4611c95e4dcfcbc010560deda154a118_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4611c95e4dcfcbc010560deda154a118_JaffaCakes118
Size

86KB
MD5

4611c95e4dcfcbc010560deda154a118
SHA1

c2ef0fcad38a19e85ee7f937d3fdd71cc6432a33
SHA256

5d5d770a6db230513a4157d72f9eab7bfebea735d92bf4ef3ae814d91f62889c
SHA512

b136a1e54de024243e285ead5d4cebf412eef2b4d1d289d0427450023e1772048b44fe669eda62ce7207c2be6416a5c370b13fca9e08b2080aca5957e38d9122
SSDEEP

1536:TqVwh1pwTF8G4l+CbwNJ67ODnrnLtIDd+NqRFhnABjgdlcHcjQ:TqQIJAf7ODnrLtIDdoqLaUl+cj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4611c95e4dcfcbc010560deda154a118_JaffaCakes118

Files

4611c95e4dcfcbc010560deda154a118_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c0fa294ebe3440153806a62e89fca2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetAccessPermissionsForObjectW
CancelOverlappedAccess
RegSetValueExW
CryptSetProvParam
RegCloseKey
GetExplicitEntriesFromAclA
AdjustTokenPrivileges
GetTrusteeNameA
CryptDuplicateKey
SetFileSecurityW
ClearEventLogW
QueryServiceLockStatusW
RegUnLoadKeyA
GetMultipleTrusteeW
ConvertSecurityDescriptorToAccessNamedA
GetAccessPermissionsForObjectA
RegQueryValueW
InitiateSystemShutdownA
RegRestoreKeyW
BackupEventLogA
RegDeleteKeyA
RegRestoreKeyA
GetFileSecurityW
CryptGenKey
OpenProcessToken
ObjectOpenAuditAlarmA
GetOverlappedAccessResults
GetNumberOfEventLogRecords
MakeSelfRelativeSD
OpenSCManagerA
GetMultipleTrusteeOperationA
EqualPrefixSid
RegCreateKeyW
GetSecurityDescriptorGroup
BuildTrusteeWithNameW
RegQueryValueA
GetAuditedPermissionsFromAclW
RegConnectRegistryA
GetTrusteeTypeA
RevertToSelf
BuildSecurityDescriptorW
AllocateLocallyUniqueId
PrivilegeCheck
GetAce
CryptGenRandom
MakeAbsoluteSD
RegEnumKeyExW
StartServiceCtrlDispatcherW
IsValidSecurityDescriptor
AddAccessDeniedAce
RegOpenKeyExA
AccessCheckAndAuditAlarmA
StartServiceA
OpenServiceW
FindFirstFreeAce
GetTokenInformation
OpenSCManagerW
AbortSystemShutdownW
RegisterEventSourceW
OpenBackupEventLogA
RegisterServiceCtrlHandlerW
LookupPrivilegeValueW
ImpersonateSelf
RegNotifyChangeKeyValue
PrivilegedServiceAuditAlarmA
ConvertSecurityDescriptorToAccessNamedW
CryptGetUserKey
RegCreateKeyExW
LookupPrivilegeNameA
GetAuditedPermissionsFromAclA
ControlService
ReadEventLogA
CryptSignHashA
ReadEventLogW
RegLoadKeyA
RegConnectRegistryW
CryptImportKey
GetEffectiveRightsFromAclA
RegSaveKeyA
ObjectCloseAuditAlarmA
CryptSetKeyParam
GetCurrentHwProfileA
GetKernelObjectSecurity
LogonUserA
GetCurrentHwProfileW
DeleteAce
SetFileSecurityA
CryptDecrypt
RegQueryMultipleValuesW
SetEntriesInAclW
CryptSetProviderExW
CryptGetDefaultProviderW
CryptHashSessionKey
GetSecurityDescriptorDacl
GetMultipleTrusteeA
ObjectPrivilegeAuditAlarmW
ImpersonateLoggedOnUser
RegQueryValueExA
LookupPrivilegeDisplayNameA
LookupAccountNameA
IsValidSid
QueryServiceObjectSecurity
GetTrusteeTypeW
RegEnumValueW
RegSetValueW
InitializeSid

