42372e9916e2b75f9601622dee2c73c3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42372e9916e2b75f9601622dee2c73c3_JaffaCakes118
Size

86KB
MD5

42372e9916e2b75f9601622dee2c73c3
SHA1

0d76f13d5da1ea8c8380a0c868f027e998daf697
SHA256

a47e1cb9b0ea458363820c2e3676256dabeb94bec353b250de6e5ebce9333072
SHA512

0ce8a1f9be04db2978810fcc2cc80d235267f5f3393d1bf4a3fc6caadd5aae4bac9a6603fb6c3c4580ebe0f1be6d7f35dbbd667773345fc2a085d71e48c1c434
SSDEEP

1536:KuSX5JEG1He+McWEaWZUeGF/pnQmbWsNcyekg/C/TteZiGEQc:Mbi9DMFG/bPokcotTjQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42372e9916e2b75f9601622dee2c73c3_JaffaCakes118

Files

42372e9916e2b75f9601622dee2c73c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0773d3b6e74fe45a7f142ef357aa93ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnumThreadWindows
EndMenu
DdeClientTransaction
ClientToScreen
TrackMouseEvent
DefWindowProcA
CallMsgFilter
GetMenuItemRect
KillTimer
RegisterClipboardFormatA
GetCursorPos
OemToCharA
SetWindowTextW
VkKeyScanW
CountClipboardFormats
CreateDesktopA
SetCaretPos
FindWindowW
DeferWindowPos
CreatePopupMenu
SendMessageCallbackW
SwitchDesktop
ReplyMessage
SetWindowTextA
DdeImpersonateClient
GetSystemMetrics
MonitorFromRect
ScreenToClient
DdeCreateStringHandleA
GetInputDesktop
IsDialogMessageA
DlgDirSelectExW
ValidateRgn
GetMenuDefaultItem
GetMessageTime
SetFocus
RemovePropA
IsCharLowerW
GetKeyboardLayoutList
DdeInitializeW
DrawMenuBar
GetComboBoxInfo
MessageBoxExW
GetMenuState
RegisterClassExW
MenuItemFromPoint
CreateCursor
CheckMenuItem
EndPaint
GetMenuItemID
GetIconInfo
DdeConnect
LoadStringA
GetMenuBarInfo
RegisterHotKey
MapVirtualKeyExA
IsDialogMessage
ToAscii
AppendMenuW
SetClassWord
GetAltTabInfo
AdjustWindowRect
MessageBoxIndirectW
SetWindowsHookW
FindWindowExW
TileWindows
PackDDElParam
EnumDisplaySettingsExW
ChildWindowFromPointEx
RegisterWindowMessageA
EnumPropsA
GetWindowLongA
CreateDialogIndirectParamA
ToUnicode
GetSysColor
GetUserObjectInformationW
TranslateMessage
WaitMessage
DialogBoxIndirectParamW
EnumPropsExA
GetSystemMenu
CharUpperA
LoadIconW
DrawStateW
GetScrollPos
DestroyMenu
RealChildWindowFromPoint
CallNextHookEx
RegisterClassA
DdeQueryConvInfo
SendNotifyMessageW
FindWindowA
GetKeyNameTextW
GetSysColorBrush
SetWindowsHookA
TabbedTextOutA
MapVirtualKeyW
ExcludeUpdateRgn
ScrollDC
SetActiveWindow
GetGuiResources
GetAncestor
LookupIconIdFromDirectoryEx
UnregisterDeviceNotification
DlgDirSelectComboBoxExA
PostQuitMessage
EnumDisplayMonitors
InsertMenuItemW
DispatchMessageA
TileChildWindows
InvalidateRect
LoadAcceleratorsA
BringWindowToTop
DdeGetData
OemToCharBuffA
InSendMessage
OpenDesktopW
EnumDesktopsA
InsertMenuA
CreateAcceleratorTableW
CallMsgFilterW
GetScrollInfo
DrawEdge
MonitorFromWindow
GetWindowPlacement
CharUpperW
DrawFocusRect

