4c66f918675395d70085b3ed20881c71_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c66f918675395d70085b3ed20881c71_JaffaCakes118
Size

1005KB
MD5

4c66f918675395d70085b3ed20881c71
SHA1

d03f4a5ab6e8e1eed86adcbaf8d0fb85e429b04b
SHA256

51b62e35e1094b9c4c683a1798c9d9eabb313124dc9f717bdfdcf2a0ffec485c
SHA512

6d1653cbeac87feb8800017ac2fb3857fb92f6f67d9d09b6b16de214fcccbbab01d7ed0f424dfe0467d52bd6fc7b6e48361d0b791f5fbacd0fe647adddfdec3c
SSDEEP

12288:ArOUP1aqsY5FI475+QRo7jlTncW/K1oHW62Rkf8f+skzax1/g/J/v0i6b:ArsqpI05D+lbQz1kf8f+skK1/g/J/8b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c66f918675395d70085b3ed20881c71_JaffaCakes118

Files

4c66f918675395d70085b3ed20881c71_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5b925ca6804c38ec66a83668750d1250

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
realloc
_ftol
memmove
_itow
free

advapi32

RegOpenKeyExW
RegNotifyChangeKeyValue
RegQueryValueExA
RegOpenKeyExA
RegQueryValueW
RegEnumKeyExW
RegCloseKey
RegCreateKeyW
RegDeleteValueW
RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegSetValueW
GetUserNameW

kernel32

GetLastError
CreateEventW
GetLocaleInfoW
FreeLibrary
GetSystemDefaultLCID
SetProcessShutdownParameters
ReleaseMutex
CreateMutexW
SetPriorityClass
GetCurrentProcess
GetStartupInfoW
GetCommandLineW
SetErrorMode
LeaveCriticalSection
EnterCriticalSection
CompareFileTime
GetSystemTimeAsFileTime
lstrcpynW
SetThreadPriority
GetCurrentThreadId
GetThreadPriority
GetCurrentThread
GetUserDefaultLangID
Sleep
GetBinaryTypeW
SystemTimeToFileTime
GetLocalTime
GetFileAttributesW
MoveFileW
OpenEventW
FindNextFileW
FindFirstFileW
IsBadCodePtr
SetEvent
GetCurrentProcessId
GetEnvironmentVariableW
lstrcatW
lstrcmpW
UnregisterWait
ResetEvent
GlobalGetAtomNameW
lstrcmpiA
RegisterWaitForSingleObject
GetDateFormatW
GetTimeFormatW
FlushInstructionCache
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapSize
GetUserDefaultLCID
ReadProcessMemory
SetLastError
OpenProcess
InterlockedCompareExchange
LoadLibraryA
WaitForSingleObject
GetTickCount
ExpandEnvironmentStringsW
GetModuleFileNameW
GetPrivateProfileStringW
GetSystemDirectoryW
GetProfileStringW
GetWindowsDirectoryW
SetCurrentDirectoryW
CreateFileW
DeviceIoControl
lstrcmpiW
LocalAlloc
LocalFree
ExitProcess
CreateJobObjectW
CreateThread
CreateProcessW
AssignProcessToJobObject
ResumeThread
TerminateProcess
DelayLoadFailureHook
TerminateThread
GetQueuedCompletionStatus
CreateIoCompletionPort
SetInformationJobObject
CloseHandle
LoadLibraryW
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
lstrlenW
lstrcpyW
InterlockedDecrement
InterlockedIncrement
GetFileAttributesExW
MulDiv
GetLongPathNameW
GetProcessTimes
GetVersionExA
GetModuleHandleA
InterlockedExchange
GlobalFree
GlobalAlloc
CreateEventA
FindClose

gdi32

GetStockObject
CreatePatternBrush
OffsetViewportOrgEx
GetLayout
CombineRgn
CreateDIBSection
GetTextExtentPoint32W
StretchBlt
SetStretchBltMode
CreateRectRgn
GetClipRgn
IntersectClipRect
GetViewportOrgEx
SetViewportOrgEx
PatBlt
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
OffsetWindowOrgEx
DeleteDC
SetBkColor
BitBlt
ExtTextOutW
GetTextExtentPointW
GetClipBox
GetObjectW
CreateRectRgnIndirect
CreateFontIndirectW
SetTextColor
SetBkMode
DeleteObject
GetTextMetricsW
SelectObject
GetDeviceCaps
TranslateCharsetInfo
SelectClipRgn

