4c0026717f33fb2064b91f5e54802fa4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c0026717f33fb2064b91f5e54802fa4_JaffaCakes118
Size

93KB
MD5

4c0026717f33fb2064b91f5e54802fa4
SHA1

33abb9003316ce4f9d31a2ba7ac98b9427d791ce
SHA256

629b53bc4dd359fb131d659a91bedea0bf4f8045fa9678a2cca2eb59b8f9a1c1
SHA512

ded447eb43eb9a82c8928778824a42ff50e13d5072cd94c6ba557c5445ea9767618cd19f32aacbe144acf93107868bfcf0032aa4a18ff48a161002bf4bdee1bb
SSDEEP

1536:6I4p1kJbcHZ35nQpgOmpxgiRg5ftMi16T+B+aF+yfvYTapy90bhN27dSQt3mZmFa:6IqWc5umOmpyiq5ft3CW+rapfbXU+YQC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c0026717f33fb2064b91f5e54802fa4_JaffaCakes118

Files

4c0026717f33fb2064b91f5e54802fa4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b9f501ebe720201141c981808a32b5a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExA
ClearCommBreak
GetCurrentProcessId
DisableThreadLibraryCalls
CreateToolhelp32Snapshot
GetWindowsDirectoryA
MoveFileA
GetThreadContext
SetFileAttributesW
TerminateProcess
SetProcessShutdownParameters
GetFileAttributesExA
GetFullPathNameA
GetConsoleScreenBufferInfo
LoadLibraryW
Beep
GetPrivateProfileIntA
VirtualProtect
GetWriteWatch
BeginUpdateResourceA
SetHandleCount
FlushFileBuffers
SetFileApisToANSI
SetCurrentDirectoryA
VirtualAlloc
ReadFileScatter
CallNamedPipeA
GetTimeFormatA
GetSystemDirectoryW
LocalHandle
CreateDirectoryExW
GetPrivateProfileStringW
GetShortPathNameW
GetProfileIntW
CopyFileExA
UpdateResourceW
lstrcmpiW
CommConfigDialogW
CreateFileW
GlobalHandle
FileTimeToDosDateTime
GetCurrentThreadId
FindFirstFileExW
GenerateConsoleCtrlEvent
MapViewOfFile
DosDateTimeToFileTime
GetSystemTime
FoldStringW
LocalReAlloc
EnumDateFormatsA
GetTimeZoneInformation
WinExec
Sleep
SuspendThread
GetEnvironmentVariableW
SetTimeZoneInformation
CreateWaitableTimerW
FindResourceExW
Module32Next
GetComputerNameA
ReadConsoleA
lstrcpyn
GlobalFix
SetEnvironmentVariableA
TlsAlloc
FlushViewOfFile
GetCommConfig
lstrlen
SetSystemTimeAdjustment
CopyFileW
EnumResourceNamesW
CreateNamedPipeW
GetEnvironmentStrings
InitializeCriticalSectionAndSpinCount
GetPrivateProfileSectionW
GlobalCompact
SystemTimeToTzSpecificLocalTime
FindAtomW
SetLocalTime
BuildCommDCBW
lstrcatW
GetThreadTimes
ClearCommError
FreeEnvironmentStringsW
CreateEventW
GetBinaryType
EnumSystemCodePagesW
SetSystemPowerState
Heap32Next
DisconnectNamedPipe
GetCommModemStatus
GetPrivateProfileStructA
AddAtomW
Heap32First
GetProcessTimes
SetDefaultCommConfigA
FindFirstFileA
GetConsoleTitleW
GetCommandLineW
WaitForMultipleObjects
GetProfileSectionW
GetConsoleMode
EnumResourceNamesA
GetCPInfoExA
FileTimeToSystemTime
GetExitCodeThread
GetCommProperties
GetLogicalDriveStringsW
QueryDosDeviceA
VirtualQuery
GetFileAttributesW
Toolhelp32ReadProcessMemory
GlobalDeleteAtom
SystemTimeToFileTime
GetProcessHeap
GlobalFindAtomA
HeapUnlock
OpenFileMappingA
CreateFileA
GetStdHandle
SetNamedPipeHandleState
FatalAppExitW
CreateProcessW
Heap32ListNext
GetFileTime
GetPrivateProfileIntW
EnumCalendarInfoW
OpenFile
CreateConsoleScreenBuffer
SetThreadExecutionState
SetProcessWorkingSetSize
lstrcpynA
EnumSystemLocalesW
GetCommandLineA
SetCommBreak
DebugActiveProcess
SetConsoleTitleA
FillConsoleOutputAttribute
WritePrivateProfileSectionW
SetConsoleCtrlHandler
EnumResourceTypesA
IsSystemResumeAutomatic

