5d137560eff69667fe3ad27da55188d4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5d137560eff69667fe3ad27da55188d4_JaffaCakes118
Size

80KB
MD5

5d137560eff69667fe3ad27da55188d4
SHA1

d452c264bb50b945234757f2ca062fec39f81b36
SHA256

b5652382f2b9d63240407e8eddc1a74e5e30750be5c4f4262135b75fae61571e
SHA512

290564454a6c384985ec22d31d307a261505e14009a8df9a534dfa22d2cc1b7102801a470fcf2b53dfb5247172d2b3847fbd4b582019614564f8ef95e7b099ad
SSDEEP

1536:SsZl6cqDdG/M3ZCHGJWaAcmIXHzhdTR6v+r3xmZlF524qpbj:SsH6cqcM3ZoIXTHTR6K3xmZ12xbj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d137560eff69667fe3ad27da55188d4_JaffaCakes118

Files

5d137560eff69667fe3ad27da55188d4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

89db13abc4fff8657306dbefca862423

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AddAce
BuildExplicitAccessWithNameA
GetServiceDisplayNameA
CryptHashSessionKey
CryptGetDefaultProviderW
GetOverlappedAccessResults
ReportEventA
UnlockServiceDatabase
InitializeSecurityDescriptor
RegisterServiceCtrlHandlerW
RegNotifyChangeKeyValue
GetNamedSecurityInfoA
RegSetValueA
GetEffectiveRightsFromAclW
SetServiceObjectSecurity
LookupPrivilegeValueW
SetFileSecurityA
RegEnumValueA
CryptDestroyHash
RegDeleteKeyW
ConvertAccessToSecurityDescriptorA
CryptCreateHash
BuildImpersonateTrusteeA
RegRestoreKeyW
SetSecurityDescriptorSacl
CryptVerifySignatureW
BuildTrusteeWithNameW
SetEntriesInAccessListW
OpenServiceW
RegConnectRegistryA
CryptGetProvParam
BuildSecurityDescriptorA
EnumServicesStatusW
MakeAbsoluteSD
RegSetValueW
RegReplaceKeyW
SetNamedSecurityInfoExA
SetTokenInformation
CryptAcquireContextW
BuildSecurityDescriptorW
DeleteService
CryptSetProviderA
LookupAccountSidA
BuildImpersonateTrusteeW
GetSecurityDescriptorOwner
SetSecurityDescriptorDacl
GetAclInformation
RegUnLoadKeyA
SetSecurityInfo
SetEntriesInAccessListA
OpenEventLogA
GetSidIdentifierAuthority
SetEntriesInAuditListW
GetSecurityDescriptorControl
CryptDuplicateHash
IsValidSecurityDescriptor
AddAccessAllowedAce
BuildTrusteeWithSidW
SetServiceBits
EnumDependentServicesA
ClearEventLogA
BuildExplicitAccessWithNameW
CreateServiceW
GetExplicitEntriesFromAclW
OpenBackupEventLogW
GetServiceDisplayNameW
OpenEventLogW
CreatePrivateObjectSecurity
CryptEnumProvidersA
CryptExportKey
IsValidSid
ObjectDeleteAuditAlarmA
ObjectDeleteAuditAlarmW
RegOpenKeyW
GetNamedSecurityInfoW
CryptReleaseContext
GetExplicitEntriesFromAclA
ChangeServiceConfigW
GetCurrentHwProfileW
ConvertSecurityDescriptorToAccessW
AdjustTokenGroups
RegQueryMultipleValuesA
PrivilegeCheck
RegCreateKeyW
EnumDependentServicesW
RegDeleteKeyA
RegOpenKeyA
StartServiceA
GetAccessPermissionsForObjectA
SetSecurityDescriptorOwner
GetMultipleTrusteeOperationA
CryptGetUserKey
RegEnumKeyExA
CryptSetProviderW
GetMultipleTrusteeW
GetPrivateObjectSecurity
RegSaveKeyW
GetUserNameA
OpenServiceA
AbortSystemShutdownW
MapGenericMask
CryptSignHashW
RegQueryInfoKeyA
RegSetKeySecurity
ImpersonateNamedPipeClient
RegDeleteValueA
RegReplaceKeyA
CryptAcquireContextA
TrusteeAccessToObjectW
CryptGenRandom
ImpersonateSelf
RegGetKeySecurity
SetNamedSecurityInfoExW
GetTrusteeNameW
InitiateSystemShutdownW
RegCreateKeyExW
GetSidLengthRequired
CryptSignHashA
RegQueryValueExW
ConvertSecurityDescriptorToAccessNamedA
RevertToSelf
GetSidSubAuthority
TrusteeAccessToObjectA
CryptEnumProvidersW
GetTrusteeTypeA
SetPrivateObjectSecurity
IsTextUnicode
ConvertSecurityDescriptorToAccessNamedW
CryptGetHashParam
FreeSid
GetSecurityDescriptorSacl
LookupSecurityDescriptorPartsA