ole32

OleQueryLinkFromData
OleSetMenuDescriptor
OpenOrCreateStream
CoDosDateTimeToFileTime
OleCreateEmbeddingHelper
OleLoadFromStream
CoSwitchCallContext
IsAccelerator
StgCreateDocfileOnILockBytes
OleCreateLinkFromData
StgOpenStorage
CoMarshalHresult
WriteStringStream
StgGetIFillLockBytesOnILockBytes
CoRegisterMessageFilter
OleCreateLinkToFile
StgOpenAsyncDocfileOnIFillLockBytes
ReadFmtUserTypeStg
GetHGlobalFromILockBytes
OleCreateLinkToFileEx
CoQueryAuthenticationServices
UtConvertDvtd16toDvtd32
CoMarshalInterThreadInterfaceInStream
CoGetMalloc
CoCopyProxy
CoRegisterChannelHook
PropVariantClear
CreateFileMoniker
OleConvertOLESTREAMToIStorage
CoInitializeEx
OleRegGetMiscStatus
CoImpersonateClient
CoQueryClientBlanket
OleCreateMenuDescriptor
CoGetObject
EnableHookObject
CoFreeLibrary
MonikerCommonPrefixWith
CoCreateGuid
CoUnmarshalHresult
StgCreateStorageEx
CoFreeAllLibraries
DoDragDrop
ReadClassStg
CreateClassMoniker
OleDuplicateData
FreePropVariantArray
OleCreateFromData
OleDestroyMenuDescriptor
MonikerRelativePathTo
CoGetMarshalSizeMax
OleCreateStaticFromData
OleIsRunning
OleConvertIStorageToOLESTREAM
OleRegEnumFormatEtc
CoRevertToSelf
CoIsOle1Class
CreateBindCtx
CreateItemMoniker
WriteClassStg
OleRun
CoGetCurrentLogicalThreadId
OleSaveToStream
CoGetInstanceFromIStorage
CoReleaseServerProcess
CoReleaseMarshalData
CreateAntiMoniker
StgOpenStorageOnILockBytes
RegisterDragDrop
CoUninitialize
UtGetDvtd16Info
OleDraw
StringFromIID
OleMetafilePictFromIconAndLabel
StgSetTimes
CLSIDFromProgID
CoLockObjectExternal
StgIsStorageFile
CreatePointerMoniker
CreateObjrefMoniker
SetDocumentBitStg
OleInitialize
CreateDataCache
CoUnmarshalInterface
OleGetClipboard
CoCreateInstance
StgOpenStorageEx
DllDebugObjectRPCHook
OleGetIconOfClass
CoGetStandardMarshal
OleCreateFromFileEx
OleConvertOLESTREAMToIStorageEx
CreateStreamOnHGlobal
CoRevokeClassObject
CoInitialize
OleLockRunning
RevokeDragDrop
StringFromCLSID
OleGetAutoConvert
GetRunningObjectTable
CoGetCallerTID
CoResumeClassObjects
CoTaskMemFree
OleSetAutoConvert
OleSave
ReadOleStg
OleNoteObjectVisible

