixel
CreateCompatibleDC
SetBkMode
GetStockObject
SelectObject
SetBkColor
SetTextColor
GetTextExtentPoint32W

atmlib

ATMAddFontA

activeds

ADsEncodeBinaryData
FreeADsMem

Sections

.text
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b4706fe58c9f079eab3e5739d32a96ca

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

scecli

shell32

atl

cmdial32

netapi32

advapi32

user32

version

msvcrt

ole32

gdi32

atmlib

activeds

Sections

.text Size: 512B - Virtual size: 492B

.rdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 15KB - Virtual size: 15KB

.idata Size: 9KB - Virtual size: 8KB

.data Size: - Virtual size: 80KB

.text
Size: 512B - Virtual size: 492B

.rdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 15KB - Virtual size: 15KB

.idata
Size: 9KB - Virtual size: 8KB

.data
Size: - Virtual size: 80KB