876c4bb88e2f5227cbe42823bfc22105_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

876c4bb88e2f5227cbe42823bfc22105_JaffaCakes118
Size

68KB
MD5

876c4bb88e2f5227cbe42823bfc22105
SHA1

0c6ce68a3f7032b423f785ab6ad5d84da6d8d02c
SHA256

6de113a86d53987596b63defcdf67699fecdbdc739adea52fda0d35fdf3816b8
SHA512

2c52200402cdc50781b3834a32fd8d690363f61a63edd4f7f43c6c67d2ba828f26ca6cca4285e306bdb6b4a1b152395159e24c8821aca94931904e79c8530f12
SSDEEP

1536:T1uhz+PNAkgcBI3u2SN4R9ASB2jqBaw7agJz2hAZqfPBqHi+qZ:T1uhz+X63u2SN4Ryi2jqBa2nq+ZqfJAw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
876c4bb88e2f5227cbe42823bfc22105_JaffaCakes118

Files

876c4bb88e2f5227cbe42823bfc22105_JaffaCakes118
.exe windows:4 windows x86 arch:x86

042d8fd56712f1837daeefd06a9637a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

EnableHookObject
CoUnmarshalInterface
CoGetInstanceFromFile
CoSwitchCallContext
OleCreateLinkEx
ReadOleStg
ProgIDFromCLSID
StgIsStorageILockBytes
CoDisconnectObject
CoGetCurrentLogicalThreadId
OleQueryLinkFromData
OleBuildVersion
StgCreateStorageEx
CreateILockBytesOnHGlobal
CoInitialize
OleCreateEmbeddingHelper
CoRevertToSelf
OleCreateFromFile
CoResumeClassObjects
CoSetProxyBlanket
CoIsOle1Class
OleLockRunning
ReadClassStg
OleCreateDefaultHandler
CoQueryClientBlanket
PropVariantClear
UtConvertDvtd16toDvtd32
ReadFmtUserTypeStg
DllDebugObjectRPCHook
OleSetAutoConvert
WriteClassStm
OleCreateStaticFromData
UtConvertDvtd32toDvtd16
OleCreate
OleSave
CreateDataAdviseHolder
CoGetPSClsid
MonikerRelativePathTo
OleSaveToStream
CoImpersonateClient
OpenOrCreateStream
OleQueryCreateFromData
OleTranslateAccelerator
OleRun
OleCreateFromData
OleFlushClipboard
OleNoteObjectVisible
OleLoad
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
CoQueryAuthenticationServices
CoUnmarshalHresult

advapi32

GetFileSecurityW
LookupAccountSidW
SetEntriesInAuditListA
GetAuditedPermissionsFromAclW
CryptEnumProvidersA
InitializeAcl
ObjectCloseAuditAlarmA
CancelOverlappedAccess
OpenThreadToken
GetLengthSid
GetNamedSecurityInfoExW
CreateServiceA
CryptDestroyHash
RegCreateKeyExA
GetFileSecurityA
GetMultipleTrusteeOperationA
GetExplicitEntriesFromAclA
SetServiceStatus
SetAclInformation
GetSecurityDescriptorSacl
RegOpenKeyExW
QueryServiceStatus
GetAclInformation
CreatePrivateObjectSecurity
LockServiceDatabase
MakeAbsoluteSD
GetServiceDisplayNameA
RegQueryInfoKeyW
RegEnumKeyW
GetMultipleTrusteeW
GetOldestEventLogRecord
RegEnumValueW
SetSecurityInfoExA
GetSidLengthRequired
CryptSetProviderExA
OpenProcessToken
RegNotifyChangeKeyValue
ConvertSecurityDescriptorToAccessNamedA
ImpersonateLoggedOnUser
OpenSCManagerW
GetTrusteeNameA
RegOpenKeyA
LookupPrivilegeValueA
InitiateSystemShutdownW
BuildSecurityDescriptorA
DuplicateTokenEx
GetOverlappedAccessResults
RegSetValueW
CryptExportKey
LogonUserA
CryptReleaseContext
GetSidSubAuthorityCount
CryptDecrypt
DeregisterEventSource
OpenEventLogW
CryptHashSessionKey
StartServiceW
AdjustTokenPrivileges
RegDeleteKeyW
GetMultipleTrusteeOperationW
RegRestoreKeyW

