4816d9f712f690131f36119998e67537_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4816d9f712f690131f36119998e67537_JaffaCakes118
Size

154KB
MD5

4816d9f712f690131f36119998e67537
SHA1

d25ae4d238c50e44ae623974fa528770c286ef2e
SHA256

c27ee970707b43208dcd48d762801fd0ba2daa8037cb615abd46357c4227166b
SHA512

9de2aa7375958da0f10ff350f0daef2771ee61459e4ed4b954aac9de8f27e9570aab8bf4b73eedff9bd51f3e5399454627fe48dc489260b5c0e747cc50509a4e
SSDEEP

3072:zdX0F6zirijfxybGxFzISvAT5ehNwpeCma9n78yE6P+DsDCwEJ05405Y7eAznV:aF6OrWsbG3IVaNK9I969CwEJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4816d9f712f690131f36119998e67537_JaffaCakes118

Files

4816d9f712f690131f36119998e67537_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1db773b1a9f040496deb19c538d05524

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

InsertMenuA
TrackPopupMenu
SendInput
ChildWindowFromPointEx
DragDetect
MapVirtualKeyExA
SetRectEmpty
GetAltTabInfoA
RegisterClipboardFormatW
EnumPropsA
DefDlgProcW
UnregisterHotKey
FindWindowA
SetKeyboardState
GetClassLongA
GetKeyboardLayoutNameW
InsertMenuItemW
SendNotifyMessageW
CreateDesktopA
SetPropW
CharToOemW
GetUpdateRgn
RegisterDeviceNotificationW
TileWindows
ChangeDisplaySettingsExA
GetAsyncKeyState
GetThreadDesktop
DdeConnect
IsHungAppWindow
DeregisterShellHookWindow

gdi32

FONTOBJ_cGetGlyphs
PolyTextOutW
SetDCPenColor
CloseFigure
GetEnhMetaFileW
DrawEscape
SetPolyFillMode
GdiGetSpoolFileHandle
EngDeleteClip
GdiSetServerAttr
GdiCleanCacheDC
FONTOBJ_pxoGetXform
CreateEnhMetaFileW
SetArcDirection
AddFontResourceA
TranslateCharsetInfo
GetCharWidth32W
FlattenPath
ResetDCA
StrokePath
PatBlt
EngCreatePalette
GdiDllInitialize
DeleteObject
StretchDIBits
GetICMProfileA
GetCharWidthFloatA
ExtTextOutA
EngLineTo
PATHOBJ_bEnum
GetRasterizerCaps
EnumFontFamiliesA
CreateDIBPatternBrushPt
CreateFontW
AddFontResourceW
GdiEntry13
GetTextExtentExPointI
EudcLoadLinkW
GetBitmapDimensionEx
EngMultiByteToWideChar
StartPage
CreateFontIndirectA
GdiAddGlsRecord
SetDIBits
GdiGetDC
GetCharWidth32A
RemoveFontResourceW
SetGraphicsMode
EngReleaseSemaphore
GetDCBrushColor
GetCharacterPlacementW
CreateRectRgnIndirect
CreatePenIndirect
PlayMetaFileRecord
SetMetaRgn
SetWindowOrgEx
CLIPOBJ_bEnum
GetPixel
GetDeviceCaps
GdiEntry5