advapi32

QueryServiceLockStatusW
CryptDestroyKey
BuildImpersonateTrusteeW
ChangeServiceConfigW
CryptImportKey
GetAccessPermissionsForObjectA
IsValidSid
StartServiceCtrlDispatcherW
CloseEventLog
SetNamedSecurityInfoW
ChangeServiceConfigA
SetEntriesInAclW
RevertToSelf
InitiateSystemShutdownW
GetUserNameW
InitializeSecurityDescriptor
ConvertAccessToSecurityDescriptorA
SetSecurityDescriptorGroup
NotifyChangeEventLog
RegUnLoadKeyW
GetFileSecurityA
CryptHashSessionKey
AreAnyAccessesGranted
CryptDuplicateKey
DeregisterEventSource
SetSecurityDescriptorSacl
RegCloseKey
DeleteService
CryptSignHashW
CryptSignHashA
GetNamedSecurityInfoW
AdjustTokenGroups
AccessCheckAndAuditAlarmA
EnumDependentServicesW
IsValidSecurityDescriptor
GetNumberOfEventLogRecords
SetServiceStatus
QueryServiceStatus
ImpersonateNamedPipeClient
AllocateLocallyUniqueId
GetExplicitEntriesFromAclA
LookupPrivilegeNameW
OpenServiceW
SetFileSecurityW
QueryServiceObjectSecurity
GetServiceKeyNameW
GetSecurityDescriptorControl
RegDeleteKeyW
ObjectDeleteAuditAlarmW
NotifyBootConfigStatus
BuildImpersonateExplicitAccessWithNameW
BuildExplicitAccessWithNameW
ObjectOpenAuditAlarmW
AbortSystemShutdownA
InitiateSystemShutdownA
PrivilegedServiceAuditAlarmW
SetNamedSecurityInfoExA
LogonUserW
OpenServiceA
ObjectOpenAuditAlarmA
RegRestoreKeyA
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
GetPrivateObjectSecurity
FindFirstFreeAce
BuildTrusteeWithSidA
TrusteeAccessToObjectA
RegDeleteValueA
RegEnumValueW
ControlService
RegOpenKeyW
CryptSetProviderExA
GetMultipleTrusteeA
CryptDeriveKey
EnumDependentServicesA
CryptGetDefaultProviderW
CryptGetProvParam
GetLengthSid
RegQueryValueA
AddAccessAllowedAce
CreateServiceA
SetEntriesInAclA
CryptGetHashParam
RegisterEventSourceA
OpenSCManagerW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
FreeSid
GetServiceDisplayNameA
CloseServiceHandle
CreateProcessAsUserA
RegQueryValueExA
ObjectPrivilegeAuditAlarmA
RegOpenKeyExA
GetMultipleTrusteeOperationW
BackupEventLogA
ReadEventLogA
CryptAcquireContextW
SetSecurityInfo
RegDeleteKeyA
CreatePrivateObjectSecurity
SetTokenInformation
LookupAccountNameW
CryptEnumProviderTypesW
RegQueryMultipleValuesW
SetEntriesInAuditListA
LookupPrivilegeDisplayNameW
GetServiceKeyNameA
GetTokenInformation
CryptEnumProviderTypesA
GetEffectiveRightsFromAclA
EqualSid
GetNamedSecurityInfoExW
CreateServiceW
PrivilegedServiceAuditAlarmA
CryptExportKey
RegEnumValueA
ConvertAccessToSecurityDescriptorW
InitializeAcl
SetSecurityInfoExA
RegSetValueExA
ObjectDeleteAuditAlarmA

