49c29c02235bde01471df7f49718359b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

49c29c02235bde01471df7f49718359b_JaffaCakes118
Size

88KB
MD5

49c29c02235bde01471df7f49718359b
SHA1

25fb89d5de73975397ebe21da74302892eec2bf9
SHA256

c258a10c8eff512c136aaa3355551478a729d5f7ed308ac2deafe8be29d2ef0c
SHA512

f5b1a2a0e1f6936d7f85a61364d836fd906ce9cb5950f662eb0e8eb3714c1a0d29df96e430a28c00a843dfaafd2e6cd709bf1df98d2d55b5fad310452667acca
SSDEEP

1536:S9L8D/04q3jjrBX48cJuKZtyqnrjAjgEkOvFp1bUerAIU6b0nHN2HwaR:S9u0TvrBhcJP3nreBvz28AIU6bokwa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49c29c02235bde01471df7f49718359b_JaffaCakes118

Files

49c29c02235bde01471df7f49718359b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f5ae29905ea3fe90273e527e99e3c388

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoReleaseMarshalData
OleDuplicateData
CoUnmarshalHresult
OleSaveToStream
CoSwitchCallContext
GetClassFile
StgCreateDocfile
CoTaskMemAlloc
CoRevertToSelf
OleCreate
CreateItemMoniker
OleLoadFromStream
OleSetAutoConvert
CreateILockBytesOnHGlobal
OleCreateEx
OleLoad
CoGetCallerTID
OleCreateStaticFromData
CoInitializeEx
CoTaskMemFree
CreateStreamOnHGlobal
OleCreateLinkToFileEx
CreateAntiMoniker
OleCreateFromData
OleConvertIStorageToOLESTREAMEx
CoGetInterfaceAndReleaseStream
OleCreateLinkFromDataEx
OleRun
CoReleaseServerProcess
CoGetStandardMarshal
CoRegisterChannelHook
CoFreeAllLibraries
StgCreateDocfileOnILockBytes
CoIsOle1Class
OleRegEnumFormatEtc
CoIsHandlerConnected
CoGetTreatAsClass
OleCreateEmbeddingHelper
DoDragDrop
CreateClassMoniker
OleCreateDefaultHandler
OleCreateLinkToFile
SetDocumentBitStg
StgOpenStorageEx
CoGetCurrentLogicalThreadId
GetRunningObjectTable
CoCopyProxy
WriteFmtUserTypeStg
GetHGlobalFromILockBytes
CoTaskMemRealloc
CoAddRefServerProcess
IsEqualGUID
OleNoteObjectVisible
OleRegEnumVerbs
ReadClassStm
StringFromCLSID
OleFlushClipboard
OleCreateLinkEx
ReadStringStream
CoGetMalloc
CreateDataCache
CoDisconnectObject
CoFileTimeToDosDateTime
DllDebugObjectRPCHook
CreatePointerMoniker
CoMarshalInterface
OleDoAutoConvert
IIDFromString
ReleaseStgMedium
ReadOleStg
OleDestroyMenuDescriptor
OleRegGetUserType
OleDraw
CoGetCallContext
StgGetIFillLockBytesOnFile
StgIsStorageILockBytes
CoRegisterMessageFilter
OleSave
CoGetPSClsid
StgGetIFillLockBytesOnILockBytes
GetHGlobalFromStream

kernel32

CreateWaitableTimerW
GetEnvironmentVariableA
Thread32First
GetQueuedCompletionStatus
GetWriteWatch
WriteConsoleW
LCMapStringA
SetProcessShutdownParameters
MoveFileExA
CancelIo
QueryPerformanceCounter
GlobalReAlloc
IsDBCSLeadByteEx
Sleep
SetComputerNameW
EnumCalendarInfoExA
EndUpdateResourceA
GetThreadTimes
SetTapeParameters
SetCalendarInfoW
GetLastError
GetFileInformationByHandle
CreateConsoleScreenBuffer
SetErrorMode
SetLocaleInfoA
GetHandleInformation
GetProfileSectionW
BackupRead
GetCompressedFileSizeW
lstrcpynA
GetFileAttributesExW
SetComputerNameA
FlushConsoleInputBuffer
GetTempPathA
GetLocaleInfoA
WriteTapemark
IsDBCSLeadByte
WaitNamedPipeW
lstrcatA
UnlockFile
FindResourceExW
Beep
LocalReAlloc
LockFile
FoldStringA
HeapFree
BackupSeek
CreateDirectoryExA
SetPriorityClass
GlobalFindAtomA
SetCommBreak
GlobalFlags
ReadConsoleOutputCharacterA
GetDiskFreeSpaceW
BeginUpdateResourceA
FlushViewOfFile
EnumDateFormatsW
GetProcessPriorityBoost
WriteConsoleOutputW
VirtualAlloc
VirtualProtect