kernel32

LoadLibraryW
GlobalLock
RequestWakeupLatency
FindNextChangeNotification
SetErrorMode
GetPrivateProfileIntW
Heap32ListNext
GetDevicePowerState
SearchPathW
MultiByteToWideChar
SetProcessAffinityMask
FreeLibrary
GetVersion
GetLongPathNameW
lstrcmpiW
QueryDosDeviceA
WriteProfileStringA
OpenFile
GetLogicalDriveStringsA
SetFileTime
FindFirstChangeNotificationA
SearchPathA
SetConsoleCP
ReadConsoleW
GenerateConsoleCtrlEvent
GetStringTypeExA
Heap32First
GetSystemDirectoryA
LoadLibraryA
GetProcessHeap
GetDiskFreeSpaceExA
WriteProfileSectionA
lstrcpy
EscapeCommFunction
GetCommTimeouts
UpdateResourceA
GetFileAttributesW
DosDateTimeToFileTime
EnumTimeFormatsW
SetSystemTime
lstrcpyn
VirtualProtect
HeapCompact
SetThreadLocale
OpenWaitableTimerW
GetProfileIntW
SetCalendarInfoW
CallNamedPipeA
HeapCreate
GetFileType
WritePrivateProfileSectionW
GetCurrentProcessId
LocalLock
SuspendThread
Process32First
SetTimeZoneInformation
FreeEnvironmentStringsA
LocalFileTimeToFileTime
GetModuleFileNameA
OutputDebugStringA
MapViewOfFileEx
FlushFileBuffers
ResetEvent
SetComputerNameA
GetProfileSectionA
LCMapStringW
CompareStringA
IsValidLocale
GetEnvironmentStringsW
SetDefaultCommConfigA
SetSystemTimeAdjustment
GetCompressedFileSizeW
GetSystemDefaultLangID
VirtualAlloc
CompareFileTime
EnumSystemCodePagesA
GetStartupInfoW
GetThreadContext
WriteConsoleOutputW

shlwapi

SHGetValueW
StrStrIW
SHEnumValueW
PathRenameExtensionW
PathFindSuffixArrayW
StrRChrIW
PathCompactPathW
PathAppendW
StrRetToStrW
PathCompactPathA
PathSetDlgItemPathA
SHOpenRegStream2W
SHCreateStreamOnFileA
PathStripPathA
SHDeleteKeyA
UrlCreateFromPathA
SHIsLowMemoryMachine
PathIsUNCServerShareW
SHDeleteValueA
PathAddExtensionA
SHEnumValueA
StrToIntExW
SHRegSetUSValueA
StrRChrW
PathFindExtensionA
SHRegSetUSValueW
SHDeleteKeyW
PathAddBackslashA
PathIsDirectoryA
PathMakeSystemFolderW
PathSkipRootA
StrPBrkW
SHRegQueryInfoUSKeyW
PathIsSystemFolderA
AssocQueryStringByKeyW
StrCpyNW
StrCpyW
StrSpnW
SHRegWriteUSValueW
StrStrIA
StrRetToBufW
SHOpenRegStreamA
StrPBrkA
PathSkipRootW
ColorAdjustLuma
PathCanonicalizeW
SHQueryInfoKeyA
PathUnquoteSpacesA
SHCopyKeyA
PathIsDirectoryW
PathUnmakeSystemFolderW
PathUnquoteSpacesW
SHRegQueryUSValueA
UrlIsA
PathStripToRootA
SHEnumKeyExA
StrTrimA
PathFileExistsW

user32

SetPropW
BroadcastSystemMessageA
ReplyMessage
LoadStringA
CopyAcceleratorTableA
TabbedTextOutA
SetUserObjectInformationA
WaitMessage
TranslateMDISysAccel
CreateWindowStationA
UpdateWindow
ShowCaret
GetClipboardData
OffsetRect
CallWindowProcA
EnumDesktopWindows
SetSystemCursor
GetMonitorInfoW
ModifyMenuA
InsertMenuItemW
CreateDialogParamA
SubtractRect
PtInRect
DrawCaption
InsertMenuItemA
InsertMenuA
GetForegroundWindow
WaitForInputIdle
GetSystemMetrics
GetWindowPlacement
CopyRect
SetRect
GetMenuItemRect
SetDeskWallpaper
GetCursor
MapVirtualKeyExW
GetWindowLongA
CascadeChildWindows
LoadKeyboardLayoutA
DdeUninitialize
SetDoubleClickTime
SetThreadDesktop
CallMsgFilter
TileWindows
GetMenu
EnumWindowStationsA
IsClipboardFormatAvailable
DrawMenuBar
UnloadKeyboardLayout
GetShellWindow
GetKeyboardLayoutNameA
EnumDisplaySettingsExA
CheckDlgButton
UnpackDDElParam
SendMessageTimeoutW
SwitchToThisWindow
CharNextW
DrawAnimatedRects
GetGUIThreadInfo
CharNextExA
LoadAcceleratorsA
GetMenuDefaultItem
GetMenuInfo
GetDlgItem
DefMDIChildProcW

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

042d8fd56712f1837daeefd06a9637a7

Headers

DLL Characteristics

File Characteristics

Imports

ole32

advapi32

kernel32

shlwapi

user32

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 12KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 12KB