864c315ffff749f5722e7fca52835520_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

864c315ffff749f5722e7fca52835520_JaffaCakes118
Size

82KB
MD5

864c315ffff749f5722e7fca52835520
SHA1

8feec8965a91f270c39742c0467cf4b7008794d4
SHA256

28869b334e1d99a48faa31c40b2b94dc988ded16ed77fb44bef2f4c68311a0df
SHA512

3d43d7c20975252f06ece31b7529134991589415863e6511a0386ab2e29c9153abb02514db8a7a42d845e1bcb941ce95ed382360e5f8281e682eb94f67dfd6ca
SSDEEP

1536:C9B3XPJegmxOz1lDQKKpc9Qg8DBdJdlsrGSyzEcUlt32QIKfdButT9j:ABvJegbEPM58DRzs6FQcOtLDButT9j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
864c315ffff749f5722e7fca52835520_JaffaCakes118

Files

864c315ffff749f5722e7fca52835520_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f4da668724bde9dd0960fdbd07333a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpNW
PathCanonicalizeA
SHQueryInfoKeyW
PathMakePrettyA
SHOpenRegStreamW
UrlIsOpaqueA
StrPBrkW
PathGetArgsW
PathFindOnPathA
wvnsprintfA
PathFindSuffixArrayA
StrCpyW
UrlCombineW
StrNCatW
UrlApplySchemeA
StrRStrIW
UrlGetPartA
AssocQueryStringByKeyW
SHRegQueryInfoUSKeyA
PathCreateFromUrlA
PathQuoteSpacesA
SHSkipJunction
StrRChrIA
SHOpenRegStream2W
PathSetDlgItemPathA
SHRegDeleteEmptyUSKeyA
SHQueryValueExW
PathMatchSpecA
UrlGetLocationA
wnsprintfA
ColorRGBToHLS
SHDeleteKeyW
PathRelativePathToA
PathIsSystemFolderA
StrFormatByteSizeW
SHCreateShellPalette
PathCommonPrefixA
SHRegQueryUSValueW
StrChrA
StrStrW
UrlIsNoHistoryA
StrRetToStrA
PathAddExtensionW
PathRemoveArgsW
UrlCanonicalizeW
SHRegGetUSValueA
PathCommonPrefixW
SHEnumKeyExA
UrlHashA
PathCombineW
StrCatBuffW
StrDupA
PathRemoveBlanksW
StrChrIW
PathFindNextComponentW
wvnsprintfW
PathSetDlgItemPathW
PathUnmakeSystemFolderW
StrCatBuffA
PathRemoveArgsA
PathIsPrefixA
PathUndecorateA
UrlIsNoHistoryW
PathBuildRootW
StrCmpW
StrDupW
PathIsLFNFileSpecA

kernel32

LocalSize
GetNamedPipeInfo
EnumSystemCodePagesA
OpenWaitableTimerA
PrepareTape
SetNamedPipeHandleState
SetCalendarInfoW
GetCompressedFileSizeA
FreeResource
GetCPInfoExW
GetThreadPriority
FlushInstructionCache
SetComputerNameW
GlobalUnWire
GetPrivateProfileStringA
HeapDestroy
SetThreadContext
lstrcpyA
IsDebuggerPresent
SetLastError
GlobalGetAtomNameA
SetTapePosition
FoldStringA
CreateProcessW
DuplicateHandle
GetFileAttributesA
lstrlenA
SearchPathA
LoadLibraryA
SetConsoleCP
FreeLibraryAndExitThread
ConvertThreadToFiber
VirtualAlloc
CreateFileW
BuildCommDCBW
GetProfileStringA
SetSystemTimeAdjustment
GetCurrentDirectoryA
SetTimeZoneInformation
GlobalGetAtomNameW
GetFileAttributesW
FlushConsoleInputBuffer
SetFileAttributesA
SetTapeParameters
OpenEventW
SetConsoleTitleA
GetStringTypeExA
GetNumberFormatA
BeginUpdateResourceA
VirtualProtect
CreateDirectoryW
MoveFileA
OpenSemaphoreW
GetDiskFreeSpaceA
ExpandEnvironmentStringsW
GlobalAddAtomW
MultiByteToWideChar
SizeofResource
GetModuleHandleA

