498ba269b4d26b0634774395fc6ce7ad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

498ba269b4d26b0634774395fc6ce7ad_JaffaCakes118
Size

86KB
MD5

498ba269b4d26b0634774395fc6ce7ad
SHA1

1f014db5e2dc8362ce773efe3b619927650a2a24
SHA256

a4e1c7967ab6393621b06b399f79e8d7c9a867e0dfbd7ee638366def7adf25ed
SHA512

067e499e5c93ae2364f8c33b7996f1c20a0186a2e43eef3d9b0800bc16f48c445cad3c414e4ff0e9ac6fae2c60c81ee8bb25dc6d4eab650c3f56baee31661445
SSDEEP

1536:mx0ed6YZkyO3sEPgjk2AzAPC6LWxyvdC8hZygRvBSr/f3goDbyEuLtQrqCsPFsP4:mx0hQO3jtvALayFC8vDQfdQN1mZQTxz7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
498ba269b4d26b0634774395fc6ce7ad_JaffaCakes118

Files

498ba269b4d26b0634774395fc6ce7ad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dd5c2600f41767bbd2cafcbe0e6eedf7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMonitorInfoA
GetMenuItemID
ChangeClipboardChain
CascadeChildWindows
GetComboBoxInfo
DdeUnaccessData
InflateRect
LoadKeyboardLayoutW
DestroyIcon
CharToOemA
CloseClipboard
SetLastErrorEx
GetClassLongA
GetClassWord
CreateWindowExW
TileWindows
SetMenuItemInfoA
GetMenuStringW
DdeImpersonateClient
RegisterClipboardFormatA
SetClipboardViewer
SwitchDesktop
GetWindowContextHelpId
SetUserObjectInformationW
IsCharLowerW
DdeKeepStringHandle
SetSysColors
PtInRect
DestroyMenu
GetPropW
IsCharLowerA
ValidateRect
DrawEdge
GetListBoxInfo
TranslateAccelerator
SetMessageQueue
OpenWindowStationW
DdeCreateDataHandle
GetKeyboardType
GetDC
IsCharAlphaNumericW
EnumPropsExW
ShowScrollBar
GetKeyNameTextA
MonitorFromPoint
FindWindowExW
GetKeyState
GetClassInfoW
GetClipboardViewer
TabbedTextOutA
CreateWindowExA
DrawStateA
EnumChildWindows
PostThreadMessageW
SubtractRect
ScrollWindowEx
GetWindowRgn
IsMenu
SetClipboardData
GetWindowLongW
InSendMessage
RegisterClassExA
CheckDlgButton
GetClassLongW
DrawFrameControl
DdeGetLastError
IsWindowVisible
LoadMenuA
GetClassInfoExA
CheckRadioButton
GetWindowTextA
EditWndProc
GetCursorPos
IsDialogMessageA
BroadcastSystemMessageA
CharLowerW
GetDialogBaseUnits
SetDebugErrorLevel
GetTopWindow
SetWindowsHookExA
DrawIconEx
ClientToScreen
GetClassNameA
CreateMenu
SendIMEMessageExW
CreateMDIWindowA
GetSystemMenu
GetUpdateRect
IsZoomed
ExcludeUpdateRgn
SetMenuItemBitmaps
EnumClipboardFormats
SendDlgItemMessageA
CreatePopupMenu
FreeDDElParam
AppendMenuA
EnumPropsA
ShowWindow
CreateCaret
GetClassNameW
GetScrollInfo
InsertMenuA
MessageBeep
FlashWindowEx
SwitchToThisWindow
SetMenuContextHelpId
SetUserObjectSecurity
GetProcessDefaultLayout
GetLastActivePopup
DestroyAcceleratorTable
GetTabbedTextExtentA
DefMDIChildProcA
GetMessagePos
GetCapture
DrawMenuBar
SetUserObjectInformationA
GrayStringW
SetScrollRange
SetWinEventHook
VkKeyScanA
IsWindowUnicode
GetSysColor
SendIMEMessageExA
SetDlgItemTextA
ChangeDisplaySettingsA
GetUserObjectInformationA
LoadCursorA
GetMenuCheckMarkDimensions
DrawTextExA
LoadIconA
DdeEnableCallback
GetKeyboardState
CascadeWindows
SetClassLongA
SendMessageTimeoutA
DispatchMessageW

