5b552f13d2c07250181b0adac25d72eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5b552f13d2c07250181b0adac25d72eb_JaffaCakes118
Size

89KB
MD5

5b552f13d2c07250181b0adac25d72eb
SHA1

9ca530cc313ee2a16e9e9ac67b3148f9d202d307
SHA256

da3a48af382a722d591c06af742adf745286b22ab2590f74333d195ac9913db2
SHA512

7785ff875f8f7e6cda337aae5ec78edf4dca746745b61297de6b6ee339d674983882cae5cdae36cf43e9e9b9989951fddf2faa83d6af5d2e6f14d69c6b29f731
SSDEEP

1536:Z+namc8mONr+RHHZW8CXels0QuQ0dJf5TUEwePpPlEW0+6xt9Z:AI8td+RnZumQb0rf2xeR+B+6xt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b552f13d2c07250181b0adac25d72eb_JaffaCakes118

Files

5b552f13d2c07250181b0adac25d72eb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

923f063270fd3451d6ab79e00c818432

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

DoDragDrop
CreateDataAdviseHolder
GetHGlobalFromILockBytes
UtGetDvtd32Info
StringFromGUID2
OleCreateFromDataEx
OleMetafilePictFromIconAndLabel
MkParseDisplayName
CoGetMalloc
CoCreateInstanceEx
OleLockRunning
OleDraw
OleCreateDefaultHandler
CoRevertToSelf
StgIsStorageILockBytes
MonikerRelativePathTo
CoGetCurrentProcess
CreateBindCtx
IsAccelerator
StgCreateDocfileOnILockBytes
CoFreeUnusedLibraries
OleGetAutoConvert
GetClassFile
CreateGenericComposite
FreePropVariantArray
DllDebugObjectRPCHook
OleCreateLinkEx
CreateStreamOnHGlobal
CoResumeClassObjects
OleConvertOLESTREAMToIStorageEx
CoReleaseServerProcess
CoImpersonateClient
CoUnmarshalHresult
OleRegEnumVerbs
SetDocumentBitStg
CoQueryClientBlanket
CoFreeLibrary
CoFreeAllLibraries
CoRegisterMallocSpy
EnableHookObject
StringFromIID
OleRun
OleDoAutoConvert
OleCreate
MonikerCommonPrefixWith
OleCreateLink
WriteFmtUserTypeStg
StgIsStorageFile
OleCreateLinkFromData
OleRegGetUserType
OleRegEnumFormatEtc
GetDocumentBitStg
ReadClassStg
PropVariantCopy
CreateILockBytesOnHGlobal
CreateObjrefMoniker
OleLoadFromStream
CreateAntiMoniker
ProgIDFromCLSID
CoGetPSClsid
ReadStringStream
OleInitialize
CoGetStandardMarshal
OleGetIconOfClass
IsEqualGUID
CoGetClassObject
CoTaskMemFree
CoIsHandlerConnected
OleFlushClipboard
CoSwitchCallContext
CoTreatAsClass
OleSave
CoIsOle1Class
RegisterDragDrop
CreateOleAdviseHolder
CoMarshalInterThreadInterfaceInStream
GetConvertStg
UtConvertDvtd16toDvtd32
CoAddRefServerProcess
CoBuildVersion
StgOpenStorage
CoTaskMemAlloc
CoLoadLibrary
CreateDataCache
UtGetDvtd16Info
OleNoteObjectVisible
StringFromCLSID
OleDestroyMenuDescriptor
ReadFmtUserTypeStg
StgGetIFillLockBytesOnFile
StgOpenStorageEx
CreatePointerMoniker
OleSetClipboard

