3c183860267eb2e762415f22791719a6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c183860267eb2e762415f22791719a6_JaffaCakes118
Size

388KB
MD5

3c183860267eb2e762415f22791719a6
SHA1

229823ed54a63751a32f609d2082d4efc7a84fe1
SHA256

937f8b62b3abc6fef9b2fad79f0117d68f9a0ec42b949788543967151638cb36
SHA512

a180c80a3ad13ea4cb5bd3dca9928f58b69139e980e9c052537690e42edf787dbc8caa56889d30d25717dae78b05dfe4190f9d7e748b3b5745f61c8f4d080f67
SSDEEP

6144:flH8GAxyfUwdgLwqUksp3n90r73OdHCCE7r9chl5i36M5KpqMbBTMjStFyG2BG3f:fZAxyJgLNUksEfJCE2hlynDMlouXue

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c183860267eb2e762415f22791719a6_JaffaCakes118

Files

3c183860267eb2e762415f22791719a6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cebb54bc81867cfa2f98ad0a8369fd78

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

CStdStubBuffer_Invoke
CStdStubBuffer_DebugServerRelease
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
MesEncodeDynBufferHandleCreate
MesHandleFree
NdrMesTypeEncode2
CStdStubBuffer_QueryInterface
CStdStubBuffer_IsIIDSupported
NdrOleFree
NdrDllUnregisterProxy
CStdStubBuffer_Connect
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrMesTypeFree2
NdrOleAllocate
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_AddRef
NdrDllCanUnloadNow
MesDecodeBufferHandleCreate
NdrMesTypeDecode2
CStdStubBuffer_Disconnect

crypt32

CertFindExtension
CryptSignMessage
CertGetCertificateChain
CertOpenStore
CertCompareCertificate
CertCloseStore
CryptMsgClose
CertFindCertificateInStore
CertFreeCertificateContext
CryptBinaryToStringW
CertVerifySubjectCertificateContext
CryptVerifyDetachedMessageSignature
CryptDecodeObject
CertVerifyCertificateChainPolicy
CryptMsgUpdate
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CryptProtectData
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertCreateCertificateContext
CertGetNameStringW
CryptStringToBinaryW
CertFreeCertificateChain
CertGetEnhancedKeyUsage
CryptMsgOpenToDecode

user32

UnregisterHotKey
RegisterClassExW
GetDesktopWindow
RegisterRawInputDevices
ShowScrollBar
SendMessageW
IsDlgButtonChecked
ClientToScreen
ReleaseCapture
GetRawInputData
MonitorFromWindow
IsIconic
ChangeClipboardChain
PtInRect
UpdateWindow
DestroyIcon
SetWindowPlacement
GetSysColorBrush
DispatchMessageW
SetWindowPos
GetKeyState
LoadImageW
CharPrevW
SetClipboardData
CallWindowProcW
GetKeyboardLayout
RegisterClassW
IsZoomed
SetScrollInfo
GetWindowTextW
MsgWaitForMultipleObjectsEx
GetSystemMenu
EndDeferWindowPos
wsprintfW
EndDialog
InflateRect
IsWindowEnabled
GetKeyboardLayoutNameW
CopyRect
EnableWindow
UnregisterDeviceNotification
SetClipboardViewer
FindWindowW
GetClassNameW
SetForegroundWindow
EndPaint
GetClipboardViewer
GetClipboardFormatNameW
GetWindow
InvalidateRect
IsChild
KillTimer
SetFocus
GetClassInfoW
FillRect
GetWindowThreadProcessId
BringWindowToTop
DialogBoxParamW
GetWindowDC
GetAsyncKeyState
IsClipboardFormatAvailable
DeferWindowPos
RegisterWindowMessageW
GetSystemMetrics
BeginDeferWindowPos
CheckDlgButton
FindWindowExW
DrawTextW
CloseClipboard
ScreenToClient
IsWindow
SetCapture
DestroyWindow
DefDlgProcW
CopyIcon
GetSysColor
GetClassInfoExW
BeginPaint
GetFocus
CreateDialogParamW
SetWindowRgn
LoadCursorW
MoveWindow
CallNextHookEx
FlashWindow
DefWindowProcW
GetKeyboardLayoutNameA
GetDlgItem
GetParent
GetLastInputInfo
PostQuitMessage
MapVirtualKeyW
PostMessageW
CreateWindowExW
GetActiveWindow
keybd_event
AttachThreadInput
MessageBeep
ReleaseDC
GetWindowRect
RegisterClipboardFormatW
EnableMenuItem
GetMonitorInfoW
MapWindowPoints
SetCursorPos
CountClipboardFormats
GetMessageExtraInfo
ShowCursor
GetCapture
PostThreadMessageW
EqualRect
LoadStringW
GetClientRect
RegisterHotKey
SetWindowTextW
OpenClipboard
PeekMessageW
SetScrollPos
DrawIconEx
SetWindowsHookExW
GetGUIThreadInfo
IntersectRect
GetLastActivePopup
SetRect
SendInput
AdjustWindowRect
GetMessageW
IsWindowVisible
GetForegroundWindow
RedrawWindow
UnhookWindowsHookEx
GetKeyboardType
SetActiveWindow
CreateCursor
EmptyClipboard
LockWindowUpdate
SetWindowLongW
CreateIconIndirect
UnionRect
GetDC
OffsetRect
GetKeyboardState
CharNextW
ShowWindow
GetWindowLongW
DestroyAcceleratorTable
EnumClipboardFormats
GetWindowPlacement
SystemParametersInfoA
LoadIconW
SetParent
CharLowerW
SetTimer
GetCursorPos
DestroyCursor
RegisterDeviceNotificationW
GetClipboardData
SetDlgItemTextW
SetRectEmpty
SetCursor
SystemParametersInfoW
CloseWindow
UnregisterClassW

