838514a667fc48f35d88d5dc9a33b21c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

838514a667fc48f35d88d5dc9a33b21c_JaffaCakes118
Size

78KB
MD5

838514a667fc48f35d88d5dc9a33b21c
SHA1

d024c3db06f818a027df15d30a04e17ddf8e8d63
SHA256

8613ce5d3fafb6e6a83d099a8f6d35203d500e2bad6a69d5e526c9b72a0c82e7
SHA512

d0442d4f6f294991e86c8c8044085656d7023fb0b951660b6c79a7c6f4419d3c26b3b0f683d428f87d898ed20364c149ab7417ce409dc3f73ae7aeec67d0b60b
SSDEEP

1536:L0nhKUR//R4lKALQ04FmZKvPcAjK4EDERJ1TkqAtVVd:KhKURmlKS74F2ycKHEDkTTTAtVD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
838514a667fc48f35d88d5dc9a33b21c_JaffaCakes118

Files

838514a667fc48f35d88d5dc9a33b21c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

faa0b4ee5f17aa7dd7ef9d77ca928a0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoRegisterPSClsid
CreateGenericComposite
SetDocumentBitStg
StringFromCLSID
CoGetCallerTID
UtGetDvtd16Info
MkParseDisplayName
StringFromIID
DllDebugObjectRPCHook
GetRunningObjectTable
StgIsStorageFile
CoFileTimeNow
OleUninitialize
CreatePointerMoniker
StgCreateDocfileOnILockBytes
CoRevokeMallocSpy
CoDisconnectObject
OleNoteObjectVisible
OleSetAutoConvert
CreateOleAdviseHolder
OleRun
FreePropVariantArray
GetDocumentBitStg
CoQueryAuthenticationServices
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
OleConvertIStorageToOLESTREAMEx
OleCreateMenuDescriptor
UpdateDCOMSettings
CoGetCallContext
CoIsOle1Class
OleGetClipboard
UtGetDvtd32Info
GetClassFile
CreateAntiMoniker
StgCreateStorageEx
CoFreeAllLibraries
CoGetInterfaceAndReleaseStream
OleGetAutoConvert
GetHGlobalFromStream
OleCreateLinkToFileEx
CoCreateInstanceEx
PropVariantCopy
OleTranslateAccelerator
CLSIDFromProgID
WriteFmtUserTypeStg
StgOpenAsyncDocfileOnIFillLockBytes
CoTaskMemRealloc
StringFromGUID2
CoMarshalInterThreadInterfaceInStream
OleCreateEx
CoCreateInstance
CoUnmarshalInterface
CoFileTimeToDosDateTime
CoGetPSClsid

kernel32

MapViewOfFileEx
GetModuleHandleA
lstrcatW
WriteConsoleOutputW
LocalFileTimeToFileTime
IsBadStringPtrA
GetExitCodeThread
SwitchToFiber
HeapCompact
GetPrivateProfileIntA
GetConsoleMode
ReadFileEx
lstrcpyW
DuplicateHandle
GetTickCount
OpenEventW
GetModuleFileNameA
GetProcessHeap
GetLastError
ExpandEnvironmentStringsW
GetShortPathNameA
GetPrivateProfileSectionNamesA
SetVolumeLabelA
CreateMailslotW
SetCurrentDirectoryA
IsDBCSLeadByte
LockFileEx
PurgeComm
GetCommandLineW
GlobalFindAtomA
IsValidLocale
SetConsoleCursorInfo
VirtualAlloc
EnumDateFormatsExA
GlobalUnlock
CancelDeviceWakeupRequest
lstrcpyA
VirtualProtect
SetLocalTime
FindFirstFileExA
GetCurrentProcessId
IsBadReadPtr
CreateMutexW
lstrcmpi
RequestWakeupLatency
Heap32Next
SetStdHandle
WriteConsoleInputW
OpenFileMappingW
GetFileType
MapViewOfFile
GlobalFindAtomW
GetTempPathA
FillConsoleOutputCharacterA
CreateDirectoryW
TerminateThread
MulDiv
ClearCommError
GetConsoleCP
GetHandleInformation
GetDiskFreeSpaceW
WriteConsoleA
GetThreadLocale
SetMessageWaitingIndicator
EnumDateFormatsExW
OpenWaitableTimerA
OpenWaitableTimerW
GetStartupInfoW
SetThreadPriority
VirtualProtectEx
LoadLibraryExW
GetDateFormatW
WaitForMultipleObjectsEx
GetProfileSectionA
GetCalendarInfoA

