5e3e4d8ae797da7184bdb0a7b14f0845_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e3e4d8ae797da7184bdb0a7b14f0845_JaffaCakes118
Size

79KB
MD5

5e3e4d8ae797da7184bdb0a7b14f0845
SHA1

ad4351a299a2bd3a091858336a568aa9cccb8f3b
SHA256

a3c14cfcc662584843db66f96c06234251c65c017f570f8bd37ac0267ac629c5
SHA512

6bc283f2d6f66e211b275069112c1f44552160e6da1baaaf8ce2342a404c9bd3c6c6cc1b78dbb0ed604074e9993262b2b4df9290a13bdb6db7af519c00113a50
SSDEEP

1536:0z2S7kk0+fx8AxWC4e3br+13wUbZ0VtyaMw2RKUz40zffIxevNb9:0z2S7kc8AIVf7WVUjN8Uz40zffqeFb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e3e4d8ae797da7184bdb0a7b14f0845_JaffaCakes118

Files

5e3e4d8ae797da7184bdb0a7b14f0845_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2925339d68d36cc978c707bb311067e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CreateDataCache
GetHGlobalFromStream
CoMarshalInterface
DoDragDrop
CoQueryReleaseObject
StgOpenStorageEx
GetHookInterface
RegisterDragDrop
OleInitialize
OleSetClipboard
EnableHookObject
CreateBindCtx
StringFromCLSID
CoInitializeEx
CoGetMarshalSizeMax
OleSetContainedObject
OleRun
OleConvertOLESTREAMToIStorage
CoLoadLibrary
OleGetIconOfFile
IsAccelerator
OleCreateFromDataEx
CreateStreamOnHGlobal
IIDFromString
CoDosDateTimeToFileTime
CoTaskMemAlloc
CoGetCallContext
CoTreatAsClass
StgGetIFillLockBytesOnILockBytes
PropVariantCopy
SetConvertStg
OleCreateDefaultHandler
GetConvertStg
OleConvertIStorageToOLESTREAMEx
CoReleaseMarshalData
CoGetInstanceFromIStorage
CoRegisterChannelHook
CoIsOle1Class
OleRegGetMiscStatus
ReadOleStg
CoInitializeSecurity
WriteStringStream
CLSIDFromString
CoSwitchCallContext
OleNoteObjectVisible
GetHGlobalFromILockBytes
CoTaskMemRealloc
CoUnmarshalInterface
OleCreateLinkFromDataEx
StgOpenStorage
OleCreateStaticFromData
CoInitialize
CoGetStandardMarshal
CoCreateInstance
ReadClassStm
ProgIDFromCLSID
CoRevokeClassObject
OleIsCurrentClipboard
OleTranslateAccelerator
ReadFmtUserTypeStg
OleCreateLinkToFile
StgSetTimes
OleBuildVersion
CoQueryClientBlanket
CoRegisterClassObject
CoGetObject
OleCreateLink
CoRegisterPSClsid
WriteClassStm
UtGetDvtd32Info
StringFromIID
StringFromGUID2
UtGetDvtd16Info
CreateOleAdviseHolder
OleConvertIStorageToOLESTREAM
CreateClassMoniker
CoSetProxyBlanket
OleGetClipboard
OleLockRunning
StgIsStorageFile
CoFileTimeNow
OleSave
UtConvertDvtd32toDvtd16