msvcrt

wcsrchr
ceil
_adjust_fdiv
_vsnwprintf
strtok
_unlock
printf
memcpy
localeconv
fclose
_XcptFilter
_iob
strtoul
wcspbrk
toupper
_strnicmp
realloc
_wcslwr
strncmp
mbtowc
_fileno
bsearch
towlower
free
wcschr
_strlwr
__pioinfo
_amsg_exit
isdigit
iswdigit
malloc
_wtol
_read
strchr
__badioinfo
__mb_cur_max
_purecall
_write
_itoa
memmove
_resetstkoflw
_stricmp
__dllonexit
_CxxThrowException
_wcsicmp
srand
ferror
_initterm
_vsnprintf
wcsstr
wcstok
isxdigit
time
_onexit
iswalnum
_snprintf
ungetc
_isatty
memset
_lock
_wcsnicmp
iswctype
isleadbyte
wcsncmp
wctomb
_wtoi
_errno
wcstombs
calloc
_lseeki64
floor

gdi32

SetROP2
GetClipBox
GetCurrentObject
GetBkMode
BitBlt
DeleteMetaFile
CreateCompatibleDC
SetWindowExtEx
LineTo
CreateBrushIndirect
GetNearestColor
SetWindowOrgEx
SetDCBrushColor
SetBkColor
GetPaletteEntries
GetRgnBox
CreateDIBitmap
DPtoLP
CreatePolygonRgn
SetTextAlign
GetDIBColorTable
OffsetClipRgn
CombineRgn
SelectClipRgn
UpdateColors
SetRectRgn
CreateFontIndirectW
SetMetaFileBitsEx
Rectangle
SetPolyFillMode
LPtoDP
MoveToEx
CloseMetaFile
PlayMetaFile
DeleteObject
GetStockObject
GetMetaFileBitsEx
SetMapMode
Polygon
Ellipse
CreateDIBSection
GetBrushOrgEx
SetViewportOrgEx
CreateMetaFileW
CreateRectRgnIndirect
CreateSolidBrush
CreatePen
SetTextColor
SetBkMode
SetBitmapBits
PatBlt
CreateRectRgn
SetDIBColorTable
GetMapMode
StretchDIBits
OffsetRgn
FillRgn
SetBrushOrgEx
FrameRgn
GetObjectW
SelectObject
SaveDC
GetDeviceCaps
GetTextExtentPointW
CreateBitmap
SelectPalette
GdiFlush
RestoreDC
GdiDrawStream
CreatePalette
RealizePalette
CreateDIBPatternBrushPt
CreateCompatibleBitmap
ExtSelectClipRgn
CreateDCW
DeleteDC
StretchBlt
GetTextAlign
CreatePatternBrush
SetStretchBltMode
GetNearestPaletteIndex