kernel32

GetCommandLineW
SetConsoleDisplayMode
GetLogicalDrives
SetMessageWaitingIndicator
VerLanguageNameW
lstrlenA
LocalLock
EnterCriticalSection
WideCharToMultiByte
TerminateProcess
MapUserPhysicalPagesScatter
MoveFileWithProgressA
SetProcessShutdownParameters
EnumResourceTypesW
GetNamedPipeHandleStateW
GetFileTime
FindResourceA
RegisterWaitForSingleObject
FreeConsole
WriteConsoleOutputCharacterA
GetExitCodeThread
CallNamedPipeA
WriteFileGather
SetConsoleCP
CreateFileW
lstrcpynA
GetCommTimeouts
WriteFile
FormatMessageA
GetSystemPowerStatus
ExitProcess
GlobalReAlloc
HeapWalk
SetFilePointerEx
GetStringTypeA
GetCommandLineA
GetPrivateProfileStringA
GetPriorityClass
GetProfileStringA
ReadProcessMemory
GetFileAttributesW
GetVersionExW
SetNamedPipeHandleState
EnumUILanguagesA
ClearCommError
GetCompressedFileSizeW
GetUserDefaultUILanguage
GetThreadTimes
GlobalAddAtomW
FindResourceExW
GetNamedPipeInfo
LCMapStringA
LCMapStringW
GetPrivateProfileSectionNamesA
GetSystemTime
FindAtomW
HeapUnlock
OpenWaitableTimerW
WritePrivateProfileSectionW
GetCurrentConsoleFont
GetProfileSectionA
FlushConsoleInputBuffer
EscapeCommFunction
SetEnvironmentVariableA
EnumLanguageGroupLocalesA
FreeUserPhysicalPages
SetCurrentDirectoryW
LoadModule
WaitForSingleObject
GetConsoleAliasW
TransactNamedPipe
GetLocaleInfoW
GetVersion
GetCPInfo
SetProcessWorkingSetSize
RtlMoveMemory
GlobalHandle
SetupComm
OpenWaitableTimerA
FindNextChangeNotification
Process32Next
Process32First
GetCommModemStatus
ProcessIdToSessionId
QueryPerformanceFrequency
SetCurrentDirectoryA
MoveFileWithProgressW
EndUpdateResourceW
SetTimerQueueTimer
GetConsoleCP
GlobalUnlock
SetEnvironmentVariableW
IsValidCodePage
DebugBreak
FindNextVolumeA
SetFileApisToOEM
WriteConsoleOutputCharacterW
CreateFileA
Module32FirstW
CreateJobObjectW
SetDefaultCommConfigW
VirtualAlloc
GetQueuedCompletionStatus
EnumResourceTypesA
GetFileAttributesA
lstrcpyA
DefineDosDeviceA
DeleteAtom
FindFirstFileW
VirtualUnlock
DeleteVolumeMountPointA
DeleteFileW
CreateWaitableTimerW
SetConsoleTitleW
lstrlen
GetConsoleAliasExesLengthA
MoveFileA
ScrollConsoleScreenBufferW
ScrollConsoleScreenBufferA
SetDefaultCommConfigA
RemoveDirectoryA
PostQueuedCompletionStatus
EnumTimeFormatsW
PulseEvent
CreateHardLinkW
FindNextVolumeMountPointA
SetEvent
SearchPathA
GetBinaryTypeW
EnumDateFormatsA
GetProcessHeap
VerSetConditionMask
QueueUserWorkItem
GetWindowsDirectoryW
SystemTimeToFileTime
GetWriteWatch
BackupSeek
EnumCalendarInfoA
FlushViewOfFile
FreeLibraryAndExitThread
SetComputerNameW
CreateSemaphoreW
GetConsoleAliasExesW
GetTempPathW
SetUnhandledExceptionFilter
FatalAppExitW
OpenThread
GetCommConfig
GetDiskFreeSpaceA
WriteTapemark
GetShortPathNameA
GetProfileIntW
GetPrivateProfileSectionW
UnlockFile
GetModuleHandleW
UpdateResourceW
GetThreadPriorityBoost
EnumTimeFormatsA
HeapLock
CreateToolhelp32Snapshot
GetDefaultCommConfigA
VirtualAllocEx
GetFullPathNameW
HeapAlloc
CreatePipe
GetEnvironmentStringsA
VirtualProtect
Thread32First
AddAtomW
IsDebuggerPresent
GetDefaultCommConfigW
SetConsoleCursor
CreateConsoleScreenBuffer
GetTimeFormatA
SetSystemPowerState
SetLocaleInfoA
Process32NextW
lstrcatW
LockFile
FindVolumeClose
SetFileAttributesA
CreateTimerQueueTimer
lstrcmpiW
EnumUILanguagesW
OpenFileMappingA
SetThreadExecutionState
GetProcessShutdownParameters
GetExitCodeProcess
GetThreadLocale
QueryInformationJobObject
FreeEnvironmentStringsW
EnumResourceNamesW
SwitchToFiber
FindResourceExA
GetCurrentProcessId
GetCurrentProcess
WriteConsoleOutputW
SetLocaleInfoW
CreateNamedPipeW
EnumSystemLanguageGroupsA
GetSystemDirectoryW
GetCPInfoExW
LeaveCriticalSection
LoadLibraryA
FindFirstChangeNotificationA
SizeofResource
OpenJobObjectA
VirtualFreeEx
MultiByteToWideChar
WritePrivateProfileStringA