advapi32

AllocateAndInitializeSid
SetEntriesInAclW
ReadEventLogA
StartServiceW
ObjectDeleteAuditAlarmA
AddAccessAllowedAce
ImpersonateNamedPipeClient
CryptDecrypt
TrusteeAccessToObjectA
OpenThreadToken
BackupEventLogW
DuplicateToken
LookupAccountNameW
RegCreateKeyW
AdjustTokenGroups
GetMultipleTrusteeW
RegQueryMultipleValuesA
AddAccessDeniedAce
SetThreadToken
EnumDependentServicesA
CryptSignHashW
SetEntriesInAuditListA
GetNamedSecurityInfoExW
GetServiceKeyNameA
OpenEventLogW
GetSecurityDescriptorControl
OpenSCManagerW
LookupSecurityDescriptorPartsA
SetAclInformation
ConvertSecurityDescriptorToAccessNamedW
CryptEncrypt
StartServiceA
CryptSetProviderA
RegReplaceKeyA
ObjectOpenAuditAlarmA
ImpersonateSelf
IsValidAcl
SetEntriesInAclA
CryptHashData
CryptGetProvParam
RegDeleteValueW
CryptSetHashParam
BuildImpersonateTrusteeA
ObjectOpenAuditAlarmW
CreateServiceW
SetEntriesInAuditListW
OpenServiceW
ReportEventA
CryptEnumProviderTypesA
DeleteAce
LogonUserA
GetSecurityInfoExW
NotifyBootConfigStatus
GetServiceKeyNameW
CryptSetKeyParam
AddAuditAccessAce
ConvertAccessToSecurityDescriptorW
RegGetKeySecurity
RegLoadKeyW
RegDeleteValueA
RegSetValueW
RegSaveKeyA
RegOpenKeyW
CreateServiceA
LookupSecurityDescriptorPartsW
GetServiceDisplayNameA
RegNotifyChangeKeyValue
CryptDestroyHash
GetTrusteeNameW
ReadEventLogW
CreateProcessAsUserW
RegQueryValueW
RegQueryValueExA
RegisterServiceCtrlHandlerW
QueryServiceLockStatusA
GetSecurityDescriptorOwner
LogonUserW
ChangeServiceConfigW
RegEnumValueA
RegisterEventSourceW
SetNamedSecurityInfoExW
ObjectDeleteAuditAlarmW
CryptDuplicateHash
QueryServiceConfigW
QueryServiceLockStatusW
CryptHashSessionKey
RegEnumValueW
BuildSecurityDescriptorW
SetFileSecurityA
RegCloseKey
CryptDeriveKey
ReportEventW
RegCreateKeyExA
TrusteeAccessToObjectW
StartServiceCtrlDispatcherW
SetSecurityInfoExW
BuildExplicitAccessWithNameA
AreAllAccessesGranted
SetServiceBits
CreatePrivateObjectSecurity
CryptGenRandom
PrivilegedServiceAuditAlarmA
OpenServiceA
GetSecurityDescriptorDacl
GetCurrentHwProfileW
CryptAcquireContextW
GetKernelObjectSecurity
SetTokenInformation
RegCreateKeyExW
CloseEventLog
SetSecurityDescriptorOwner
AbortSystemShutdownA
CryptReleaseContext
QueryServiceObjectSecurity
ObjectPrivilegeAuditAlarmW
LookupAccountSidW