ntdll

RtlEnumerateGenericTableWithoutSplaying
RtlAreBitsSet
VerSetConditionMask
RtlAcquireResourceShared
RtlInsertElementGenericTable
RtlAcquireResourceExclusive
RtlLookupElementGenericTable
RtlInitUnicodeString
RtlInitializeGenericTable
RtlInitializeResource
RtlDeleteResource
NtOpenFile
RtlGetLastNtStatus
RtlFindClearBitsAndSet
NtWriteFile
RtlInitializeCriticalSection
RtlEnumerateGenericTable
RtlUnwind
NtDeviceIoControlFile
NtReadFile
NtAllocateVirtualMemory
RtlClearBits
RtlInitializeBitMap
RtlReleaseResource

advapi32

RegCreateKeyW
GetTraceEnableFlags
RegSetValueExW
CredWriteDomainCredentialsW
RegQueryInfoKeyA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyExW
UnregisterTraceGuids
GetFileSecurityW
RegCloseKey
SetFileSecurityW
CryptGenRandom
CredGetSessionTypes
RegSetValueExA
RegDeleteValueW
RegQueryInfoKeyW
TraceMessage
RegCreateKeyExA
RegEnumValueW
RegQueryValueExW
RegisterTraceGuidsW
GetTraceLoggerHandle
RegDeleteValueA
GetUserNameA
RegOpenKeyExW
RegOpenKeyW
RegFlushKey
CredFree
CredReadW
RegDeleteKeyW
CredUnmarshalCredentialW
CredDeleteW
RegOpenKeyExA
CredReadDomainCredentialsW
RegOpenKeyA
GetTraceEnableLevel
GetUserNameW
RegConnectRegistryW
RegEnumKeyExW
CryptReleaseContext
CryptAcquireContextW
GetSecurityDescriptorLength
CredWriteW

ole32

WriteClassStm
CLSIDFromString
CreateOleAdviseHolder
StringFromCLSID
OleLoadFromStream
CoTaskMemFree
OleUninitialize
OleSetClipboard
CoUninitialize
OleRegGetUserType
OleRegGetMiscStatus
CoInitialize
OleSaveToStream
OleInitialize
CoInitializeEx
CreateDataAdviseHolder
OleRegEnumVerbs
OleGetClipboard
ReleaseStgMedium
OleIsCurrentClipboard
CoTaskMemAlloc
CoTaskMemRealloc
CoGetMalloc
CoCreateInstance

msimg32

GradientFill

credui

CredUIPromptForCredentialsW
CredUIParseUserNameW

samlib

SamAddMemberToAlias

netapi32

NetApiBufferFree
NetGetJoinInformation

secur32

QuerySecurityPackageInfoW
FreeCredentialsHandle
DecryptMessage
InitializeSecurityContextW
AcquireCredentialsHandleW
DeleteSecurityContext
GetUserNameExW
FreeContextBuffer
QueryContextAttributesW
EncryptMessage

wininet

InternetGetCookieW

shlwapi

PathRemoveFileSpecW

winmm

waveOutReset
waveOutUnprepareHeader
waveOutWrite
waveOutSetVolume
waveOutOpen
waveOutGetVolume
waveOutClose
waveOutGetPitch
waveOutPrepareHeader

shell32

Shell_NotifyIconW
SHAppBarMessage
ExtractIconW
SHFileOperationW
DragQueryFileW

iphlpapi

GetBestInterfaceEx

ws2_32

WSALookupServiceBeginW
WSALookupServiceNextW
WSANSPIoctl
WSAIoctl
getaddrinfo
freeaddrinfo
WSALookupServiceEnd