user32

IsHungAppWindow
EndTask
SwitchToThisWindow
InternalGetWindowText
GetDCEx
SetCursorPos
ChildWindowFromPoint
EndDialog
SendDlgItemMessageW
ChangeDisplaySettingsW
RegisterHotKey
UnregisterHotKey
SetCursor
SendMessageTimeoutW
GetWindowPlacement
LoadImageW
SetWindowRgn
IntersectRect
OffsetRect
EnumDisplayMonitors
RedrawWindow
SubtractRect
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
WaitMessage
InflateRect
CallWindowProcW
GetDlgCtrlID
SetCapture
CopyRect
MonitorFromRect
MonitorFromPoint
RegisterClassW
SetPropW
GetWindowLongA
SetWindowLongW
FillRect
GetCursorPos
PtInRect
GetClassNameW
EndPaint
SetWindowTextW
GetAsyncKeyState
InvalidateRect
GetWindow
ShowWindowAsync
TrackPopupMenuEx
UpdateWindow
DestroyIcon
IsRectEmpty
SetActiveWindow
SetTimer
GetMenuItemID
TrackPopupMenu
DestroyWindow
SendMessageCallbackW
GetClassLongW
LoadIconW
SetScrollPos
ShowWindow
BringWindowToTop
GetDesktopWindow
CascadeWindows
TileWindows
GetScrollInfo
GetMenuItemCount
ModifyMenuW
InsertMenuW
IsWindowEnabled
GetMenuState
LoadCursorW
GetParent
OpenInputDesktop
CloseDesktop
EnumWindows
IsWindowVisible
GetClientRect
UnionRect
EqualRect
GetWindowThreadProcessId
GetForegroundWindow
GetSysColor
DrawTextW
KillTimer
GetClassInfoExW
DefWindowProcW
RegisterClassExW
GetIconInfo
SetScrollInfo
GetLastActivePopup
SetForegroundWindow
IsWindow
GetSystemMenu
IsIconic
IsZoomed
EnableMenuItem
SetMenuDefaultItem
MonitorFromWindow
GetMonitorInfoW
GetWindowInfo
GetFocus
SetFocus
MapWindowPoints
ScreenToClient
ClientToScreen
GetWindowRect
SetWindowPos
DeleteMenu
GetMenuItemInfoW
wsprintfW
SetMenuItemInfoW
CharUpperBuffW
PeekMessageW
PostMessageW
EnumDisplayDevicesW
EnumDisplaySettingsExW
GetDC
ReleaseDC
LoadStringW
MessageBoxW
GetShellWindow
FindWindowW
SystemParametersInfoW
GetSystemMetrics
GetDoubleClickTime
CharNextW
CreatePopupMenu
GetMenuDefaultItem
DestroyMenu
GetKeyState
RegisterWindowMessageW
SendMessageW
GetWindowLongW
EnumChildWindows
CreateWindowExW
DialogBoxParamW
MsgWaitForMultipleObjects
CharNextA
RegisterClipboardFormatW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
PrintWindow
SetClassLongW
GetPropW
GetNextDlgGroupItem
GetNextDlgTabItem
ChildWindowFromPointEx
IsChild
NotifyWinEvent
TrackMouseEvent
GetCapture
GetAncestor
CharUpperW
SetWindowLongA
DrawCaption
RemovePropW
GetDlgItem
GetSysColorBrush
AllowSetForegroundWindow
LoadMenuW
GetSubMenu
RemoveMenu
SetParent
CheckDlgButton
GetMessagePos
EnableWindow
IsDlgButtonChecked
GetDlgItemInt
MoveWindow
CopyIcon
AdjustWindowRectEx
DrawFocusRect
DrawEdge
ExitWindowsEx
WindowFromPoint
SetRect
LoadAcceleratorsW
LoadBitmapW
SendNotifyMessageW
AppendMenuW
SetWindowPlacement
CheckMenuItem
MessageBeep
GetActiveWindow
BeginPaint
PostQuitMessage
SetDlgItemInt