advapi32

BuildTrusteeWithSidW
LockServiceDatabase
GetServiceKeyNameW
GetNamedSecurityInfoExW
GetExplicitEntriesFromAclA
CryptSetProviderW
LookupAccountNameW
CryptVerifySignatureA
ImpersonateSelf
CryptGenKey
RegisterEventSourceA
SetEntriesInAuditListA
RevertToSelf
CryptVerifySignatureW
RegQueryMultipleValuesW
OpenProcessToken
GetSidIdentifierAuthority
DestroyPrivateObjectSecurity
GetServiceKeyNameA
GetAclInformation
ConvertSecurityDescriptorToAccessA
PrivilegedServiceAuditAlarmA
GetSecurityInfoExW
RegEnumKeyW
GetMultipleTrusteeOperationW
ConvertAccessToSecurityDescriptorW
GetNamedSecurityInfoW
ClearEventLogA
RegCreateKeyW
RegConnectRegistryA
CryptAcquireContextW
ObjectDeleteAuditAlarmA
LookupAccountNameA
ObjectDeleteAuditAlarmW
GetMultipleTrusteeOperationA
RegSetValueW
SetFileSecurityW
TrusteeAccessToObjectW
ControlService
RegFlushKey
OpenBackupEventLogA
GetExplicitEntriesFromAclW
CryptEnumProviderTypesW
LookupSecurityDescriptorPartsA
GetSecurityDescriptorDacl
ObjectCloseAuditAlarmA
QueryServiceConfigW
GetSecurityDescriptorSacl
TrusteeAccessToObjectA
CryptDuplicateHash
CryptDestroyKey
CloseEventLog
GetLengthSid
CryptReleaseContext
ObjectCloseAuditAlarmW
AdjustTokenGroups
GetAccessPermissionsForObjectA
GetTrusteeTypeW
OpenSCManagerA
DeregisterEventSource
SetSecurityDescriptorSacl
ImpersonateLoggedOnUser
BuildExplicitAccessWithNameW
UnlockServiceDatabase
ObjectPrivilegeAuditAlarmW
IsTextUnicode
QueryServiceLockStatusA
SetEntriesInAccessListW
BuildExplicitAccessWithNameA
AreAnyAccessesGranted
AddAuditAccessAce
CryptGetHashParam
SetTokenInformation
RegEnumKeyExA
GetSidLengthRequired
CryptSetKeyParam
GetPrivateObjectSecurity
CloseServiceHandle
GetTokenInformation
CryptSetProviderExW
BuildTrusteeWithSidA
AbortSystemShutdownA
CryptEnumProvidersA
CreatePrivateObjectSecurity
InitiateSystemShutdownA
CryptExportKey
RegSaveKeyA
CryptGetProvParam
OpenServiceA
CryptGenRandom
RegRestoreKeyA
RegReplaceKeyW
RegEnumKeyA
SetNamedSecurityInfoExW
CreateServiceA
RegCloseKey
RegUnLoadKeyW
RegQueryMultipleValuesA
RegUnLoadKeyA
RegDeleteKeyW
IsValidSid
NotifyBootConfigStatus
RegisterServiceCtrlHandlerA
CreateProcessAsUserA
AddAccessDeniedAce
SetAclInformation
AccessCheckAndAuditAlarmW
RegQueryValueA
CryptSignHashA
GetUserNameW
CryptHashData
GetFileSecurityW
RegCreateKeyA
QueryServiceObjectSecurity
GetCurrentHwProfileA