advapi32

CryptExportKey
AddAccessDeniedAce
CloseEventLog
GetSidSubAuthority
GetLengthSid
GetSecurityDescriptorSacl
LookupPrivilegeValueW
CryptCreateHash
RegConnectRegistryW
ObjectCloseAuditAlarmW
SetThreadToken
SetEntriesInAccessListA
QueryServiceObjectSecurity
GetNamedSecurityInfoA
RegisterEventSourceA
ObjectPrivilegeAuditAlarmW
RegFlushKey
GetNamedSecurityInfoExA
ImpersonateSelf
InitializeAcl
CryptVerifySignatureW
ConvertSecurityDescriptorToAccessNamedA
BuildImpersonateTrusteeA
RegReplaceKeyW
RegQueryMultipleValuesW
ClearEventLogW
EnumServicesStatusA
EnumServicesStatusW
CryptGetKeyParam
CopySid
PrivilegedServiceAuditAlarmA
AccessCheckAndAuditAlarmA
EnumDependentServicesA
BuildImpersonateTrusteeW
ChangeServiceConfigA
CryptEnumProviderTypesA
GetServiceKeyNameA
GetMultipleTrusteeOperationA
SetSecurityDescriptorDacl
RegReplaceKeyA
ConvertSecurityDescriptorToAccessW
CryptContextAddRef
RegDeleteValueW
ReportEventW
FreeSid
GetOverlappedAccessResults
GetKernelObjectSecurity
DeregisterEventSource
AccessCheck
RegEnumValueW
MapGenericMask
AddAccessAllowedAce
InitiateSystemShutdownA
SetKernelObjectSecurity
ObjectOpenAuditAlarmW
CryptDuplicateHash
SetSecurityDescriptorOwner
CryptSetProviderA
RegCreateKeyExA
RegisterEventSourceW
AbortSystemShutdownA
GetExplicitEntriesFromAclA
BuildTrusteeWithNameA
GetSecurityDescriptorControl
GetAclInformation
StartServiceA
StartServiceW
IsValidSecurityDescriptor
RegQueryValueExA
ReadEventLogW
RegQueryMultipleValuesA
ControlService
RegisterServiceCtrlHandlerW
AllocateLocallyUniqueId
RegLoadKeyA
CryptGetUserKey
AreAnyAccessesGranted
ChangeServiceConfigW
QueryServiceLockStatusW
CryptSignHashA
ConvertAccessToSecurityDescriptorA
GetAuditedPermissionsFromAclA
ObjectDeleteAuditAlarmW
GetSecurityInfoExW
RegQueryValueW
ClearEventLogA
RegCloseKey
RegEnumKeyW
GetSidLengthRequired
LookupAccountNameA
RegConnectRegistryA
BackupEventLogA
CryptEnumProviderTypesW
RegSetKeySecurity
ConvertSecurityDescriptorToAccessA
RegSaveKeyW
GetUserNameA
RegSetValueW
UnlockServiceDatabase

