41703810cdaff980c0d71951b933663b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

41703810cdaff980c0d71951b933663b_JaffaCakes118
Size

128KB
MD5

41703810cdaff980c0d71951b933663b
SHA1

1f4e2264add52b4b9165f4cadbb58228e43c4e75
SHA256

5c782fdd48191ef24cf52f98127e456c6325181d6bc8fc9c8b994133a985bea2
SHA512

9d8c2e5cd0252a761fcffb36c7662cc5d2b6a34883b0188b7ef4de2bec1ca9987f30c69bd2cffa040a859f0ace7321b291427d5112c1b0a7c3af88db7ca8a6a0
SSDEEP

3072:4ewvFTjuyu6dj2J67lgOSz+9xNYuQbB/F0zW7qnYEwg91l80L80FY3FguRX9:0vxa8dS6eOSz+HNYX90zWcH91jLKFgu7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41703810cdaff980c0d71951b933663b_JaffaCakes118

Files

41703810cdaff980c0d71951b933663b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e8cf6a9877b295cbb5fc11b1a10b7f47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathStripToRootW
PathAppendW
StrToIntExW
StrStrIA
PathRemoveFileSpecW
PathGetDriveNumberW
UrlCanonicalizeW
PathSkipRootW
StrChrIW
StrTrimW
StrCmpIW
PathCombineW
StrCmpNIA
PathIsDirectoryW
StrRetToBufW
SHDeleteKeyW
SHRegGetBoolUSValueW
UrlIsW
PathFindExtensionW
PathFindFileNameA
StrStrIW
PathRemoveExtensionW
SHDeleteValueW
PathIsURLW
wnsprintfA
PathStripToRootA
AssocQueryStringW
PathAppendA
PathRemoveFileSpecA
SHSetValueW
StrCatW
StrDupW
PathFindFileNameW
StrChrW
StrCpyW
PathRemoveBlanksW
PathIsRelativeW
SHDeleteKeyA
PathFindExtensionA
PathIsRootW
StrCatBuffW
PathFileExistsW

rpcrt4

RpcServerUnregisterIf
UuidFromStringW
NdrOleAllocate
NdrServerCall2
NdrStubCall2
RpcRevertToSelf
RpcEpResolveBinding
CStdStubBuffer_CountRefs
NdrClientCall2
UuidCreate
CStdStubBuffer_DebugServerQueryInterface
RpcBindingFromStringBindingW
RpcServerUseProtseqEpW
RpcImpersonateClient
NdrDllCanUnloadNow
CStdStubBuffer_Disconnect
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
NdrOleFree
NdrDllGetClassObject
RpcBindingSetAuthInfoW
NdrDllUnregisterProxy
UuidToStringA
NdrCStdStubBuffer2_Release
RpcStringFreeA
RpcBindingVectorFree
CStdStubBuffer_IsIIDSupported
RpcStringBindingParseW
IUnknown_QueryInterface_Proxy
RpcRaiseException
RpcBindingToStringBindingW
CStdStubBuffer_Invoke
CStdStubBuffer_DebugServerRelease
RpcBindingFree
CStdStubBuffer_Connect
IUnknown_Release_Proxy
RpcBindingSetAuthInfoExW
NdrCStdStubBuffer_Release
RpcStringBindingComposeW
UuidToStringW
RpcServerInqBindings
RpcServerRegisterIfEx
RpcServerRegisterAuthInfoW
NdrStubForwardingFunction
CStdStubBuffer_AddRef

comdlg32

CommDlgExtendedError
ChooseFontW
PrintDlgA
ChooseFontA
PrintDlgW
FindTextA
PageSetupDlgA
GetSaveFileNameW
PrintDlgExW
FindTextW
GetFileTitleA
GetOpenFileNameW
ChooseColorA
GetOpenFileNameA
GetFileTitleW
ChooseColorW
GetSaveFileNameA
PageSetupDlgW

shell32

SHGetFolderPathW
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderLocation
ShellExecuteA
DragQueryFileW
ShellExecuteExW
SHBrowseForFolderA
SHChangeNotify
SHGetMalloc
CommandLineToArgvW
SHFileOperationW
DragQueryFileA
SHBindToParent
SHGetSpecialFolderPathW
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetPathFromIDListA

comctl32

ImageList_Draw
ImageList_Create
InitCommonControls
ImageList_Destroy
CreatePropertySheetPageW
ImageList_ReplaceIcon
PropertySheetW
InitCommonControlsEx
PropertySheetA