ole32

StgIsStorageILockBytes
CoIsHandlerConnected
CoFileTimeNow
UtGetDvtd32Info
CoGetMalloc
CreateGenericComposite
OleCreateFromDataEx
CreateFileMoniker
StringFromIID
OleSaveToStream
OleCreateLinkToFile
OleCreateLinkFromDataEx
OleRegEnumFormatEtc
StringFromGUID2
CoGetInstanceFromIStorage
CoLoadLibrary
CreateDataAdviseHolder
OleGetAutoConvert
OleGetClipboard
StgOpenStorageEx
CoTaskMemAlloc
UtGetDvtd16Info
CreateAntiMoniker
CreateClassMoniker
CoRegisterClassObject
StgCreateDocfile
CoGetInterfaceAndReleaseStream
CoUnmarshalInterface
CoGetMarshalSizeMax
CoTreatAsClass
CoLockObjectExternal
PropVariantClear
CoQueryAuthenticationServices
OleSetAutoConvert
ReadClassStg
CoTaskMemRealloc
DoDragDrop
UpdateDCOMSettings
OleCreateDefaultHandler
IsAccelerator
OleLockRunning
CoInitializeSecurity
OleConvertIStorageToOLESTREAM
CoFileTimeToDosDateTime
OleCreateFromFileEx
OleSave
CoInitialize
StgOpenStorage
StgGetIFillLockBytesOnFile
WriteFmtUserTypeStg
OleCreate
OleRegGetUserType
CreateDataCache
CoUninitialize
EnableHookObject
OleCreateLinkFromData
OleIsCurrentClipboard
CoRevokeMallocSpy
OleGetIconOfFile
SetDocumentBitStg
CreatePointerMoniker
CoMarshalInterThreadInterfaceInStream
ReadOleStg
OleRegEnumVerbs
CoQueryProxyBlanket
CoDosDateTimeToFileTime
CoFreeUnusedLibraries
CoRevertToSelf
StringFromCLSID
OleSetContainedObject
ProgIDFromCLSID
OleQueryLinkFromData
UtConvertDvtd16toDvtd32
StgCreateDocfileOnILockBytes
CoUnmarshalHresult
OleDraw
MonikerCommonPrefixWith
CoReleaseMarshalData
OleGetIconOfClass
OleConvertOLESTREAMToIStorageEx
IsEqualGUID
StgIsStorageFile
ReadClassStm
CLSIDFromProgID
CoReleaseServerProcess
CoGetCurrentLogicalThreadId
OleRun
OleCreateMenuDescriptor
CreateStreamOnHGlobal
OleDoAutoConvert
CoCreateFreeThreadedMarshaler
OleCreateLinkEx
OpenOrCreateStream
OleLoad

kernel32

DeleteFileW
SignalObjectAndWait
lstrcpynW
ReadProcessMemory
FatalAppExitA
LoadLibraryW
PeekNamedPipe
SetThreadAffinityMask
GetDevicePowerState
GetTempPathA
SetFileAttributesW
GetEnvironmentStringsW
GetConsoleTitleW
ReadConsoleInputW
PrepareTape
lstrcat
LocalFileTimeToFileTime
SetComputerNameW
ClearCommBreak
WriteFileEx
VirtualProtect
IsProcessorFeaturePresent
GetPrivateProfileIntW
SetSystemTime
CancelWaitableTimer
VirtualAlloc
GetPrivateProfileSectionW
CreateMailslotW
GetProfileIntW
DeleteFiber
GetStringTypeExW
GetCurrencyFormatA
GetPrivateProfileStringA
IsDBCSLeadByte
FreeEnvironmentStringsW
OpenWaitableTimerW
lstrcmpiA
PulseEvent
GetVolumeInformationA
GetConsoleMode
OutputDebugStringW
FindNextFileW
GlobalAddAtomA
WritePrivateProfileStructW
GetSystemDefaultLCID
GetCompressedFileSizeW
CreateEventA
Heap32ListNext
CopyFileExW
SetLocaleInfoA
FoldStringA
GetSystemDirectoryW
GetStringTypeExA
GetConsoleCP
OpenSemaphoreA
GetBinaryTypeW
MoveFileA
HeapWalk
InitAtomTable
OutputDebugStringA
FindResourceA
VerLanguageNameA
EnumDateFormatsExA
GetAtomNameW
SetWaitableTimer
SetLastError
FindResourceExA
SetVolumeLabelA
GetCommandLineW
SetConsoleCtrlHandler
GetProfileSectionA
EnumCalendarInfoExA
DebugActiveProcess
EscapeCommFunction
lstrlen
GetEnvironmentStrings
GetNamedPipeHandleStateW
GlobalUnlock
DeviceIoControl
GetNumberOfConsoleInputEvents
DefineDosDeviceW
GetMailslotInfo
GetDefaultCommConfigA
GetModuleHandleA
CreateFiber
SetEnvironmentVariableA
GlobalWire
CopyFileA
FindCloseChangeNotification
CompareStringA
SetCurrentDirectoryA
EnumResourceLanguagesA
Beep
SetEndOfFile
GetSystemTimeAdjustment
SetConsoleCursorInfo
CreateMailslotA
FileTimeToSystemTime
MoveFileW
SetMailslotInfo
GetBinaryType
FatalAppExitW
GetProcessPriorityBoost
BackupSeek
GetFullPathNameA
LocalShrink
lstrcmpW
GetTapeStatus
FindFirstFileExA
RequestWakeupLatency
LoadLibraryExW
GetConsoleCursorInfo
GetCPInfoExA
GetTimeZoneInformation
ScrollConsoleScreenBufferW
SearchPathW
FindNextFileA
SetConsoleTextAttribute
CompareFileTime
QueueUserAPC
VirtualFreeEx
SetConsoleOutputCP
LockResource
WaitNamedPipeW
GlobalAddAtomW
CreateWaitableTimerA
GetFileAttributesW
GetNumberFormatW
FreeLibrary
UnhandledExceptionFilter
GetPrivateProfileStringW
GetLogicalDriveStringsW

