2e660bfc6a2fd8919c20392373208ca1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e660bfc6a2fd8919c20392373208ca1_JaffaCakes118
Size

93KB
MD5

2e660bfc6a2fd8919c20392373208ca1
SHA1

b96d369fab1ca2ef7f8f06f2fd35a7da2e409f25
SHA256

fe1cf6cacee81227f2c077d592abf28c3ba91add7ca3cdaf8279f8bd40679a0e
SHA512

787c8724ecc78bcb87e323934e7b1f64ab8ab87b3f01a56672a53d14a76c3583bc6c9bc50afed690cc6fb722c5891df9a765e91022abe9718d45fe65cc567064
SSDEEP

1536:CSLQneL9fZnlta4fncXkT8G/VZtuQTjrhb4vlb5AYcMLcMu/8+Uyn9Dn:PQeL9v84UX1eruQHhEXAPM4Mu/5l9Dn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e660bfc6a2fd8919c20392373208ca1_JaffaCakes118

Files

2e660bfc6a2fd8919c20392373208ca1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d889f950e23b0fb462ec1302e97be9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetEnvironmentStrings
TerminateProcess
GlobalAddAtomW
GetEnvironmentVariableA
SetFilePointer
LocalShrink
lstrcmpA
WaitCommEvent
GetStartupInfoA
GetProcessAffinityMask
GetCPInfoExW
CreateMailslotA
GetWindowsDirectoryA
FindResourceW
LocalCompact
GenerateConsoleCtrlEvent
EnumCalendarInfoExW
FindResourceA
GetProcessWorkingSetSize
lstrcpyA
SetCalendarInfoA
GetBinaryTypeA
GetStringTypeExW
GetTickCount
CreateFileMappingA
GetCommandLineW
ConvertThreadToFiber
WaitNamedPipeA
GetDiskFreeSpaceW
WriteFileEx
CreateIoCompletionPort
DuplicateHandle
GetPrivateProfileSectionA
VirtualProtect
WritePrivateProfileStructA
FatalAppExitA
FindAtomW
GetCurrentThread
SetCurrentDirectoryW
GetDiskFreeSpaceExA
GetVersion
ReadFileScatter
RemoveDirectoryW
Thread32First
GetTempPathW
GetProfileSectionA
FileTimeToSystemTime
GetCommTimeouts
GetThreadContext
AddAtomA
ScrollConsoleScreenBufferW
GetSystemInfo
SetConsoleOutputCP
TransmitCommChar
SetMailslotInfo
WaitForSingleObject
GetLocaleInfoA
IsDBCSLeadByteEx
BuildCommDCBW
LocalFree
SetCommMask
ReadConsoleOutputAttribute
LocalReAlloc
GetCalendarInfoA
HeapValidate
SetFileApisToANSI
PrepareTape
WaitForMultipleObjects
LoadLibraryExW
BuildCommDCBAndTimeoutsW
SetTapePosition
FindNextFileA
GlobalFix
GetProfileIntA
GetEnvironmentVariableW
CallNamedPipeA
GetTapeParameters
Process32Next
SetCommState
SetConsoleTitleA
GetDiskFreeSpaceExW
RaiseException
SetLocaleInfoW
GetCommState
SetThreadPriorityBoost
CreateFileW
GetLargestConsoleWindowSize
ResetWriteWatch
CreateSemaphoreW
SleepEx
lstrcpy
IsValidLocale
GlobalAlloc
ReadDirectoryChangesW
GetStringTypeA
GetTimeFormatA
ReadConsoleOutputCharacterW
GetACP
GetCPInfoExA
FindCloseChangeNotification
GetConsoleCursorInfo
DeleteAtom
MoveFileW
GetSystemDirectoryW
LCMapStringW
GetSystemTimeAsFileTime
GetPriorityClass
EnumDateFormatsA
GetConsoleOutputCP
GetLongPathNameW
DosDateTimeToFileTime
GetWindowsDirectoryW
FlushConsoleInputBuffer
SetFileApisToOEM
IsBadHugeReadPtr
TransactNamedPipe
GetThreadPriorityBoost
CreateWaitableTimerA
OpenFile
UnlockFile
GlobalFindAtomW
CreateFiber
FindResourceExW
ExpandEnvironmentStringsA
FindResourceExA
BackupSeek
HeapDestroy
IsValidCodePage
ClearCommError
TlsFree
MoveFileA
VirtualAlloc