ntdll

NtQueryInformationProcess
RtlNtStatusToDosError

shlwapi

ord237
StrCmpNW
ord278
ord197
ord225
ord193
ord177
ord178
ord171
ord512
AssocCreate
ord154
ord513
PathIsNetworkPathW
SHQueryValueExW
ord176
ord156
ord439
StrRetToStrW
StrRetToBufW
ord157
ord476
ord217
ord215
ord199
StrCpyW
ord467
StrCmpIW
ord346
ord413
ord219
ord175
ord164
ord172
SHGetValueW
ord437
wnsprintfW
PathUnquoteSpacesW
PathGetArgsW
ord460
SHDeleteEmptyKeyW
PathRemoveFileSpecW
PathFindFileNameW
StrCatBuffW
PathQuoteSpacesW
PathAppendW
StrCmpNIW
PathRemoveBlanksW
PathRemoveArgsW
StrStrIW
ord356
StrToIntW
SHRegGetBoolUSValueW
SHRegWriteUSValueW
SHRegCloseUSKey
SHRegCreateUSKeyW
SHRegGetUSValueW
ord194
ord244
ord241
ord236
ord279
PathCombineW
SHSetValueW
ord192
ord204
ord509
SHStrDupW
PathIsPrefixW
PathParseIconLocationW
AssocQueryKeyW
StrCatW
ord16
AssocQueryStringW
StrCmpW
ord174
ord548
ord165
ord240
ord163
ord479
ord9
ord8
SHRegQueryUSValueW
SHRegOpenUSKeyW
SHRegSetUSValueW
PathFindExtensionW
PathIsDirectoryW
ord292
StrChrW
ord250
PathFileExistsW
PathGetDriveNumberW
ord10
ord433
ord260
PathStripToRootW
ord478
ord184
SHOpenRegStream2W
ord212
StrCpyNW
ord213
ord158
StrDupW
SHDeleteValueW
SHDeleteKeyW

shell32

SHBindToParent
ord193
ord747
ord71
ord233
ord6
ord77
ord196
ord25
ord154
ord28
ord134
ord22
SHGetDesktopFolder
SHChangeNotify
SHAddToRecentDocs
ord127
ord21
ord102
DuplicateIcon
ord202
ord82
ord244
ord54
ord161
ord91
ord254
ord60
SHUpdateRecycleBinIcon
SHGetFolderLocation
SHGetPathFromIDListA
ord148
ord4
ord733
ord190
ord64
ord61
SHGetPathFromIDListW
ord753
ord16
ord18
ord2
ord644
ord645
ord137
ExtractIconExW
ord727
ord181
ord90
ord72
ord67
SHGetFolderPathW
ord162
SHGetSpecialFolderLocation
ord17
ord23
ord132
ord241
ord236
ord149
ord147
ord188
ord660
ord201
ord245
ord68
ord723
ord200
ord680
ord711
ord182
ord89
ord155
ord195
SHGetSpecialFolderPathW
ShellExecuteExW
ord653
ord85
ord100
ord732
ord731
ord719
ord152

ole32

CoUninitialize
CoCreateInstance
OleInitialize
CoRegisterClassObject
CoMarshalInterThreadInterfaceInStream
DoDragDrop
CoInitializeEx
OleUninitialize
RevokeDragDrop
RegisterDragDrop
CoFreeUnusedLibraries
CoRevokeClassObject

oleaut32

SysAllocString
VariantClear

browseui

ord135
ord106
ord107
ord118

shdocvw

ord110
ord111
ord125

uxtheme

GetThemeBackgroundContentRect
GetThemeBool
GetThemePartSize
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
SetWindowTheme
GetThemeTextExtent
DrawThemeText
IsAppThemed
GetThemeRect
GetThemeFont
GetThemeColor
GetThemeMargins
GetThemeBackgroundRegion
ord47

Sections

.text
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 713KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ani
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5b925ca6804c38ec66a83668750d1250

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

user32

ntdll

shlwapi

shell32

ole32

oleaut32

browseui

shdocvw

uxtheme

Sections

.text Size: 243KB - Virtual size: 242KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 713KB - Virtual size: 712KB

.reloc Size: 13KB - Virtual size: 13KB

.ani Size: 28KB - Virtual size: 28KB

.text
Size: 243KB - Virtual size: 242KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 713KB - Virtual size: 712KB

.reloc
Size: 13KB - Virtual size: 13KB

.ani
Size: 28KB - Virtual size: 28KB