shlwapi

PathCanonicalizeA
PathRemoveArgsW
UrlGetLocationA
UrlCreateFromPathA
SHStrDupA
StrIsIntlEqualW
PathFindExtensionW
UrlCreateFromPathW
PathSkipRootA
SHRegGetBoolUSValueA
PathMakePrettyW
SHRegOpenUSKeyA
StrCmpNA
ChrCmpIA
PathUnquoteSpacesW
PathCommonPrefixW
StrFormatByteSizeW
UrlUnescapeA
PathIsUNCServerW
PathStripToRootA
ColorAdjustLuma
UrlIsNoHistoryA
SHRegOpenUSKeyW
SHRegCloseUSKey
UrlIsOpaqueA
SHEnumKeyExA
SHOpenRegStreamA
SHRegEnumUSKeyW
SHRegGetUSValueW
ChrCmpIW
StrCmpNIA
StrSpnW
PathRelativePathToW
PathCompactPathExA
StrCpyNW
PathRemoveBlanksW
StrTrimA
PathRemoveExtensionW
AssocQueryKeyA
PathIsSameRootW
HashData
StrFromTimeIntervalW
SHSetThreadRef
StrFromTimeIntervalA
PathIsNetworkPathA
PathCombineW
PathParseIconLocationW
PathMatchSpecW
SHRegQueryInfoUSKeyW
PathFindNextComponentA
PathQuoteSpacesW
ColorRGBToHLS
PathUnmakeSystemFolderA
wvnsprintfA
SHRegSetUSValueA
StrRetToBufW
StrTrimW
PathMakePrettyA
PathAppendW
SHRegSetUSValueW
StrStrIW
PathCompactPathA
PathParseIconLocationA
StrNCatA
StrRChrW
StrCatBuffW
SHCreateStreamOnFileA
PathIsLFNFileSpecA
StrFormatKBSizeA
SHRegCreateUSKeyA
PathRemoveBlanksA
StrCmpNW
PathIsUNCA
UrlHashW
PathIsDirectoryW
SHGetValueA
PathRemoveArgsA
SHSkipJunction
PathIsContentTypeA
UrlEscapeA
StrStrA
StrRStrIA
UrlIsA
SHRegGetUSValueA
PathIsSystemFolderW
PathFindFileNameA
PathIsFileSpecW
SHGetInverseCMAP
UrlIsOpaqueW
PathGetDriveNumberA
SHRegQueryInfoUSKeyA
StrCmpW
StrCmpIW
SHIsLowMemoryMachine
StrRetToStrW
PathRemoveFileSpecA
StrStrW
SHRegGetBoolUSValueW
StrRChrA
UrlIsW
UrlGetPartW
UrlCombineW
PathSearchAndQualifyW
SHCopyKeyW
UrlIsNoHistoryW
PathMatchSpecA
SHRegQueryUSValueW