user32

EnableWindow
SetSysColors
CloseClipboard
AttachThreadInput
DdeUninitialize
DdeQueryStringW
SetWindowsHookExA
LoadKeyboardLayoutA
SetWindowLongA
GetComboBoxInfo
ReuseDDElParam
InternalGetWindowText
LookupIconIdFromDirectory
GetMonitorInfoA
WaitMessage
ImpersonateDdeClientWindow
DdeEnableCallback
MessageBoxIndirectW
GetClipboardSequenceNumber
DeferWindowPos
GetMenuStringW
SetMenuItemInfoW
GetKeyboardType
SendMessageTimeoutA
EnumChildWindows
GetKBCodePage
DefDlgProcA
SendNotifyMessageA
CreateDesktopA
BroadcastSystemMessageW
IsZoomed
SetPropA
DdeConnect
CreateCursor
GetForegroundWindow
ReplyMessage
SetParent
DdeCmpStringHandles
LoadStringW
VkKeyScanExA
MessageBoxExA
GetClassWord
EnumWindowStationsA
SetWinEventHook
SetUserObjectInformationW
SwitchToThisWindow
DrawTextW
CreatePopupMenu
LoadCursorFromFileA
RedrawWindow
NotifyWinEvent
GrayStringA
GetClipboardFormatNameW
CountClipboardFormats
DialogBoxParamW
ScrollDC
GetMessageExtraInfo
GetPropA
CheckMenuRadioItem
DrawAnimatedRects
GetDlgItemTextW
GetNextDlgTabItem
GetScrollRange
BlockInput
GetWindow
SendNotifyMessageW
RegisterClipboardFormatW
RealGetWindowClass
MapVirtualKeyW
GetWindowLongA
UpdateWindow
DdeQueryStringA
GetQueueStatus
OemToCharBuffA
ReleaseCapture
GetMessageA
PackDDElParam
DestroyCaret
EnumDisplaySettingsExA
CallMsgFilterA
SetKeyboardState
MsgWaitForMultipleObjects
SetScrollPos
SwitchDesktop
DdeSetQualityOfService
GetGuiResources
EnumDisplaySettingsA
SetWindowWord
DrawFrame
SetDebugErrorLevel
PtInRect
EnumDisplaySettingsW
CallMsgFilterW
DlgDirListComboBoxW
SetMenu
OemToCharW
InvalidateRgn
CallWindowProcA
SetDoubleClickTime
ScreenToClient
GetInputDesktop
GetThreadDesktop
DefMDIChildProcW
RemovePropW
GetKeyboardLayoutNameW
GetMonitorInfoW
DdeKeepStringHandle
SystemParametersInfoW
CreateWindowExW
DrawStateA
GetKeyboardState
GetScrollInfo
CopyIcon
GetWindowThreadProcessId
UnregisterDeviceNotification
CreateWindowStationW
GetUpdateRect
DdeFreeStringHandle
FindWindowExA
DragDetect
GetMenuItemID
RegisterDeviceNotificationA
InsertMenuItemA
CharLowerA
GetMenuItemInfoW
MapVirtualKeyA
SetWindowPlacement
CloseWindow
SetMenuItemBitmaps
IsWindowEnabled

kernel32

IsBadReadPtr
GetTempPathA
EnumCalendarInfoA
SetConsoleTextAttribute
FillConsoleOutputAttribute
HeapCompact
IsBadHugeReadPtr
LocalUnlock
SetErrorMode
GetLogicalDrives
Module32First
QueryPerformanceCounter
GetDefaultCommConfigW
PostQueuedCompletionStatus
ResetEvent
ReadConsoleW
GetStdHandle
GetDriveTypeW
LockFileEx
SetLocalTime
FlushConsoleInputBuffer
GetQueuedCompletionStatus
WritePrivateProfileStructA
GetProfileIntW
EraseTape
DisableThreadLibraryCalls
SetHandleInformation
GetTimeZoneInformation
ConnectNamedPipe
FindFirstFileA
GetTickCount
SetThreadContext
WinExec
Beep
LocalFileTimeToFileTime
WriteConsoleOutputAttribute
LoadLibraryExW
EnumResourceLanguagesA
SetCommState
GetConsoleMode
Heap32ListNext
LocalSize
SetLocaleInfoW
EnumSystemLocalesA
GetFileType
VirtualProtect
VirtualAlloc
EnumSystemCodePagesA
GetStringTypeA
GetSystemTime
LCMapStringW
SetUnhandledExceptionFilter
FillConsoleOutputCharacterW
WaitNamedPipeA
LocalAlloc
InitAtomTable
GetFullPathNameW
GetProcessWorkingSetSize
OutputDebugStringA
CreateEventW
CreateMailslotW
lstrcatW
FindFirstChangeNotificationW
GetThreadPriorityBoost
lstrcat
CopyFileW
GetEnvironmentVariableW
SetComputerNameW
GetTempFileNameW
WriteConsoleW
GetCommState
HeapDestroy
OpenSemaphoreA
PulseEvent
GetEnvironmentVariableA
WriteConsoleOutputW
CreateRemoteThread
GetTapePosition
Process32First
IsBadStringPtrA
GetFullPathNameA
lstrcpynA
SetTimeZoneInformation
ClearCommBreak
GetSystemInfo
SwitchToFiber
GetCPInfo
FileTimeToSystemTime
FlushFileBuffers
lstrlenA
Thread32Next
CreateDirectoryExA
CallNamedPipeA
ScrollConsoleScreenBufferA
UpdateResourceW
LoadLibraryExA
SetConsoleActiveScreenBuffer
GetVersion
GetBinaryTypeW
GetCurrentDirectoryA
VerLanguageNameW
SetVolumeLabelW
CreateFileW
ReadFileScatter
FreeEnvironmentStringsW
lstrcmpiA
WritePrivateProfileSectionA
GetLocaleInfoA
EnumDateFormatsExW
GetTimeFormatW
CreateFiber
SizeofResource
HeapUnlock
SignalObjectAndWait
GetPrivateProfileSectionNamesW
ConvertThreadToFiber
GetWindowsDirectoryA
OpenWaitableTimerA
SetMailslotInfo
TlsGetValue
ReadConsoleOutputCharacterA
GetCommandLineW
BuildCommDCBW
GetOverlappedResult
GetThreadTimes
GetCompressedFileSizeA
QueueUserAPC
DeleteAtom
GetCommTimeouts
SetThreadExecutionState
UnlockFileEx
GetPrivateProfileIntW