shlwapi

UrlCreateFromPathW
PathRenameExtensionA
SHOpenRegStreamA
StrToIntExW
SHEnumValueA
StrRStrIA
StrSpnW
StrCSpnIW
PathIsSameRootW
StrCmpNW
PathParseIconLocationW
PathIsDirectoryW
StrTrimW
PathIsUNCW
UrlIsA
PathGetArgsW
PathBuildRootA
PathRemoveBlanksW
PathCompactPathExW
StrStrIA
PathIsURLA
StrCatBuffW
SHRegQueryInfoUSKeyA
UrlIsNoHistoryA
SHOpenRegStreamW
SHRegEnumUSKeyW
StrRetToBufA
SHCreateShellPalette
SHSetThreadRef
SHRegCreateUSKeyW
UrlUnescapeA
SHEnumKeyExA
PathStripToRootA
SHDeleteKeyW
SHRegQueryUSValueW
SHDeleteValueW
PathMakePrettyA
PathAddExtensionA
IntlStrEqWorkerA
SHRegOpenUSKeyA
StrChrIA
StrRChrIA
PathRelativePathToW
StrRetToStrW
PathRemoveBlanksA
SHRegDeleteEmptyUSKeyW
ChrCmpIW
PathBuildRootW
SHRegGetBoolUSValueW
PathIsUNCA
SHIsLowMemoryMachine
PathCanonicalizeW
SHSetValueW
SHRegSetUSValueA
StrFromTimeIntervalA
StrCpyW
StrDupA
StrIsIntlEqualA
StrCmpIW
PathStripPathW
PathCreateFromUrlW
PathIsDirectoryEmptyA
StrChrW
PathMatchSpecA
StrRChrA
UrlUnescapeW
PathIsUNCServerA
SHRegCloseUSKey
StrStrA
PathIsRootW
IntlStrEqWorkerW
PathFileExistsW
StrChrA
UrlCombineA
PathMakeSystemFolderW
StrRetToStrA
PathIsRelativeW
PathUndecorateW
wvnsprintfA
PathIsFileSpecW
PathCreateFromUrlA
PathFindNextComponentW
PathCommonPrefixA
UrlIsNoHistoryW
PathParseIconLocationA
PathUndecorateA
PathSkipRootA
SHDeleteKeyA
PathFindExtensionA
StrCSpnW
SHSkipJunction
SHOpenRegStream2A
PathIsContentTypeW
StrToIntA
PathSearchAndQualifyA
StrPBrkW
PathUnquoteSpacesW
SHDeleteEmptyKeyA
PathAppendW
UrlIsOpaqueW
ChrCmpIA
SHRegSetUSValueW
PathIsURLW
PathUnquoteSpacesA
SHRegOpenUSKeyW
SHRegDeleteUSValueW
StrChrIW
SHGetValueW
StrSpnA
UrlCreateFromPathA

ole32

OleCreate
CoGetPSClsid
OleCreateLinkFromDataEx
WriteFmtUserTypeStg
OleCreateEmbeddingHelper
OleCreateLinkEx
OleGetIconOfFile
OleCreateLinkToFile
StgGetIFillLockBytesOnILockBytes
OleDuplicateData
OleGetIconOfClass
IsEqualGUID
StgIsStorageFile
CoLockObjectExternal
ReadStringStream
PropVariantClear
OleConvertIStorageToOLESTREAMEx
CoRegisterMessageFilter
FreePropVariantArray
RevokeDragDrop
CreateClassMoniker
OleIsRunning
WriteStringStream
CoInitializeEx
CoUnmarshalHresult
OleSaveToStream
GetDocumentBitStg
CoUninitialize
UtConvertDvtd32toDvtd16
CoGetTreatAsClass
UtGetDvtd32Info
CoCreateFreeThreadedMarshaler
OleGetClipboard
CoGetStandardMarshal
BindMoniker
StgIsStorageILockBytes
RegisterDragDrop
CoTaskMemFree
CreateILockBytesOnHGlobal
OleLoadFromStream
OleCreateFromFile
CoGetCallerTID
OleCreateDefaultHandler
CoQueryProxyBlanket
CoGetCallContext
ReadClassStg
CoGetObject
ReadFmtUserTypeStg
OleSetClipboard
OleFlushClipboard
StringFromIID
CoIsHandlerConnected
OleGetAutoConvert
UpdateDCOMSettings
CoReleaseServerProcess
StgOpenStorage
OleRegEnumVerbs
PropVariantCopy
CoSetProxyBlanket
StgOpenStorageEx
WriteOleStg
CoQueryClientBlanket
CoAddRefServerProcess
CreateItemMoniker
OleRun
StgSetTimes
WriteClassStg
OleQueryLinkFromData
OleDestroyMenuDescriptor
StgOpenStorageOnILockBytes
OleNoteObjectVisible
OleCreateFromDataEx
CreateAntiMoniker
StgCreateDocfileOnILockBytes
OleLoad
OleTranslateAccelerator
StgCreateDocfile
CoGetMalloc
CoGetInterfaceAndReleaseStream
CoFreeAllLibraries
CoMarshalHresult
CLSIDFromProgID
GetConvertStg
OleSave
ReadOleStg
CoUnmarshalInterface
DoDragDrop
CoGetInstanceFromFile
CoDosDateTimeToFileTime
StgOpenAsyncDocfileOnIFillLockBytes
CoGetInstanceFromIStorage
CoCreateInstanceEx
OleInitialize
CreateOleAdviseHolder
CoQueryReleaseObject
CoMarshalInterface