kernel32

GetUserDefaultLangID
SuspendThread
GetTempFileNameA
GetCPInfoExW
GetDiskFreeSpaceExA
CreateDirectoryExA
GetProfileIntA
GetFileAttributesW
CompareStringW
WaitForDebugEvent
ResetWriteWatch
GetPrivateProfileIntW
ReadFile
GetProcessAffinityMask
SetEvent
SetThreadLocale
EnumSystemCodePagesA
IsDBCSLeadByte
GetStringTypeW
lstrcpyW
BackupSeek
SetProcessShutdownParameters
GetStdHandle
WinExec
WritePrivateProfileStringA
RaiseException
SetCommTimeouts
GetCurrentDirectoryW
GetSystemDefaultLangID
Heap32Next
VerLanguageNameA
LocalReAlloc
TlsAlloc
OpenFileMappingA
GetDefaultCommConfigW
SetSystemPowerState
EnumResourceTypesA
SetMailslotInfo
lstrlen
SetFileAttributesA
GetCommProperties
SetConsoleCursorPosition
FlushConsoleInputBuffer
HeapUnlock
FindNextFileA
CallNamedPipeW
WaitNamedPipeA
SetConsoleWindowInfo
FindFirstChangeNotificationW
DisconnectNamedPipe
ClearCommBreak
WritePrivateProfileSectionW
GetExitCodeThread
GlobalHandle
CancelIo
GetTimeFormatA
UnmapViewOfFile
SetUnhandledExceptionFilter
GetNumberFormatW
CreateEventA
WriteConsoleInputW
SetConsoleTextAttribute
SetComputerNameW
IsBadWritePtr
GetTempFileNameW
LockResource
GetPrivateProfileStructW
CreateWaitableTimerA
PulseEvent
CopyFileA
WaitCommEvent
WritePrivateProfileStructW
CancelWaitableTimer
FreeEnvironmentStringsW
FindFirstFileExW
EnumResourceTypesW
lstrcmpiA
MoveFileExA
IsBadCodePtr
Module32Next
ContinueDebugEvent
EnumTimeFormatsW
EnumSystemLocalesW
lstrcpyA
LoadLibraryExA
GlobalLock
SetConsoleMode
FillConsoleOutputCharacterA
ResetEvent
EnumSystemLocalesA
PeekConsoleInputA
SetDefaultCommConfigW
HeapDestroy
GetFileInformationByHandle
OpenMutexW
SetConsoleCtrlHandler
EnumResourceNamesA
lstrcat
lstrcpynA
IsBadHugeReadPtr
FatalExit
MoveFileExW
LoadLibraryA
FileTimeToDosDateTime
DeleteAtom
ReadConsoleA
GetThreadContext
GetTickCount
CompareStringA
SetCommConfig
DeleteFiber
SetCommMask
CloseHandle
lstrcmpA
VirtualProtect
CopyFileExA
GetCurrentDirectoryA
FindFirstChangeNotificationA
IsSystemResumeAutomatic
GetExitCodeProcess
SetErrorMode
CreateMailslotW
RtlFillMemory
VirtualLock
SearchPathW
GetPriorityClass
GlobalUnlock
CreateFileMappingW
CreateDirectoryA
LocalLock
GlobalUnWire
Process32First
CreateMailslotA
WritePrivateProfileSectionA
GetProcessHeap
SetLocaleInfoA
SetSystemTimeAdjustment
CreateNamedPipeW
GetCommandLineA
VirtualAlloc

user32

MapWindowPoints
GetSubMenu
SetCursorPos
CreatePopupMenu
SystemParametersInfoA
TrackMouseEvent
LoadMenuA
SetWindowPlacement
GetLastActivePopup
SubtractRect
UnloadKeyboardLayout
GetDlgItemInt
FindWindowW
DlgDirListComboBoxA
GetMenuContextHelpId
GetCaretPos
SetWindowPos
GetMenuItemID
SetWinEventHook
RegisterClassExA
ChangeDisplaySettingsW
DdePostAdvise
GetWindowRgn
DlgDirSelectExW
SetWindowsHookExW
SetUserObjectSecurity
GetOpenClipboardWindow
OpenInputDesktop
GetMessageA
SendNotifyMessageW
SetClassLongW
ShowWindow
CreateDialogIndirectParamA
ReplyMessage
AnimateWindow
EnumDisplayMonitors
ToUnicode
CharLowerA
DefFrameProcW
DestroyCursor
EnumDisplayDevicesA
PostThreadMessageW
SetDeskWallpaper
ReleaseCapture
SwitchDesktop
LoadCursorFromFileW
SendDlgItemMessageW
DdeKeepStringHandle
SetMenuContextHelpId
SetParent
EqualRect
EnumPropsW
PtInRect
GetWindowRect
DdeQueryNextServer
DdeConnect
LoadIconA
ToAsciiEx
InternalGetWindowText
VkKeyScanExA
MessageBoxIndirectW
GetAsyncKeyState
BlockInput
IsChild
RemoveMenu
GetDlgItem
DdeDisconnectList
GetInputDesktop
IsDialogMessageA
SendMessageA
UnhookWinEvent
FrameRect
SetPropA
LoadCursorFromFileA
DlgDirSelectExA
MapVirtualKeyExA
DlgDirListA
EnumClipboardFormats
CopyAcceleratorTableA
CreateWindowStationW
DdeFreeStringHandle
CharPrevA
PostMessageW
GetClassInfoExA
EnumWindowStationsA
HideCaret
DlgDirListComboBoxW
CreateWindowExA
WINNLSEnableIME
TrackPopupMenu
GetScrollBarInfo
OpenDesktopA
GetMenuInfo
InvalidateRgn
SwitchToThisWindow
MessageBoxW
GetClipboardFormatNameA
LoadAcceleratorsA
ModifyMenuA
GetUserObjectInformationA
OemToCharBuffW
SendMessageTimeoutW
GetWindowLongA
IsWindowVisible
GetScrollInfo
SendMessageCallbackA
ChangeMenuA
CreateCursor
TabbedTextOutW
IsClipboardFormatAvailable
SetCaretPos
DdeEnableCallback
CloseWindow
DefDlgProcA
MessageBoxExW
GetUpdateRect
DdeInitializeA
DdeCreateStringHandleW
RedrawWindow
DdeAbandonTransaction
CloseClipboard
GetMessagePos
SetProcessDefaultLayout
DestroyCaret
DispatchMessageA
ArrangeIconicWindows
GetKeyState
GetComboBoxInfo
MoveWindow
ShowOwnedPopups
EnumChildWindows
DefMDIChildProcA
GetClientRect
LoadCursorA
MenuItemFromPoint
LoadCursorW
IsRectEmpty
EnumPropsA
LoadAcceleratorsW