kernel32

OutputDebugStringW
OpenProcess
GlobalHandle
SetThreadPriority
GetLongPathNameW
GetProcessShutdownParameters
SetCalendarInfoA
Beep
RemoveDirectoryW
MapViewOfFileEx
GetShortPathNameA
GetTapePosition
LocalReAlloc
FindFirstFileW
ScrollConsoleScreenBufferW
VirtualProtect
EnumResourceNamesA
SetFileApisToOEM
RaiseException
CancelWaitableTimer
GetMailslotInfo
QueryPerformanceCounter
SetDefaultCommConfigA
LocalSize
GetDiskFreeSpaceExA
FindFirstFileExA
ReadConsoleOutputA
CreateDirectoryExA
GetLongPathNameA
CreateDirectoryW
GetEnvironmentVariableA
WritePrivateProfileStructW
DuplicateHandle
TlsAlloc
GetPrivateProfileStringW
TlsGetValue
OpenWaitableTimerA
UnmapViewOfFile
WritePrivateProfileStringA
GetNumberFormatA
SleepEx
ReadConsoleOutputW
GetCurrentDirectoryA
GetFileAttributesExA
CreateToolhelp32Snapshot
GetExitCodeThread
GetProcessTimes
SetConsoleTitleA
FindFirstChangeNotificationA
lstrcpyW
ReleaseSemaphore
GetCurrentThread
CreateDirectoryExW
SetCommState
SetStdHandle
ScrollConsoleScreenBufferA
GetTempFileNameW
GlobalDeleteAtom
GetThreadPriorityBoost
SetFilePointer
IsBadWritePtr
DebugActiveProcess
CreatePipe
SetConsoleTitleW
CommConfigDialogA
SetConsoleWindowInfo
GlobalFix
GlobalUnfix
HeapLock
WriteProcessMemory
ReadConsoleOutputAttribute
GetAtomNameW
GetCPInfo
CopyFileW
WinExec
SetConsoleTextAttribute
GetModuleFileNameW
CreateThread
WriteConsoleW
CreateSemaphoreW
GetVersionExA
SetCurrentDirectoryW
SetEvent
VirtualQuery
EnumTimeFormatsW
EnumResourceLanguagesA
BuildCommDCBAndTimeoutsW
VerLanguageNameW
GetEnvironmentVariableW
SetLocalTime
CreateMailslotA
CreateFiber
GlobalFlags
IsBadStringPtrA
MapViewOfFile
EnumResourceTypesW
GetNamedPipeInfo
SystemTimeToTzSpecificLocalTime
FindResourceExW
LCMapStringW
ReadConsoleOutputCharacterW
ReadConsoleOutputCharacterA
SetDefaultCommConfigW
GetNamedPipeHandleStateA
GetCurrencyFormatW
GetACP
GetProfileIntA
GetPrivateProfileSectionW
VirtualProtectEx
Heap32ListFirst
ConnectNamedPipe
ReadProcessMemory
GetBinaryTypeA
LocalHandle
SetThreadPriorityBoost
lstrcmpW
WritePrivateProfileSectionA
SetFileAttributesA
GetThreadLocale
FreeLibrary
Module32Next
VirtualAlloc

advapi32

CryptContextAddRef
CryptGetDefaultProviderA
GetTrusteeTypeA
OpenSCManagerA
LookupPrivilegeValueA
LookupPrivilegeDisplayNameA
NotifyChangeEventLog
CryptSetProviderA
OpenProcessToken
RegOpenKeyExW
SetServiceStatus
RegEnumKeyW
RegReplaceKeyW
RegConnectRegistryA
CryptDuplicateKey
CloseEventLog
ReportEventW
GetCurrentHwProfileA
TrusteeAccessToObjectW
ReadEventLogA
CopySid
CryptAcquireContextA
GetSecurityDescriptorOwner
BuildTrusteeWithSidA
CreateProcessAsUserW
OpenSCManagerW
GetTokenInformation
GetNumberOfEventLogRecords
CryptReleaseContext
CryptSetProviderExA
ObjectOpenAuditAlarmW
RegisterEventSourceW
RevertToSelf
GetAuditedPermissionsFromAclW
GetAuditedPermissionsFromAclA
CryptSetProviderW
RegSetValueExA
BuildImpersonateTrusteeW
SetSecurityInfo
GetSecurityDescriptorSacl
AccessCheckAndAuditAlarmA
SetEntriesInAuditListW
CryptImportKey
CryptDuplicateHash
GetNamedSecurityInfoA
BackupEventLogW
ConvertSecurityDescriptorToAccessNamedW
RegFlushKey
AbortSystemShutdownW
RegRestoreKeyA
GetSecurityDescriptorDacl
PrivilegeCheck
CryptCreateHash
CryptSetProviderExW
CryptAcquireContextW
GetTrusteeNameW
PrivilegedServiceAuditAlarmA
CryptEnumProviderTypesA
GetSecurityInfoExW
GetExplicitEntriesFromAclA
StartServiceA
GetServiceKeyNameA
SetNamedSecurityInfoExA
RegSetValueW
RegGetKeySecurity
RegisterEventSourceA
CryptSetKeyParam
GetFileSecurityA
GetSecurityDescriptorLength
GetMultipleTrusteeOperationA
CryptDestroyHash
StartServiceCtrlDispatcherA
AdjustTokenGroups
CreateServiceA
CryptSignHashA
SetServiceObjectSecurity
SetSecurityDescriptorOwner
AccessCheck
CryptDestroyKey
LookupSecurityDescriptorPartsA
RegDeleteKeyA
GetKernelObjectSecurity
RegOpenKeyExA
SetSecurityDescriptorDacl
GetPrivateObjectSecurity
RegSetKeySecurity
CryptGenRandom
CryptDecrypt
SetAclInformation
CryptEnumProvidersA
OpenServiceW
SetTokenInformation
ConvertAccessToSecurityDescriptorA
ObjectDeleteAuditAlarmW
SetEntriesInAclA
LookupPrivilegeValueW
DeregisterEventSource
SetSecurityDescriptorSacl
CryptHashData
ConvertSecurityDescriptorToAccessNamedA
LockServiceDatabase
IsValidSecurityDescriptor
GetMultipleTrusteeW
RegDeleteValueA
CryptVerifySignatureA

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2925339d68d36cc978c707bb311067e1

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

advapi32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 320B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 320B