kernel32

FlushInstructionCache
SetThreadPriority
SetConsoleCtrlHandler
WritePrivateProfileStructA
LoadModule
CreateFileMappingW
lstrcpy
WriteProfileSectionW
GetStringTypeExW
lstrlenW
GetCommProperties
DeleteFiber
VirtualProtect
GlobalAlloc
GlobalWire
IsSystemResumeAutomatic
ClearCommBreak
GetSystemDefaultLangID
WriteProfileSectionA
VirtualUnlock
GetComputerNameA
SetCommMask
Process32First
GetNamedPipeInfo
GetConsoleScreenBufferInfo
EscapeCommFunction
ReadProcessMemory
WaitCommEvent
DeviceIoControl
SetProcessWorkingSetSize
FindClose
BackupWrite
FileTimeToLocalFileTime
VirtualAlloc
OpenMutexA
GetCommMask
DuplicateHandle
GlobalUnfix
GetDiskFreeSpaceExA
GetTickCount
LocalHandle
SetFileApisToANSI
GetEnvironmentStringsW
InitAtomTable
Heap32First
LocalFileTimeToFileTime
FillConsoleOutputCharacterW
OutputDebugStringA
SetCommConfig
GlobalFree
GetPrivateProfileStructW
BuildCommDCBA
WriteConsoleW
WaitForSingleObject
MoveFileExW
WriteConsoleA
CreateDirectoryExA
CommConfigDialogA
VerLanguageNameA
SetCurrentDirectoryA
LCMapStringW
PurgeComm
GetNamedPipeHandleStateW
CreateFileMappingA
EnumResourceLanguagesW
IsProcessorFeaturePresent
GetDiskFreeSpaceExW
SetThreadPriorityBoost
GetStringTypeA
GlobalCompact
SearchPathW
GetPrivateProfileIntW
SetConsoleOutputCP
DeleteFileA
DefineDosDeviceW
FreeEnvironmentStringsW
SetConsoleTitleW
LockFileEx
SetDefaultCommConfigA
ConnectNamedPipe
EnumDateFormatsExW
AddAtomW
LocalLock
UnhandledExceptionFilter
GetLogicalDrives
GetModuleFileNameW
GetDriveTypeW
ExitProcess
CreateEventW
GetDevicePowerState
FreeLibraryAndExitThread
EnumSystemCodePagesA
GlobalLock
FillConsoleOutputAttribute
PeekNamedPipe
GetLocalTime
lstrcpynW
lstrcpyn
SetPriorityClass
TlsSetValue
GetCompressedFileSizeA
GetProfileIntW
TlsAlloc
FileTimeToDosDateTime
CreateEventA
EnumCalendarInfoExA
RemoveDirectoryW
SetCalendarInfoW
LocalShrink
DebugActiveProcess
SetHandleInformation
FatalAppExitW
WideCharToMultiByte
ResetEvent
LoadLibraryA
WriteFileGather
FindFirstFileExW
HeapWalk
PeekConsoleInputA
GetPriorityClass
LCMapStringA
GetCPInfoExW
OpenEventA
GetFullPathNameW
GetHandleInformation
SetNamedPipeHandleState
GetLongPathNameW
GetLastError
GetWindowsDirectoryA
LockFile

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0773d3b6e74fe45a7f142ef357aa93ee

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

shlwapi

ole32

kernel32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 236B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 236B