ole32

CoGetMarshalSizeMax
StgIsStorageILockBytes
CoRegisterSurrogate
CoIsHandlerConnected
OleGetIconOfClass
OleCreateFromData
OleConvertOLESTREAMToIStorageEx
CoCreateInstance
CoFileTimeNow
CoMarshalInterface
CoGetInstanceFromIStorage
GetHGlobalFromStream
OleIsCurrentClipboard
CoSwitchCallContext
CoFileTimeToDosDateTime
OleFlushClipboard
MonikerRelativePathTo
CreateAntiMoniker
CoRevokeMallocSpy
CreateDataAdviseHolder
OleConvertOLESTREAMToIStorage
CreateGenericComposite
CoBuildVersion
UtConvertDvtd16toDvtd32
OleCreateFromFileEx
CoImpersonateClient
ReleaseStgMedium
DoDragDrop
RevokeDragDrop
CreateOleAdviseHolder
CreatePointerMoniker
ProgIDFromCLSID
DllDebugObjectRPCHook
OleCreateEx
EnableHookObject
StringFromCLSID
OleRegEnumFormatEtc
OleCreate
OleCreateLinkEx
MonikerCommonPrefixWith
CoInitializeSecurity
GetRunningObjectTable
CoFreeAllLibraries
CreateILockBytesOnHGlobal
CoMarshalInterThreadInterfaceInStream
StgSetTimes
CoCreateGuid
CoGetCallContext
WriteFmtUserTypeStg
ReadOleStg
StgOpenStorage
OleConvertIStorageToOLESTREAMEx
OleSetMenuDescriptor
OleCreateFromFile
MkParseDisplayName
OleLoad
OleCreateLinkFromDataEx
CLSIDFromString
OleInitialize
CoQueryReleaseObject
OleSetClipboard
CoResumeClassObjects
OleUninitialize
CoGetInterfaceAndReleaseStream
CoTaskMemAlloc
CoGetObject
OleRun
CoMarshalHresult
CoGetMalloc
UtGetDvtd16Info
GetDocumentBitStg
CoGetInstanceFromFile
CoQueryProxyBlanket
CoTaskMemFree
CoGetTreatAsClass
GetClassFile
CreateObjrefMoniker
OleCreateLinkToFileEx
OleCreateDefaultHandler
StgGetIFillLockBytesOnFile
OleRegGetMiscStatus
OleGetClipboard
OleLoadFromStream
StgOpenStorageOnILockBytes
PropVariantCopy
CoRevertToSelf
CoGetCurrentLogicalThreadId
OleConvertIStorageToOLESTREAM
CoDisconnectObject
CoSuspendClassObjects
OleDraw
CoReleaseMarshalData
CreateBindCtx
OleGetIconOfFile
WriteClassStm
OleSave
OleSetAutoConvert
WriteOleStg
CoRevokeClassObject
StgCreateStorageEx
CoRegisterMessageFilter

shlwapi

PathSearchAndQualifyW
StrFormatKBSizeW
PathCreateFromUrlW
UrlGetPartW
SHCreateStreamOnFileA
PathIsNetworkPathA
PathCanonicalizeA
PathIsLFNFileSpecA
StrCSpnIW
UrlCanonicalizeA
GetMenuPosFromID
SHRegCloseUSKey
PathIsDirectoryEmptyA
PathSkipRootW
StrDupW
PathIsPrefixA
UrlIsNoHistoryA
StrChrA
SHRegCreateUSKeyW
SHRegGetUSValueW
SHRegSetUSValueA
ChrCmpIA
StrRetToBufA
StrCSpnW
StrToIntA
SHDeleteValueW
StrStrIW
PathIsUNCServerW
PathSetDlgItemPathA
wnsprintfW
UrlGetPartA
PathParseIconLocationA
StrFormatKBSizeA
PathFileExistsW
StrToIntExA
StrCatW
SHDeleteKeyA
PathRemoveFileSpecA
SHOpenRegStream2W
PathCompactPathExA
SHRegQueryInfoUSKeyA
StrStrIA
PathRemoveBackslashW
SHDeleteValueA
UrlUnescapeA
PathIsRelativeA
SHQueryInfoKeyA
PathAppendA
StrRetToStrW
StrRChrIA
PathQuoteSpacesA
SHRegDeleteUSValueA
PathMatchSpecW
StrFormatByteSizeW
SHQueryValueExA
StrTrimA
PathIsDirectoryW
PathCommonPrefixW
SHSetValueA
StrFromTimeIntervalW
UrlIsNoHistoryW
UrlCreateFromPathA
UrlHashW
PathIsRootA
SHRegEnumUSKeyA
PathStripToRootA
PathFindExtensionW
SHRegDeleteEmptyUSKeyA
SHRegDuplicateHKey
PathGetArgsW
StrCmpNW
UrlUnescapeW
SHSkipJunction
UrlApplySchemeW
PathCanonicalizeW
UrlCombineA
PathIsSameRootW
AssocQueryStringW
SHRegDeleteEmptyUSKeyW
StrFromTimeIntervalA
ChrCmpIW
PathRemoveExtensionW
PathRemoveBlanksW
PathIsContentTypeW
SHRegGetBoolUSValueA
PathBuildRootW
PathIsPrefixW
PathFindOnPathA
ColorAdjustLuma
SHRegGetUSValueA
SHRegEnumUSValueA
SHGetInverseCMAP
PathSearchAndQualifyA
PathRelativePathToA
SHAutoComplete
PathCommonPrefixA
StrCatBuffW
SHEnumValueA
StrCpyW
PathIsUNCA
PathRenameExtensionW
UrlIsOpaqueA
PathIsFileSpecA
PathUnmakeSystemFolderW
PathQuoteSpacesW
SHRegQueryInfoUSKeyW
PathSkipRootA
StrChrIA
PathGetCharTypeA
AssocQueryStringA