oleaut32

VariantInit
SysReAllocStringLen
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringByteLen
GetActiveObject
SafeArrayCreate
SysStringLen
SysStringByteLen
SafeArrayPtrOfIndex
RegisterTypeLib
VariantClear
SysAllocStringLen
VariantCopyInd
SafeArrayAccessData
VariantChangeType
VariantCopy
VariantChangeTypeEx
SafeArrayUnaccessData
GetErrorInfo
CreateErrorInfo
OleLoadPicture
SafeArrayGetElement
SetErrorInfo
SysFreeString
LoadTypeLib
SafeArrayPutElement

kernel32

OpenEventA
LoadLibraryExA
lstrcmpiW
TlsFree
RaiseException
ResetEvent
GetFullPathNameW
lstrlenA
GetCommandLineA
WideCharToMultiByte
SystemTimeToFileTime
VirtualAlloc
GetACP
FindNextFileA
CreateEventA
GetThreadLocale
lstrlenW
GetStdHandle
GetCurrentThreadId
WriteConsoleW
OpenMutexW
GetWindowsDirectoryW
GetCommandLineW
FindNextFileW
GetCurrentThread
ReleaseSemaphore
DeleteFileW
GetTempPathA
SetHandleCount
GetCurrentProcessId
GetComputerNameW
RtlUnwind
FormatMessageW
GetLocaleInfoW
OpenEventW
SetEvent
InterlockedExchange
IsDBCSLeadByte
lstrcpynW
GetOEMCP
GetModuleFileNameW
CreateFileMappingA
FindResourceA
SetThreadContext
GetFileAttributesA
GetDriveTypeW
lstrcatW
GetExitCodeProcess
LoadLibraryExW
IsBadWritePtr
LCMapStringW
CompareStringW
Sleep
GetModuleHandleW
GetSystemTimeAsFileTime
WriteFile
HeapAlloc
GetModuleFileNameA
HeapCreate
GetConsoleMode
GetEnvironmentStrings
lstrcmpiA
GetFileSize
OpenMutexA
ExitProcess
IsBadReadPtr
lstrcmpA
GetSystemDirectoryA
GetStartupInfoA
GetFileAttributesW

ole32

OleLoadFromStream
CoCreateFreeThreadedMarshaler
CreateILockBytesOnHGlobal
CoGetMalloc
OleRegEnumVerbs
CoCreateGuid
CoCreateInstance
CoReleaseMarshalData
PropVariantClear
OleInitialize
CoCreateInstanceEx
CLSIDFromProgID
CLSIDFromString
StgCreateDocfileOnILockBytes
CoUninitialize
CoTaskMemAlloc
OleSaveToStream
CreateDataAdviseHolder
CreateBindCtx
GetRunningObjectTable
StgOpenStorage
CoGetInterfaceAndReleaseStream
IIDFromString
StgIsStorageFile
OleRegGetMiscStatus
CoDisconnectObject
StgCreateDocfile
WriteClassStm
CoInitialize
CoInitializeSecurity
CoRevertToSelf
OleRegGetUserType
CoFreeUnusedLibraries
CoSetProxyBlanket
CoMarshalInterThreadInterfaceInStream
CoRevokeClassObject
ProgIDFromCLSID
CoTaskMemFree
CreateStreamOnHGlobal
CoUnmarshalInterface
CoRegisterClassObject
OleRun
CreateItemMoniker
CoImpersonateClient
CreateOleAdviseHolder
ReleaseStgMedium
CoTaskMemRealloc
StringFromGUID2
StringFromIID
StringFromCLSID
CoMarshalInterface
CoInitializeEx
OleUninitialize
CoGetObjectContext
PropVariantCopy
MkParseDisplayName
CoGetClassObject
GetHGlobalFromStream

advapi32

RegNotifyChangeKeyValue
AdjustTokenPrivileges
QueryServiceStatus
InitializeAcl
LsaQueryInformationPolicy
RegQueryInfoKeyW
GetSidIdentifierAuthority
RegSetValueA
CryptReleaseContext
OpenSCManagerA
MakeSelfRelativeSD
LsaFreeMemory
RegEnumKeyExW
SetFileSecurityW
RegSetValueExW
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExA
GetSidSubAuthority
RegEnumValueA
RegDeleteValueW
StartServiceW
ConvertStringSidToSidW
FreeSid
CryptGenRandom
GetTraceEnableFlags
RegQueryValueA
RegSetValueW
SetSecurityDescriptorDacl
GetTraceLoggerHandle
IsValidSecurityDescriptor
CryptCreateHash
LookupPrivilegeValueW
GetSecurityDescriptorLength
GetSecurityDescriptorDacl
OpenServiceA
InitializeSecurityDescriptor
ReportEventW
RegEnumKeyA
DeregisterEventSource
ControlService
CryptAcquireContextW
GetLengthSid
DuplicateTokenEx
LsaOpenPolicy
OpenThreadToken
GetSidLengthRequired
RegDeleteKeyW