user32

OpenDesktopW
DefWindowProcW
DrawAnimatedRects
DefMDIChildProcW
RedrawWindow
InSendMessage
IsIconic
DragDetect
SetWindowsHookExW
SetWindowsHookW
OemToCharBuffW
DestroyMenu
DdeSetQualityOfService
LoadBitmapW
DrawEdge
TranslateAccelerator
DeleteMenu
SendMessageCallbackW
CreateMenu
CreateDialogParamA
GetMenuBarInfo
FillRect
MessageBoxIndirectW
SetRect
SetFocus
DlgDirSelectExA
SendMessageCallbackA
DestroyIcon
SetMenu
MapVirtualKeyW
GetWindowModuleFileNameA
IsWindowVisible
GetListBoxInfo
GetClassNameA
IsDialogMessageA
RegisterWindowMessageA
DdeGetLastError
PostThreadMessageW
GetWindowTextA
SendMessageW
DdeInitializeA
CallNextHookEx
GetNextDlgGroupItem
LoadKeyboardLayoutW
DefFrameProcA
RegisterClipboardFormatA
SetMenuItemInfoW
CharPrevW
AdjustWindowRect
InvertRect
ScreenToClient
CreateCursor
SetKeyboardState
AnimateWindow
CallMsgFilter
TrackPopupMenu
BringWindowToTop
GetProcessDefaultLayout
SwapMouseButton
MoveWindow
EnumDisplayDevicesW
GetKeyState

advapi32

ConvertAccessToSecurityDescriptorA
RegLoadKeyA
AreAnyAccessesGranted
RegUnLoadKeyW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoExA
CopySid
RegOpenKeyA
ChangeServiceConfigW
CryptGetDefaultProviderA
CreatePrivateObjectSecurity
InitiateSystemShutdownW
GetMultipleTrusteeOperationA
CryptDuplicateKey
AllocateLocallyUniqueId
LookupAccountSidW
SetTokenInformation
GetSecurityDescriptorControl
LookupPrivilegeNameW
CryptEnumProvidersW
RegSetValueExW
CryptVerifySignatureW
RegQueryInfoKeyW
CryptImportKey
GetSidLengthRequired
IsValidAcl
BuildTrusteeWithSidW
GetAccessPermissionsForObjectA
CryptSetHashParam
GetSecurityInfo
LookupPrivilegeDisplayNameW
GetMultipleTrusteeA
DuplicateTokenEx
StartServiceA
GetSecurityDescriptorDacl
BuildTrusteeWithSidA
EnumServicesStatusW
AbortSystemShutdownA
OpenEventLogA
AdjustTokenGroups
RegRestoreKeyW
GetAuditedPermissionsFromAclW
SetFileSecurityW
GetAuditedPermissionsFromAclA
ObjectPrivilegeAuditAlarmW
SetSecurityInfoExW
MakeAbsoluteSD
ControlService
ClearEventLogW
RegCreateKeyExW
CryptGetHashParam
RegCreateKeyExA
UnlockServiceDatabase
ReadEventLogA
QueryServiceConfigW
ImpersonateLoggedOnUser
RegSaveKeyA
CryptSetProviderExW
SetEntriesInAccessListA
GetTrusteeNameA
OpenSCManagerA
SetNamedSecurityInfoW
CryptGetProvParam
RegOpenKeyExW
AddAccessDeniedAce
CryptSignHashW
CreateServiceW

shlwapi

StrCSpnW
PathFindSuffixArrayW
PathFindNextComponentA
PathIsSystemFolderW
PathIsUNCServerShareW
StrStrIA
UrlEscapeW
SHRegEnumUSKeyW
wnsprintfA
StrFromTimeIntervalW
StrFromTimeIntervalA
PathFindExtensionA
StrIsIntlEqualW
PathIsRootA
PathUnmakeSystemFolderA
StrChrA
PathQuoteSpacesA
SHOpenRegStream2W
SHRegDuplicateHKey
PathSearchAndQualifyA
PathSkipRootW
SHCopyKeyA
PathIsRelativeA
PathAddExtensionW
UrlCanonicalizeA
StrCSpnIW
UrlCombineW
UrlApplySchemeA
SHRegDeleteUSValueW
SHCopyKeyW
UrlCompareA
IntlStrEqWorkerA
SHDeleteEmptyKeyA
PathAppendA
StrStrA
StrRStrIW
SHEnumKeyExW
PathCombineW
PathRelativePathToW
StrToIntA
PathIsUNCA
StrRChrIW
StrCatBuffA
StrFormatByteSizeA
PathParseIconLocationW
SHRegOpenUSKeyW
SHEnumValueA
wvnsprintfA
StrSpnA
UrlUnescapeW
SHRegCloseUSKey
SHGetValueA
SHRegOpenUSKeyA
PathRemoveArgsW
PathGetArgsA

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

faa0b4ee5f17aa7dd7ef9d77ca928a0d

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

user32

advapi32

shlwapi

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 4KB