user32

SetShellWindow
EndDialog
CopyAcceleratorTableA
SwitchDesktop
UnregisterClassW
EnumDisplayDevicesW
IsMenu
SendNotifyMessageA
LoadCursorFromFileA
GetCursorInfo
DestroyWindow
EnumWindowStationsA
DdeDisconnect
UnhookWindowsHook
RegisterDeviceNotificationW
ShowCursor
HideCaret
EnumDisplaySettingsW
EnumDisplaySettingsA
TrackMouseEvent
LoadBitmapA
EnumDisplayDevicesA
EndDeferWindowPos
SetProcessDefaultLayout
OpenClipboard
DdeClientTransaction
GetSubMenu
MapWindowPoints
GetDoubleClickTime
FrameRect
CharToOemBuffW
DlgDirSelectComboBoxExW
BroadcastSystemMessageW
GetClassLongA
CloseDesktop
DrawFrameControl
AdjustWindowRect
DdeImpersonateClient
GetClipboardSequenceNumber
TrackPopupMenuEx
DdeKeepStringHandle
CharLowerA
DefFrameProcA
SwapMouseButton
GetMessageExtraInfo
RegisterDeviceNotificationA
SetCaretPos
GrayStringA
GetWindowThreadProcessId
DdeNameService
CreatePopupMenu
EnumDesktopsA
LoadAcceleratorsW
CreateAcceleratorTableW
CreateWindowStationW
GetMenuItemID
GetClientRect
ChangeDisplaySettingsW
SetDebugErrorLevel
CloseWindowStation
GetScrollBarInfo
ShowCaret
LoadKeyboardLayoutA
DdeGetLastError
DdeAddData
SetScrollRange
PostThreadMessageA
InsertMenuW
ShowOwnedPopups
LoadIconW
SendMessageCallbackA
ShowWindow
SetSysColors
DrawTextW
EnumDesktopWindows
GetScrollRange
MessageBoxExW
ChangeDisplaySettingsExA
GetParent
UnloadKeyboardLayout
LoadBitmapW
IsCharAlphaA
LoadMenuIndirectA
MonitorFromWindow
PeekMessageW
GetMenuItemInfoW
DdeConnectList
GetClassInfoA
SetForegroundWindow
SetMenuItemBitmaps
GetSystemMetrics
EnumWindows
DrawStateA
SetMenuItemInfoW
CreateIconFromResourceEx
DdeGetData
SetWindowsHookExW
DdeInitializeA
EnumClipboardFormats
ChangeDisplaySettingsExW
ToAscii
GetMessageTime
DefMDIChildProcA
RemovePropW
GetAncestor
WINNLSGetIMEHotkey
CascadeChildWindows
RedrawWindow
VkKeyScanW
IsCharAlphaNumericW
SubtractRect
SetActiveWindow
GetWindowTextW
SetWindowWord
EnumDesktopsW
LoadMenuIndirectW
SetLastErrorEx
DispatchMessageA
PackDDElParam
FindWindowA
SetWindowsHookExA
GetWindowPlacement
BroadcastSystemMessage
SetWindowsHookW
GetClassInfoW
TrackPopupMenu
OemKeyScan
FlashWindowEx
GetInputState
OemToCharW
SetUserObjectInformationW
GetKeyboardLayoutList

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b9f501ebe720201141c981808a32b5a4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

shlwapi

user32

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 8KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 8KB