gdi32

GetViewportExtEx
GetTextExtentPointA
Rectangle
CreateFontIndirectW
PtVisible
SelectObject
OffsetViewportOrgEx
SetROP2
RectVisible
CreateDIBitmap
GetObjectW
PlayMetaFile
ExtTextOutW
CreateHalftonePalette
GetGlyphOutlineA
RestoreDC
SetBrushOrgEx
CloseMetaFile
SetTextColor
SetWindowOrgEx
SetPixel
GetTextExtentPoint32A
GetTextExtentPointW
CreateFontA
GetCurrentObject
SetTextAlign
ScaleWindowExtEx
TranslateCharsetInfo
StartPage
GetRgnBox
MoveToEx
CreateBrushIndirect
CreateSolidBrush
EndPage
SetMapMode
ExcludeClipRect
CreatePalette
CreateDCA
CombineRgn
CreateCompatibleDC
LPtoDP
GetWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
GetBkMode
GetSystemPaletteEntries
EnumFontFamiliesExW
SetBkMode
GetBkColor
CreateDIBSection
TextOutW
GetTextMetricsW
StretchDIBits
TextOutA
IntersectClipRect
CreateMetaFileA
SaveDC
SetViewportExtEx
DPtoLP
ExtTextOutA
CreatePatternBrush
FillRgn
GetTextAlign
GetPixel

user32

GetClientRect
KillTimer
DrawFocusRect
LoadImageW
IsWindowEnabled
SendMessageW
GetForegroundWindow
PeekMessageW
CheckMenuItem
GetDlgItemTextA
SystemParametersInfoA
GetProcessWindowStation
ReleaseCapture
GetKeyState
SetCapture
PostQuitMessage
GetSubMenu
DestroyMenu
SendMessageA
SetDlgItemTextA
CopyRect
LoadBitmapA
SetWindowPos
GetClassNameW
LoadBitmapW
SendDlgItemMessageA
IsWindowVisible
GetWindowTextLengthW
RegisterClipboardFormatW
GetFocus
CharNextW
RegisterClassW
EnableWindow
PeekMessageA
LoadStringW
DestroyIcon
PostMessageA
SetCursor
RegisterClassExW
GetWindowLongW
GetMessageA
MessageBoxA
GetMenuItemCount
RegisterWindowMessageA
FindWindowW
LoadStringA
EnumChildWindows
SystemParametersInfoW
DispatchMessageW
CreateWindowExA
MapWindowPoints
RedrawWindow
UpdateWindow
SetFocus
GetSysColorBrush
IsRectEmpty
GetDC
MessageBeep
DrawTextA
DialogBoxParamW
wsprintfA
LoadIconW
CharPrevA
FillRect
GetWindowThreadProcessId
GetWindowLongA
GetAsyncKeyState
GetMessagePos
GetDlgItemTextW
IsDlgButtonChecked
GetDlgItem
ShowWindow
CallWindowProcW
CallNextHookEx
EqualRect
CharLowerW
IntersectRect
DialogBoxParamA
TranslateMessage
CharPrevW

Sections

.textbss
Size: 1024B - Virtual size: 1005B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BSS
Size: 512B - Virtual size: 489B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8cf6a9877b295cbb5fc11b1a10b7f47

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

rpcrt4

comdlg32

shell32

comctl32

oleaut32

kernel32

ole32

advapi32

gdi32

user32

Sections

.textbss Size: 1024B - Virtual size: 1005B

.text Size: 119KB - Virtual size: 119KB

BSS Size: 512B - Virtual size: 489B

.rsrc Size: 6KB - Virtual size: 6KB

.textbss
Size: 1024B - Virtual size: 1005B

.text
Size: 119KB - Virtual size: 119KB

BSS
Size: 512B - Virtual size: 489B

.rsrc
Size: 6KB - Virtual size: 6KB