ole32

CreateOleAdviseHolder
CreateFileMoniker
PropVariantCopy
OleConvertOLESTREAMToIStorageEx
StgGetIFillLockBytesOnILockBytes
OleConvertIStorageToOLESTREAM
OleRegGetUserType
OleFlushClipboard
OleSetMenuDescriptor
UtGetDvtd32Info
ReadClassStm
OleSetAutoConvert
GetHGlobalFromILockBytes
OleQueryCreateFromData
OleGetAutoConvert
CoRegisterSurrogate
CoMarshalInterface
StgOpenAsyncDocfileOnIFillLockBytes
CoRevokeMallocSpy
SetDocumentBitStg
CoGetCallContext
FreePropVariantArray
CoInitialize
OleCreateMenuDescriptor
WriteClassStm
CoGetClassObject
CoResumeClassObjects
OleRun
CreateObjrefMoniker
IsEqualGUID
CoQueryReleaseObject
CoRegisterMallocSpy
CoBuildVersion
ReleaseStgMedium
WriteClassStg
OleCreateLinkFromData
CoRegisterClassObject
CoRegisterMessageFilter
OleCreateEmbeddingHelper
CoMarshalHresult
GetConvertStg
OleIsRunning
CoFreeAllLibraries
OleNoteObjectVisible
CoGetInterfaceAndReleaseStream
CoFreeLibrary
CoInitializeSecurity
StgCreateStorageEx
UtGetDvtd16Info
CoGetTreatAsClass
CoGetInstanceFromIStorage
CoGetObject
StringFromIID
IIDFromString
GetHookInterface
GetHGlobalFromStream
CoTaskMemRealloc
DoDragDrop
CoQueryClientBlanket
OleInitialize
CoFileTimeNow
RevokeDragDrop
OleRegGetMiscStatus
CoUninitialize
CreatePointerMoniker
PropVariantClear
CoGetInstanceFromFile
OleLoad
OleCreateLinkEx
CreateAntiMoniker
CoFileTimeToDosDateTime
OleDoAutoConvert
CoRegisterPSClsid
OleCreateLinkToFileEx
ReadStringStream
CoSetProxyBlanket
IsAccelerator
CoDosDateTimeToFileTime
CoTreatAsClass
OpenOrCreateStream
CreateDataAdviseHolder
CLSIDFromString
EnableHookObject
OleCreateStaticFromData
OleCreateFromData
ReadFmtUserTypeStg
OleDuplicateData
CoQueryProxyBlanket
OleMetafilePictFromIconAndLabel
CoRevokeClassObject
CoReleaseServerProcess
CreateDataCache
CoCreateGuid
StringFromCLSID
GetRunningObjectTable
StringFromGUID2
OleCreateEx
CoIsHandlerConnected
CoRevertToSelf