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInfoW
SetupDiOpenDevRegKey
SetupDiCreateDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenClassRegKeyExW
SetupDiGetClassDevsW

kernel32

SetLastError
GetVersionExA
LoadResource
GetCommTimeouts
MoveFileW
lstrcpynW
InterlockedDecrement
GlobalSize
SearchPathW
UnhandledExceptionFilter
SetEvent
GetOverlappedResult
GetDefaultCommConfigW
VirtualQuery
GetCommConfig
SystemTimeToFileTime
DeleteCriticalSection
FlushInstructionCache
LockFile
SetFileTime
QueryDosDeviceW
CreateThread
TerminateProcess
lstrcmpW
DuplicateHandle
GlobalFree
GetComputerNameW
GetSystemInfo
GetSystemDefaultLangID
GetCurrentProcessId
ExpandEnvironmentStringsW
EscapeCommFunction
GlobalUnlock
GetSystemTimeAsFileTime
RaiseException
Beep
InterlockedExchange
TlsFree
GetCommProperties
TlsSetValue
FindFirstFileW
CreateProcessW
FindCloseChangeNotification
MulDiv
FreeLibraryAndExitThread
lstrcmpA
WideCharToMultiByte
GetUserDefaultUILanguage
CreateMutexW
GlobalAddAtomW
GetProfileStringW
WaitForSingleObject
GlobalAlloc
WaitCommEvent
SetFilePointer
GetVolumeInformationW
GlobalLock
WriteFile
lstrcmpiA
Sleep
GetSystemDefaultUILanguage
FindResourceW
GetCommModemStatus
DebugBreak
SetErrorMode
GetDiskFreeSpaceW
lstrcmpiW
LoadLibraryA
FindClose
GetProcessHeap
GetFileAttributesExW
CreateSemaphoreW
FreeLibrary
GlobalHandle
FormatMessageW
SetupComm
InitializeCriticalSection
VerifyVersionInfoW
GetModuleHandleExW
ReleaseSemaphore
VirtualAlloc
lstrcatW
SetCommMask
CloseHandle
PurgeComm
FreeResource
GetTempPathW
FlushFileBuffers
GetSystemTime
GetModuleHandleA
MultiByteToWideChar
GetSystemDirectoryA
InterlockedIncrement
HeapFree
GetLocaleInfoW
FindNextChangeNotification
CreateDirectoryW
GetVersion
GetSystemDirectoryW
FindResourceExW
lstrlenW
GetDriveTypeW
GetProcAddress
UnmapViewOfFile
RemoveDirectoryW
DeleteFileW
DeviceIoControl
GlobalDeleteAtom
GetACP
SetFileAttributesW
InterlockedCompareExchange
GetFullPathNameW
QueryPerformanceCounter
VirtualProtect
GetModuleHandleW
SetCommState
LocalFree
GetVersionExW
GetCurrentThreadId
ClearCommError
OutputDebugStringW
FindNextFileW
SizeofResource
SetCommTimeouts
LoadLibraryW
OpenThread
TlsGetValue
ResetEvent
OutputDebugStringA
WaitForMultipleObjects
SetEndOfFile
MapViewOfFile
HeapAlloc
lstrlenA
lstrcpyW
ResumeThread
GetTickCount
GetTimeZoneInformation
SetUnhandledExceptionFilter
GetCommState
LeaveCriticalSection
QueueUserWorkItem
WaitForMultipleObjectsEx
DisableThreadLibraryCalls
GetFileAttributesW
LockResource
GetComputerNameA
GetTempFileNameW
HeapDestroy
GetLastError
UnlockFile
LockFileEx
GetCommMask
FindFirstChangeNotificationW
CreateFileW
BindIoCompletionCallback
LocalAlloc
TlsAlloc
GetModuleFileNameW
EnterCriticalSection
GetFileSize
CancelIo
VirtualFree
ReadFile
GetCurrentProcess
LoadLibraryExW
CreateFileMappingW
CreateEventW
GetFileInformationByHandle
TransmitCommChar

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

cryptui

CryptUIDlgViewCertificateW

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

urlmon

CopyStgMedium

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 333KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cebb54bc81867cfa2f98ad0a8369fd78

Headers

File Characteristics

Imports

rpcrt4

crypt32

user32

msvcrt

gdi32

ntdll

advapi32

ole32

msimg32

credui

samlib

netapi32

secur32

wininet

shlwapi

winmm

shell32

iphlpapi

ws2_32

setupapi

kernel32

version

cryptui

wtsapi32

urlmon

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 333KB - Virtual size: 1.2MB

.rsrc Size: 30KB - Virtual size: 30KB

.rdata Size: 4KB - Virtual size: 3KB

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 333KB - Virtual size: 1.2MB

.rsrc
Size: 30KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 3KB