user32

SetFocus
ChildWindowFromPoint
CloseWindow
IsCharAlphaA
DlgDirListW
DefDlgProcW
GetAncestor
SetWindowPlacement
GetClassLongA
SetDeskWallpaper
FindWindowExW
SetProcessDefaultLayout
DdeConnect
PtInRect
ModifyMenuA
GetInputState
DialogBoxIndirectParamA
DdeDisconnectList
CreateDesktopA
CharToOemA
DlgDirSelectComboBoxExA
GetMenuState
SetClassLongA
EnumPropsA
LoadIconW
RegisterClipboardFormatW
LoadCursorW
SetUserObjectInformationA
BroadcastSystemMessageW
GetGUIThreadInfo
HideCaret
SetUserObjectInformationW
GetWindowPlacement
SetWindowPos
SetSysColors
MessageBoxIndirectA
GetInputDesktop
OemToCharBuffA
DefWindowProcA
GetDCEx
DdeQueryStringA
SetClassWord
MessageBoxExA
DdeGetLastError
InvalidateRgn
TileChildWindows
OffsetRect
CallNextHookEx
DestroyCursor
DdeImpersonateClient
EnumDesktopsA
GetCursorInfo
CopyAcceleratorTableW
RegisterClassExA
CharNextA
EnumDisplaySettingsExA
CreateCaret
SetMenuContextHelpId
VkKeyScanA
DrawCaption
DlgDirListComboBoxW
CharToOemBuffW
IsClipboardFormatAvailable
GetWindowLongW
GetClipboardViewer
DrawIcon
MapVirtualKeyA
CreateDesktopW
GetClassNameA
GetDoubleClickTime
ScreenToClient
SetSystemCursor
CloseWindowStation
LoadImageW
SetCapture
InSendMessageEx
CreateWindowStationW
OpenDesktopW
IsWindowVisible
InflateRect

advapi32

SetNamedSecurityInfoA
ObjectDeleteAuditAlarmA
GetKernelObjectSecurity
RegQueryMultipleValuesW
DuplicateTokenEx
GetSecurityDescriptorDacl
GetEffectiveRightsFromAclW
RegEnumKeyA
LookupPrivilegeNameW
ImpersonateLoggedOnUser
RegisterServiceCtrlHandlerW
ChangeServiceConfigA
ConvertAccessToSecurityDescriptorA
SetEntriesInAccessListA
GetOverlappedAccessResults
OpenEventLogW
CryptVerifySignatureW
OpenServiceW
RegLoadKeyA
GetUserNameW
RevertToSelf
CreateServiceA
GetSecurityDescriptorLength
ObjectCloseAuditAlarmA
ReadEventLogW
RegEnumKeyExW
RegCreateKeyExA
SetEntriesInAccessListW
LookupAccountSidA
GetAuditedPermissionsFromAclA
StartServiceCtrlDispatcherW
RegNotifyChangeKeyValue
RegisterEventSourceW
DeleteService
CryptDeriveKey
BuildTrusteeWithSidA
SetEntriesInAclA
EqualPrefixSid
CryptSetProviderW
CancelOverlappedAccess
RegQueryValueA
RegConnectRegistryA
LogonUserW
GetExplicitEntriesFromAclA
CryptEnumProviderTypesW
ImpersonateNamedPipeClient
CryptReleaseContext
AddAccessDeniedAce
CloseEventLog
CryptEnumProviderTypesA
BuildTrusteeWithNameA
GetAccessPermissionsForObjectA
DestroyPrivateObjectSecurity
BuildImpersonateExplicitAccessWithNameA
SetSecurityInfoExW
ConvertAccessToSecurityDescriptorW
BuildExplicitAccessWithNameW
RegSaveKeyW
ObjectPrivilegeAuditAlarmA
LookupSecurityDescriptorPartsW
LookupPrivilegeNameA
RegisterEventSourceA
CryptEncrypt
CryptGenRandom
GetMultipleTrusteeA
SetEntriesInAuditListW
InitializeSid
GetSidSubAuthorityCount
TrusteeAccessToObjectA
CryptExportKey
RegSaveKeyA
RegDeleteValueW
RegDeleteKeyA
AllocateAndInitializeSid
LookupAccountSidW
AbortSystemShutdownA
QueryServiceLockStatusA
GetNamedSecurityInfoW

shlwapi

PathAddBackslashW
PathRemoveFileSpecA
PathCompactPathExW
PathRelativePathToA
SHRegQueryUSValueW
SHRegDuplicateHKey
StrCmpIW
SHStrDupA
PathMakeSystemFolderW
SHCopyKeyW
SHRegEnumUSValueW
PathIsContentTypeA
SHDeleteKeyA
StrStrW
PathCombineA
UrlCombineA
PathRemoveExtensionW
PathMakePrettyW
SHCreateStreamOnFileW
UrlEscapeW
StrStrIA
PathSetDlgItemPathA
StrCmpNIW
SHGetInverseCMAP
PathIsFileSpecW
PathRemoveBackslashW
PathCompactPathW
ColorHLSToRGB
UrlCompareA
PathCreateFromUrlA
PathIsUNCA
StrIsIntlEqualA
UrlIsNoHistoryA
SHEnumKeyExA
SHDeleteValueW
PathGetDriveNumberW
SHDeleteEmptyKeyW
SHRegCloseUSKey
SHGetValueW
SHOpenRegStreamW
UrlHashA
SHOpenRegStreamA
StrToIntExW
PathIsDirectoryA
StrChrIA
PathUndecorateW
PathSkipRootW
PathRenameExtensionW
PathRemoveExtensionA
PathFileExistsW
StrStrIW
PathUnquoteSpacesW
PathBuildRootA
PathSetDlgItemPathW
PathIsSystemFolderA
PathFileExistsA
PathFindNextComponentW
UrlCreateFromPathW
SHRegQueryInfoUSKeyA
SHRegCreateUSKeyA
StrChrIW
PathIsSameRootW
SHSetValueW
SHRegGetUSValueA
SHStrDupW
PathSkipRootA
PathIsNetworkPathA
PathIsLFNFileSpecW
StrRStrIW
UrlGetPartW
PathIsRootW
PathIsNetworkPathW
AssocQueryStringByKeyW
PathGetArgsA
PathUnmakeSystemFolderA
IntlStrEqWorkerA

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f5ae29905ea3fe90273e527e99e3c388

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

user32

advapi32

shlwapi

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 16KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 16KB