user32

DlgDirListComboBoxW
GetUserObjectInformationA
GetScrollPos
GetIconInfo
SetCapture
DdeSetUserHandle
GetDlgItem
GetKeyboardLayoutNameW
SetWindowLongW
MapVirtualKeyW
HideCaret
GetWindowModuleFileNameW
SetWindowRgn
FindWindowA
ShowWindowAsync
GetPropA
SetWindowPlacement
GetClipboardOwner
CloseClipboard
ChangeDisplaySettingsA
OpenWindowStationW
RegisterHotKey
CharLowerBuffA
DdeKeepStringHandle
IsRectEmpty
ShowWindow
SetWindowTextA
SetWindowsHookExW
GetMessageA
IsCharAlphaNumericW
CallMsgFilterW
CharUpperBuffW
EnumPropsA
SendNotifyMessageW
SetScrollInfo
ChangeMenuW
VkKeyScanA
DrawFrame
GetDCEx
TabbedTextOutA
GetClipboardData
LoadCursorFromFileW
IsCharAlphaW
LoadMenuW
GetClassInfoExA
OemToCharW
LoadAcceleratorsW
GetFocus
OemToCharBuffA
DrawTextA
SetWindowPos
UnhookWinEvent
TrackMouseEvent
LoadIconA
GetWindowTextLengthA
TrackPopupMenu
GetShellWindow
GetThreadDesktop
CloseDesktop
PostMessageA
GetMessageTime
WINNLSEnableIME
MonitorFromRect
DrawCaption
IsCharAlphaA
GetDC
MoveWindow
LoadMenuA
EnumDisplayMonitors
IsWindow
IsCharUpperW
IsCharLowerW
EndDeferWindowPos
DdeUninitialize
EndTask
IsCharAlphaNumericA
BeginPaint
GetKeyNameTextA
DdeImpersonateClient
UpdateWindow
DdeUnaccessData
CreateAcceleratorTableW
MonitorFromPoint
GetClipboardFormatNameA
GetWindowLongW
CharPrevW
EmptyClipboard
SendMessageA
GetMenuStringW
GetMenuBarInfo
WaitForInputIdle
GetWindowModuleFileNameA
SetCaretPos
SetParent
DdeAddData
CreateDialogParamA
GetKeyboardLayout
TileWindows
DrawStateW
DlgDirSelectExW
AdjustWindowRectEx
CopyIcon
GetUserObjectSecurity
DdeQueryNextServer
SetActiveWindow
RegisterClassW
ReleaseCapture
FindWindowExW
TranslateMessage
GetWindowRgn
DialogBoxParamA
CreateIconFromResourceEx
DdeDisconnect
PostQuitMessage
ToUnicode
SetRect
EnumDisplayDevicesW
SetMenu
EnumChildWindows
CascadeWindows
CreateMDIWindowA
DefFrameProcA
IsMenu
GetSysColor
DefDlgProcA

advapi32

CreatePrivateObjectSecurity
LogonUserW
TrusteeAccessToObjectW
SetPrivateObjectSecurity
CryptDuplicateKey
RegisterEventSourceA
IsValidAcl
ImpersonateLoggedOnUser
MapGenericMask
SetSecurityDescriptorSacl
CryptEncrypt
CryptSetKeyParam
CryptHashData
CryptDestroyKey
InitializeAcl
InitializeSid
GetFileSecurityA
GetMultipleTrusteeOperationA
CryptEnumProvidersA
RevertToSelf
OpenProcessToken
AddAccessAllowedAce
CopySid
GetSidIdentifierAuthority
LockServiceDatabase
RegConnectRegistryA
BuildExplicitAccessWithNameW
LookupSecurityDescriptorPartsA
RegisterEventSourceW
LookupPrivilegeValueA
CloseServiceHandle
CryptDecrypt
SetSecurityInfo
CancelOverlappedAccess
GetNamedSecurityInfoA
QueryServiceObjectSecurity
DeleteService
EnumServicesStatusA
LookupAccountSidW
CryptVerifySignatureW
RegQueryValueA
GetMultipleTrusteeW
GetExplicitEntriesFromAclW
CryptSetHashParam
ObjectCloseAuditAlarmW
ChangeServiceConfigW
ConvertSecurityDescriptorToAccessNamedW
GetEffectiveRightsFromAclA
ObjectPrivilegeAuditAlarmW
RegEnumKeyExA
FreeSid
GetServiceDisplayNameA
RegDeleteValueA
CryptCreateHash
ChangeServiceConfigA
CryptSetProviderA
GetCurrentHwProfileA
BuildImpersonateTrusteeA
GetFileSecurityW
RegisterServiceCtrlHandlerA
AddAuditAccessAce
GetSecurityInfoExW
GetLengthSid
BuildImpersonateExplicitAccessWithNameA
GetSecurityDescriptorSacl
GetAclInformation
RegFlushKey
GetNamedSecurityInfoW
ObjectOpenAuditAlarmW
NotifyChangeEventLog
CloseEventLog
DeregisterEventSource
SetSecurityDescriptorOwner
RegSetValueExW
QueryServiceConfigA
SetSecurityDescriptorGroup
GetSecurityDescriptorLength
LookupAccountNameA
GetAuditedPermissionsFromAclW
SetFileSecurityA
GetTrusteeTypeW
AccessCheckAndAuditAlarmW
ObjectDeleteAuditAlarmW
SetAclInformation
AllocateAndInitializeSid
MakeSelfRelativeSD
GetNamedSecurityInfoExW
CryptAcquireContextW
GetSecurityDescriptorDacl
RegGetKeySecurity
RegSaveKeyA
CryptEnumProviderTypesA
QueryServiceConfigW
SetEntriesInAclA
RegOpenKeyA
RegSetValueW
AbortSystemShutdownA
OpenSCManagerW
GetKernelObjectSecurity
BackupEventLogW
RegDeleteKeyW
ImpersonateNamedPipeClient
ReadEventLogW
InitializeSecurityDescriptor
PrivilegedServiceAuditAlarmW
GetAccessPermissionsForObjectA
AreAnyAccessesGranted
CryptExportKey
LookupPrivilegeDisplayNameW
CryptGenRandom
RegConnectRegistryW
ObjectPrivilegeAuditAlarmA
GetPrivateObjectSecurity
AccessCheckAndAuditAlarmA
ClearEventLogA
GetOverlappedAccessResults
CryptSetProviderExW