shlwapi

PathRemoveExtensionW
PathIsContentTypeW
UrlCanonicalizeA
PathUnmakeSystemFolderW
PathBuildRootA
StrChrA
SHOpenRegStreamA
PathIsFileSpecA
StrCmpNIW
SHCreateShellPalette
PathRenameExtensionW
PathIsContentTypeA
StrRetToStrA
StrCSpnA
PathIsRelativeW
StrRetToBufA
StrSpnW
AssocQueryStringW
PathAddBackslashW
StrRChrA
PathStripToRootW
SHRegDeleteEmptyUSKeyA
PathGetArgsW
PathIsSameRootA
PathCreateFromUrlA
PathIsSystemFolderA
PathSetDlgItemPathA
PathIsDirectoryEmptyA
SHCopyKeyA
StrCSpnIW
PathSkipRootW
GetMenuPosFromID
SHRegWriteUSValueA
StrCSpnIA
SHRegEnumUSValueA
PathIsDirectoryW
SHEnumKeyExW
PathSearchAndQualifyW
ChrCmpIW
PathSkipRootA
StrDupW
SHRegWriteUSValueW
SHRegGetBoolUSValueA
PathIsLFNFileSpecW
UrlEscapeA
SHStrDupW
StrDupA
ColorAdjustLuma
StrPBrkW
PathBuildRootW
IntlStrEqWorkerA
PathMakeSystemFolderA
UrlCreateFromPathW
wnsprintfW
wvnsprintfW
SHRegQueryInfoUSKeyA
SHRegQueryUSValueA
UrlIsA
StrChrIW
StrPBrkA
PathFindNextComponentW
StrCSpnW
PathCompactPathA
PathCompactPathW
StrCmpNW
PathIsURLW
PathIsSameRootW
SHQueryValueExA
StrToIntExW
wnsprintfA
SHDeleteEmptyKeyA
SHSetValueW
PathFindExtensionW
StrFormatByteSizeA
SHQueryValueExW
PathAddExtensionA
SHRegGetBoolUSValueW
PathGetDriveNumberW
PathQuoteSpacesW
PathCombineA
SHSetValueA
StrStrW
UrlIsNoHistoryW
StrCmpNIA
StrCpyNW
StrChrW
SHRegGetUSValueW
SHRegEnumUSKeyA
PathRemoveExtensionA
PathRelativePathToW
SHQueryInfoKeyA
PathRemoveFileSpecA
PathStripPathA
PathStripPathW
UrlEscapeW
PathIsRootW
PathAddExtensionW
PathIsPrefixA
ChrCmpIA
UrlIsOpaqueA
PathAppendA
SHQueryInfoKeyW
PathGetArgsA
SHRegDuplicateHKey
PathIsUNCA
PathRelativePathToA
PathMakePrettyA
HashData
PathRemoveBlanksW
StrIsIntlEqualA
AssocQueryStringByKeyA
PathFileExistsA

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nah
Size: 1024B - Virtual size: 645B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nah
Size: 1024B - Virtual size: 653B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cpp
Size: 661B - Virtual size: 661B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

923f063270fd3451d6ab79e00c818432

Headers

DLL Characteristics

File Characteristics

Imports

ole32

advapi32

user32

kernel32

shlwapi

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 4KB

.nah Size: 1024B - Virtual size: 645B

.nah Size: 1024B - Virtual size: 653B

.cpp Size: 661B - Virtual size: 661B

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 4KB

.nah
Size: 1024B - Virtual size: 645B

.nah
Size: 1024B - Virtual size: 653B

.cpp
Size: 661B - Virtual size: 661B