user32

DrawIconEx
GetMenuDefaultItem
LoadStringW
SetClipboardViewer
WindowFromDC
ChangeMenuA
GetUpdateRgn
SetKeyboardState
GetActiveWindow
SetThreadDesktop
ShowCaret
InsertMenuA
GetAncestor
CallMsgFilter
MonitorFromRect
GetSystemMenu
UnregisterDeviceNotification
GetDlgItemInt
MapWindowPoints
GetParent
SetMenuDefaultItem
RegisterWindowMessageW
PostThreadMessageA
ValidateRgn
EnumDesktopsW
GetMonitorInfoW
DdeFreeStringHandle
GetDlgItemTextA
DestroyCursor
MapVirtualKeyW
InvalidateRgn
LoadCursorFromFileA
DdeSetQualityOfService
EnumWindows
GetTitleBarInfo
DdeCmpStringHandles
GetMessageTime
SetDlgItemTextW
DefDlgProcW
GetAltTabInfo
DrawMenuBar
GetComboBoxInfo
EnumDisplaySettingsA
MessageBoxW
IsWindowVisible
DefWindowProcA
GetGUIThreadInfo
IntersectRect
UnregisterHotKey
DialogBoxParamA
GetClassLongW
DrawTextW
OemKeyScan
GetSystemMetrics
SetWindowContextHelpId
LoadIconA
MessageBoxA
FindWindowW
DdeQueryStringW
CallWindowProcW
CheckDlgButton
BringWindowToTop
CharToOemBuffA
CreatePopupMenu
CloseWindowStation
IsCharUpperA
CascadeWindows
InvertRect
GetMonitorInfoA
ClientToScreen
GetClipboardFormatNameA
SetMessageQueue
LookupIconIdFromDirectoryEx
SetWindowRgn
IsDialogMessage
OemToCharA
DdeAddData
ShowWindow
SetWindowLongA
CreateAcceleratorTableA
RegisterClipboardFormatW
CountClipboardFormats
ChangeMenuW
SetRect
GetScrollBarInfo
LoadImageA
DdeUnaccessData
GetMenu
IsWindow
GetMenuItemInfoW
RemovePropW
GetMessageA
GetMenuStringW
OpenDesktopW
SetWindowsHookW
EditWndProc
CreateDesktopA
GetScrollRange
FrameRect
EnumPropsExW
RemovePropA
GetWindow
DdeQueryNextServer
GetClipboardData
GetWindowRgn

ole32

StgGetIFillLockBytesOnILockBytes
StgIsStorageFile
OleCreateLinkFromData
StgSetTimes
CoResumeClassObjects
OleDoAutoConvert
CoMarshalInterThreadInterfaceInStream
OleSetMenuDescriptor
OleSaveToStream
GetRunningObjectTable
CreateItemMoniker
StgOpenStorage
CreateDataCache
OleConvertOLESTREAMToIStorageEx
UtGetDvtd32Info
StringFromCLSID
MonikerRelativePathTo
OleSetClipboard
CoTaskMemFree
CoRegisterClassObject
OleGetClipboard
OleCreateFromFile
OleLockRunning
CoGetInstanceFromIStorage
OleCreateMenuDescriptor
OleTranslateAccelerator
OleCreateStaticFromData
OleCreateFromDataEx
CoBuildVersion
StringFromIID
OleCreate
ReadFmtUserTypeStg
CoMarshalHresult
OleCreateDefaultHandler
CoGetMarshalSizeMax
CoDosDateTimeToFileTime
PropVariantClear
GetHookInterface
OleQueryLinkFromData
OleRegGetMiscStatus
OleQueryCreateFromData
CoUnmarshalHresult
CreateBindCtx
SetDocumentBitStg
CoFreeLibrary
CreateStreamOnHGlobal
CoQueryAuthenticationServices
OleGetAutoConvert
WriteOleStg
CoCreateInstanceEx
CoSetProxyBlanket
OleGetIconOfFile
OleCreateLink
CoCreateGuid
CoReleaseServerProcess
OleLoad
CoGetObject
CoInitializeEx
CreateOleAdviseHolder
WriteClassStg
OleIsCurrentClipboard
OleRegGetUserType
CreateGenericComposite
BindMoniker
StgGetIFillLockBytesOnFile
GetConvertStg
CoSwitchCallContext
CoGetStandardMarshal
CoRevokeClassObject
CoCreateInstance
CoInitializeSecurity
GetDocumentBitStg
OleConvertIStorageToOLESTREAM
IsEqualGUID
CoGetInstanceFromFile
OleCreateLinkToFile
SetConvertStg
OleDestroyMenuDescriptor
CreateObjrefMoniker
CLSIDFromString
CreateDataAdviseHolder
OleLoadFromStream
OleConvertIStorageToOLESTREAMEx
OleUninitialize
OleCreateLinkToFileEx
UtConvertDvtd16toDvtd32
CreatePointerMoniker
ReadOleStg
RegisterDragDrop
WriteClassStm
IIDFromString
GetHGlobalFromStream
OleFlushClipboard
CoInitialize
OleSetAutoConvert
CoImpersonateClient
CoFreeUnusedLibraries
OleCreateFromData
CoQueryProxyBlanket
DoDragDrop
OleGetIconOfClass
CoRevokeMallocSpy
ProgIDFromCLSID
CoFileTimeNow
CoQueryReleaseObject
MonikerCommonPrefixWith