shlwapi

SHRegDeleteEmptyUSKeyA
SHSetValueA
SHAutoComplete
StrSpnW
UrlGetLocationA
SHRegCloseUSKey
UrlIsW
PathIsRelativeA
StrStrA
PathGetDriveNumberA
PathRelativePathToW
PathCombineW
PathGetCharTypeA
UrlApplySchemeA
PathSearchAndQualifyW
PathIsSameRootA
IntlStrEqWorkerA
AssocQueryStringW
SHEnumValueA
PathFileExistsA
PathIsSameRootW
PathUndecorateA
UrlCreateFromPathW
UrlUnescapeW
PathAddBackslashW
SHRegGetUSValueW
PathIsLFNFileSpecW
UrlCreateFromPathA
UrlApplySchemeW
PathIsContentTypeW
PathIsRelativeW
StrPBrkW
UrlIsOpaqueW
SHGetValueA
StrNCatA
PathFindSuffixArrayA
SHEnumKeyExW
UrlCompareW
UrlIsNoHistoryW
PathStripPathW
StrRChrIW
PathCompactPathA
PathFindOnPathA
UrlIsA
PathFindExtensionA
PathIsUNCServerShareA
StrFormatKBSizeW
UrlEscapeA
PathGetArgsA
PathRemoveBlanksW
UrlCompareA
StrFormatByteSizeA
PathStripPathA
SHQueryValueExW
SHQueryInfoKeyA
StrCSpnA
StrCmpNIW
SHSetValueW
StrRChrA
StrCSpnIA
PathIsUNCServerShareW
HashData
SHCopyKeyW
PathRemoveFileSpecW
SHGetValueW
PathIsDirectoryEmptyW
StrCmpNA
PathIsDirectoryW
SHRegDuplicateHKey
SHCreateStreamOnFileA
PathIsFileSpecA
SHDeleteEmptyKeyW
PathIsUNCA
StrToIntA
PathCompactPathExW
PathGetArgsW
PathRemoveArgsW
PathSearchAndQualifyA
SHGetThreadRef
StrNCatW
PathMakeSystemFolderW
wnsprintfW
StrChrIA
SHEnumKeyExA
PathUnmakeSystemFolderA
SHRegOpenUSKeyW
PathMatchSpecW
StrFromTimeIntervalW
StrTrimW
PathRemoveExtensionW
PathUndecorateW
PathFindFileNameA
PathSkipRootA
GetMenuPosFromID
SHOpenRegStream2W
StrDupW
PathUnmakeSystemFolderW
PathIsURLA
SHRegGetBoolUSValueA
UrlEscapeW
SHSetThreadRef
PathBuildRootW
SHRegQueryUSValueA
PathUnquoteSpacesW
PathRenameExtensionW
UrlCombineA
SHQueryInfoKeyW
PathStripToRootW
SHOpenRegStreamW
PathIsDirectoryA
PathCommonPrefixW
PathRemoveBlanksA
PathIsPrefixA
PathCompactPathW

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6d889f950e23b0fb462ec1302e97be9a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

user32

advapi32

shlwapi

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 8KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 8KB