shlwapi

SHRegEnumUSKeyA
StrPBrkW
PathIsSameRootA
SHGetValueW
StrCpyW
StrChrIW
SHStrDupA
PathSetDlgItemPathA
PathCompactPathExA
SHRegSetUSValueW
PathIsFileSpecW
PathFindFileNameA
StrStrA
PathAddExtensionA
StrSpnA
UrlGetLocationA
PathGetCharTypeW
SHAutoComplete
SHEnumKeyExW
PathIsUNCA
PathUnmakeSystemFolderA
PathUnmakeSystemFolderW
PathIsSystemFolderW
UrlCombineA
PathRemoveExtensionW
SHRegOpenUSKeyW
PathIsURLW
PathQuoteSpacesA
StrCmpNW
SHSetValueW
UrlGetPartA
UrlIsNoHistoryA
SHOpenRegStreamA
PathFindSuffixArrayW
PathAppendW
PathIsContentTypeA
PathGetCharTypeA
PathAddBackslashA
SHDeleteEmptyKeyW
PathIsPrefixW
PathIsDirectoryW
PathIsUNCW
UrlUnescapeA
PathRemoveBackslashW
AssocQueryStringA
UrlCanonicalizeA
PathCommonPrefixA
UrlIsNoHistoryW
StrFormatKBSizeA
PathRenameExtensionW
PathFindOnPathA
StrRetToStrW
SHRegEnumUSValueA
StrCmpW
SHOpenRegStreamW
SHRegEnumUSKeyW
StrRChrIA
UrlApplySchemeA
StrSpnW
PathFindSuffixArrayA
PathIsContentTypeW
PathIsDirectoryA
SHRegSetUSValueA
StrRStrIA
SHRegQueryUSValueW
SHRegQueryUSValueA
PathSkipRootW
UrlCompareA
UrlGetLocationW
StrChrIA
IntlStrEqWorkerA
PathIsUNCServerShareA
PathRenameExtensionA
StrTrimW
ChrCmpIW
SHSetValueA
SHEnumKeyExA
StrCmpNIW
StrPBrkA
UrlApplySchemeW
GetMenuPosFromID
wvnsprintfW
SHEnumValueA
SHQueryInfoKeyW
SHRegQueryInfoUSKeyW
AssocQueryStringByKeyW
PathIsDirectoryEmptyW
HashData
SHOpenRegStream2W
StrStrIA
PathFindNextComponentA
StrIsIntlEqualW
PathIsRootW
StrNCatW
UrlIsW
PathRemoveBlanksW
SHCreateStreamOnFileA
StrRetToBufW
UrlCompareW
StrStrIW
StrStrW
StrCmpNIA
UrlHashW
StrDupA
StrRStrIW
SHRegGetBoolUSValueA

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 309B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9c0fa294ebe3440153806a62e89fca2c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

kernel32

user32

shlwapi

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 309B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 309B