kernel32

GetConsoleTitleW
FindNextFileA
SetConsoleWindowInfo
GlobalDeleteAtom
GetProcessShutdownParameters
HeapWalk
CreateWaitableTimerW
FindNextFileW
LCMapStringW
Sleep
VerLanguageNameW
FormatMessageW
QueryPerformanceFrequency
Module32First
GetShortPathNameA
DuplicateHandle
lstrlen
PeekConsoleInputA
SetStdHandle
WriteProfileSectionA
SetThreadExecutionState
GetLocaleInfoW
EnumDateFormatsW
GetTempPathW
EnumResourceNamesW
lstrlenA
SignalObjectAndWait
ReadConsoleW
GlobalLock
TlsFree
lstrcpynA
GetStringTypeExA
EraseTape
SizeofResource
WriteFileEx
lstrcmpA
GetVersionExW
CreateNamedPipeW
GetProcessHeap
CancelIo
FindFirstChangeNotificationW
VirtualAlloc
GetConsoleTitleA
LoadLibraryW
FlushFileBuffers
TerminateProcess
SetLocaleInfoW
GetFullPathNameA
FindFirstFileW
FindFirstFileA
GlobalUnWire
IsBadCodePtr
HeapDestroy
GetCurrentDirectoryW
GetCommMask
WriteConsoleW
GetPriorityClass
MoveFileExW
SetMessageWaitingIndicator
TlsSetValue
GlobalSize
LocalFree
PurgeComm
WaitForMultipleObjects
FindAtomA
ReadConsoleInputA
GetStdHandle
CreateMailslotA
GetFileAttributesExA
lstrcpy
SetMailslotInfo
IsBadReadPtr
GetDiskFreeSpaceExW
CancelWaitableTimer
DebugBreak
EnumTimeFormatsW
GetVersionExA
Heap32First
lstrcpynW
FindResourceExW
CopyFileExA
GetCompressedFileSizeA
FreeConsole
SetSystemPowerState
TlsAlloc
GetFileTime
SetThreadAffinityMask
SetUnhandledExceptionFilter
FindClose
SetDefaultCommConfigW
OpenEventW
SetProcessWorkingSetSize
lstrcmpiA
WriteConsoleOutputAttribute
ClearCommError
Beep
SetCalendarInfoA
GetConsoleMode
OpenMutexW
Toolhelp32ReadProcessMemory
SetEvent
GetNamedPipeHandleStateA
GlobalWire
WaitNamedPipeW
UnlockFileEx
Thread32Next
EndUpdateResourceA
GlobalUnfix
GetProfileIntA
FindFirstChangeNotificationA
TlsGetValue
SetComputerNameW
GetACP
LCMapStringA
IsBadHugeReadPtr
GetProcessTimes
CommConfigDialogW
PeekConsoleInputW
ReadFile
SetVolumeLabelW
SetLastError
IsValidLocale
LocalLock
FreeLibraryAndExitThread
GetSystemDirectoryW
IsDBCSLeadByte
ReadConsoleInputW
WriteConsoleOutputCharacterA
UnlockFile
WriteFileGather
GetEnvironmentVariableW
GetProfileIntW
IsBadStringPtrA
ReadConsoleOutputCharacterW
ReadFileScatter
VirtualProtect

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 279B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

89db13abc4fff8657306dbefca862423

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

user32

ole32

kernel32

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 279B

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 279B