shlwapi

PathRemoveArgsA
PathAppendA
UrlApplySchemeW
StrToIntExW
PathUndecorateW
PathCreateFromUrlA
SHRegCreateUSKeyW
PathIsLFNFileSpecW
PathIsPrefixW
SHDeleteEmptyKeyW
StrRChrW
SHDeleteKeyA
IntlStrEqWorkerW
PathIsFileSpecA
StrTrimW
StrFormatKBSizeW
StrCSpnA
SHRegEnumUSValueW
UrlEscapeW
PathRelativePathToA
PathRemoveBlanksA
StrStrIW
UrlCombineW
SHRegDuplicateHKey
SHStrDupA
PathCompactPathExA
SHQueryValueExW
wvnsprintfA
StrTrimA
StrToIntExA
StrCmpNIA
PathIsNetworkPathW
PathCompactPathW
PathGetArgsA
PathGetDriveNumberA
UrlCompareW
AssocQueryStringByKeyW
StrToIntW
UrlIsA
StrCSpnIA
SHOpenRegStreamA
StrRChrIW
UrlIsNoHistoryA
SHDeleteKeyW
PathIsUNCServerShareA
SHRegGetUSValueA
PathFindSuffixArrayW
StrIsIntlEqualW
AssocQueryKeyA
PathCompactPathA
PathGetDriveNumberW
PathIsSystemFolderA
StrCmpNA
AssocQueryStringByKeyA
PathFindOnPathW
SHRegDeleteEmptyUSKeyW
UrlCompareA
UrlCombineA
PathFindNextComponentA
PathParseIconLocationA
StrSpnA
IntlStrEqWorkerA
StrIsIntlEqualA
PathFindOnPathA
UrlUnescapeW
SHOpenRegStreamW
PathMakeSystemFolderW
PathFindExtensionA
StrCmpNW
SHRegWriteUSValueW
SHOpenRegStream2A
PathRemoveBlanksW
PathCreateFromUrlW
PathFindNextComponentW
StrRetToBufW
UrlIsOpaqueA
PathIsDirectoryA
SHRegSetUSValueA
PathQuoteSpacesA
StrFormatByteSize64A
PathSearchAndQualifyA
SHRegQueryInfoUSKeyA
PathSkipRootW
wvnsprintfW
StrStrW
AssocQueryKeyW
PathMatchSpecA
wnsprintfA
PathFindSuffixArrayA
PathFindFileNameW
StrToIntA
PathRemoveBackslashA
AssocQueryStringA
UrlGetLocationA
PathRemoveExtensionA
PathFileExistsW
UrlHashA
PathIsLFNFileSpecA
HashData
SHCreateStreamOnFileW
UrlGetPartW
StrCpyW
PathIsFileSpecW
SHRegCloseUSKey
PathAddExtensionA
UrlIsOpaqueW
StrRStrIA
StrDupW
UrlGetLocationW
StrCatBuffW

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dd5c2600f41767bbd2cafcbe0e6eedf7

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

ole32

kernel32

shlwapi

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 4KB