user32

InsertMenuItemW
SetThreadDesktop
SendMessageCallbackW
GrayStringW
RealChildWindowFromPoint
LoadAcceleratorsW
DlgDirListA
GetDlgItemTextW
GetScrollPos
DefFrameProcW
CreateMenu
UnregisterClassA
GetInputState
MessageBoxIndirectA
SetClipboardData
DrawTextA
ChangeDisplaySettingsA
CreateDesktopW
GetKeyNameTextA
FillRect
DefMDIChildProcW
DestroyCaret
IsWindow
EnumWindows
ShowWindow
MessageBoxA
FindWindowA
EndMenu
ShowOwnedPopups
DdeCreateStringHandleA
IsWindowVisible
SendDlgItemMessageA
SetClassLongA
SendIMEMessageExA
SetClassLongW
EnumThreadWindows
GetWindow
LoadMenuA
AdjustWindowRectEx
GetGUIThreadInfo
MoveWindow
SetUserObjectSecurity
SystemParametersInfoA
GetClipboardFormatNameW
EnumDisplaySettingsA
OpenWindowStationA
GetSysColorBrush
GetDlgCtrlID
SetScrollRange
MessageBoxW
GetDoubleClickTime
SetMenuInfo
DdeNameService
ChangeMenuA

advapi32

RegSetValueW
LockServiceDatabase
SetNamedSecurityInfoExW
OpenServiceA
GetServiceKeyNameA
RegQueryValueW
GetExplicitEntriesFromAclA
RegCloseKey
GetSecurityDescriptorLength
GetSidSubAuthority
ObjectDeleteAuditAlarmA
NotifyChangeEventLog
CryptGetDefaultProviderW
SetFileSecurityW
LookupAccountSidA
CryptVerifySignatureA
CryptEncrypt
RegRestoreKeyA
AddAce
SetTokenInformation
GetFileSecurityA
CryptContextAddRef
GetSecurityDescriptorControl
RegCreateKeyExA
GetSecurityInfoExA
GetNamedSecurityInfoA
GetSecurityDescriptorGroup
GetSecurityInfoExW
CryptSetProviderExA
ConvertSecurityDescriptorToAccessNamedA
ConvertSecurityDescriptorToAccessNamedW
StartServiceCtrlDispatcherA
DuplicateToken
PrivilegeCheck
StartServiceCtrlDispatcherW
CryptSetProviderExW
QueryServiceConfigA
SetSecurityDescriptorDacl
GetCurrentHwProfileW
LookupPrivilegeNameA
GetAclInformation
CreateProcessAsUserW
BuildSecurityDescriptorW
CryptSetHashParam
SetNamedSecurityInfoA
UnlockServiceDatabase
LookupPrivilegeDisplayNameA
GetMultipleTrusteeOperationA
RegisterServiceCtrlHandlerA
RegLoadKeyA
TrusteeAccessToObjectW
AccessCheck
CryptSetProviderA
AdjustTokenGroups
OpenProcessToken
CryptSetKeyParam
GetPrivateObjectSecurity
SetSecurityInfo
GetAccessPermissionsForObjectA
SetSecurityDescriptorGroup
IsValidAcl
RegSetKeySecurity

ole32

GetHookInterface
CoReleaseServerProcess
StgCreateDocfile
CreateAntiMoniker
CoFileTimeNow
OleLockRunning
OleCreateStaticFromData
CoCopyProxy
CoQueryAuthenticationServices
IIDFromString
CoTreatAsClass
CoBuildVersion
OleQueryCreateFromData
EnableHookObject
OleCreateLinkToFileEx
CreateOleAdviseHolder
OleCreateLinkToFile
CoFileTimeToDosDateTime
CreateStreamOnHGlobal
ReadOleStg
CoReleaseMarshalData
CoUnmarshalInterface
OleFlushClipboard
CoDosDateTimeToFileTime
CoQueryClientBlanket
OleGetClipboard
CoMarshalInterThreadInterfaceInStream
OleCreateFromFile
OleBuildVersion
OleConvertIStorageToOLESTREAM
CoRegisterClassObject
CoGetCallContext
PropVariantCopy
OleSetAutoConvert
CoIsHandlerConnected
OleMetafilePictFromIconAndLabel
SetDocumentBitStg
OpenOrCreateStream
CoGetObject
WriteOleStg
StgCreateDocfileOnILockBytes
CoFreeLibrary
CoDisconnectObject
StgOpenAsyncDocfileOnIFillLockBytes
WriteStringStream
OleSetClipboard
CreateFileMoniker
ReleaseStgMedium
StgOpenStorageOnILockBytes
OleConvertOLESTREAMToIStorage
OleCreateFromData
StgSetTimes
OleCreateLinkFromData
GetHGlobalFromStream
StgGetIFillLockBytesOnILockBytes
CoGetInterfaceAndReleaseStream
OleCreateDefaultHandler
CoResumeClassObjects
OleDestroyMenuDescriptor
CreateObjrefMoniker
CreatePointerMoniker
CLSIDFromProgID

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4f4da668724bde9dd0960fdbd07333a6

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

ole32

Sections

.text Size: 71KB - Virtual size: 71KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 20KB

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 20KB