GetDiskFreeSpaceExW
UnlockFileEx
CancelWaitableTimer
CreateThread
GetConsoleMode
GetComputerNameExA
FindAtomA
SearchPathW
SetWaitableTimer
CommConfigDialogW
IsBadStringPtrA
SetInformationJobObject
GetNamedPipeHandleStateA
ResetEvent
GlobalLock
EnumDateFormatsExA
CreateMutexA
GetEnvironmentStrings
SetConsoleCursorPosition
GetCurrentDirectoryA
GlobalWire
BackupWrite
ClearCommBreak
GetPrivateProfileIntW
CreateIoCompletionPort
RtlZeroMemory
WriteProfileSectionA
AllocConsole
WriteConsoleW
GetConsoleAliasExesA
GetTickCount
WinExec
CreateJobObjectA
CreateEventW
TlsFree
LocalShrink
PeekNamedPipe
GetVolumeInformationW
ExpandEnvironmentStringsA
GetDateFormatA
WriteFileEx
SetComputerNameExW
GlobalGetAtomNameW
IsValidLocale
FlushInstructionCache
ReleaseSemaphore
DuplicateHandle
GetTempFileNameW
WriteProfileStringW
FindNextVolumeMountPointW
HeapFree
FillConsoleOutputAttribute
GetWindowsDirectoryA
GlobalCompact
MoveFileExA
GetThreadContext
DeleteTimerQueue
LockFileEx
GetACP
PeekConsoleInputW
GetFileSize
CancelIo
GetModuleFileNameA
GetCurrentThreadId
GetDiskFreeSpaceExA
MapViewOfFileEx
FindFirstFileExA
GetCurrentDirectoryW
FindFirstVolumeW
GetLongPathNameA
FindNextVolumeW
MoveFileW
lstrcmpiA
CreateNamedPipeA
ReadConsoleOutputCharacterW
CreateFiber
SystemTimeToTzSpecificLocalTime
GetCurrentThread
GetConsoleOutputCP
ReadConsoleOutputA
ReadConsoleInputA
lstrcat
GlobalSize
ReadConsoleOutputW
GetLogicalDriveStringsW
GetDriveTypeW
GetNumberOfConsoleMouseButtons
LocalAlloc
SetComputerNameA
GetCompressedFileSizeA
LocalFileTimeToFileTime
TlsSetValue
EnumSystemCodePagesW
SetStdHandle
GetSystemWindowsDirectoryA
OpenSemaphoreW
IsBadCodePtr
GetProfileSectionW
CreateMailslotA
GlobalGetAtomNameA
ConvertThreadToFiber
GetStringTypeW
EnumDateFormatsExW
EnumCalendarInfoExW
CopyFileExW
GetFullPathNameA
ConnectNamedPipe
CreateDirectoryExA
ConvertDefaultLocale
EndUpdateResourceA
EnumDateFormatsW
GlobalUnfix
SetTimeZoneInformation
TlsAlloc
GetProcAddress
FileTimeToSystemTime
SetVolumeMountPointA
Thread32Next
FoldStringA
FormatMessageW
GetCommProperties
SetConsoleCtrlHandler
DisableThreadLibraryCalls
GlobalFindAtomA
TerminateJobObject
QueueUserAPC
AssignProcessToJobObject
IsDBCSLeadByteEx
GetConsoleTitleW
GetUserDefaultLangID
GetVolumeInformationA
FindFirstChangeNotificationW
VerifyVersionInfoW
SetFileApisToANSI
SetProcessAffinityMask
WriteProfileStringA
GetPrivateProfileStringW
SetCommBreak
IsSystemResumeAutomatic
LocalUnlock
OpenProcess
ReadDirectoryChangesW
CreateProcessW
GlobalFree
LocalFlags
ReadFile
GetComputerNameExW
GetProcessIoCounters
CompareFileTime
VerLanguageNameA
GetVolumePathNameW
FindResourceW
IsValidLanguageGroup
CreateMutexW
GetStringTypeExW
SetCriticalSectionSpinCount
SetErrorMode
GetLocaleInfoA
SetConsoleWindowInfo
SetCalendarInfoW

advapi32

ReadEventLogA
RegSetValueA
GetLocalManagedApplications
CryptEncrypt
LookupAccountSidW
LookupAccountNameW
SetTokenInformation
GetLengthSid
CryptSetProviderW
StartServiceCtrlDispatcherA
LsaCreateAccount
AddUsersToEncryptedFile

shlwapi

PathIsURLW
SHGetValueW
PathRemoveArgsW
PathGetDriveNumberW
UrlEscapeW
PathIsUNCServerW
StrStrA
StrCpyW
PathParseIconLocationW
StrNCatW
UrlApplySchemeA
SHStrDupA
PathRemoveBackslashW
SHGetThreadRef
PathRemoveExtensionW
PathRemoveBlanksA
UrlIsA
PathIsUNCServerA
SHRegQueryUSValueW
PathFindOnPathA
UrlApplySchemeW
PathMakePrettyA
StrDupW
StrRChrIA
StrPBrkW
StrRetToStrW

ole32

OleSave

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1db773b1a9f040496deb19c538d05524

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

kernel32

advapi32

shlwapi

ole32

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 24KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 24KB

.rsrc
Size: 2KB - Virtual size: 1KB