8944bc22235936b73bdf874bfa4d1a64_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8944bc22235936b73bdf874bfa4d1a64_JaffaCakes118
Size

87KB
MD5

8944bc22235936b73bdf874bfa4d1a64
SHA1

6f48fb18ffd6497fbdc951b4d96340e878921d91
SHA256

d1bf7ec60bcb74dd395f92a1ddb5a2a66e9913514e0f7428681e9a8d7fe25b1e
SHA512

e3d637bdb3d5c4fda8a34eb3f47bdee837c514c5481067cf8c20a523430ca2b5bcd8ea20c5c79d7ea3c627b214cf89dc59c96c6d1a3983f6c77a489c489de9c2
SSDEEP

1536:lTSvBFUz/BK0IUzdpQJ4anbsbeoXBbvLRb0JJlBQx7IlPuo/SfDEhxDEhv+143xo:lCF0K0IipQJzbsttLRbKJXQx7OuoafD2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8944bc22235936b73bdf874bfa4d1a64_JaffaCakes118

Files

8944bc22235936b73bdf874bfa4d1a64_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4c317a879868b941a965444eede73069

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IsCharAlphaA
BringWindowToTop
CopyAcceleratorTableA
DdeKeepStringHandle
FindWindowExA
InsertMenuW
LookupIconIdFromDirectoryEx
IsWindowEnabled
EnumPropsExW
SetSysColors
GetClassInfoExA
SendMessageTimeoutA
DrawCaption
GetMonitorInfoA
CreatePopupMenu
SetMenuItemInfoA
EnumWindowStationsW
ToUnicode
SubtractRect
ChangeDisplaySettingsA
SetScrollRange
SetDlgItemInt
DestroyMenu
CreateIconFromResourceEx
IsDialogMessage
GetWindowRgn
RealGetWindowClass
CreateDialogIndirectParamA
SetWindowTextW
CallWindowProcW
HideCaret
SetPropW
CharUpperW
LoadBitmapA
SetWindowLongW
GetSystemMetrics
CallNextHookEx
SetForegroundWindow
LoadMenuW
CharToOemBuffA
IsDialogMessageA
TabbedTextOutA
DdeCreateStringHandleA
ValidateRect
EnumDesktopsA
CreateAcceleratorTableW
DialogBoxIndirectParamA
GetUpdateRect
GetMenuItemID
GetWindowInfo
MapVirtualKeyExA
DdeQueryStringW
FrameRect
EnumDisplaySettingsExA
ToUnicodeEx
SendMessageW
IsZoomed
GetScrollRange
SetPropA
IsCharAlphaW
GetWindowModuleFileNameA
WaitForInputIdle
CopyAcceleratorTableW
IsCharUpperA
MonitorFromWindow
GetClassInfoExW
IsRectEmpty
TrackPopupMenuEx
CreateIconIndirect
SetWindowTextA
SetRectEmpty
DlgDirListW
TrackMouseEvent
GetMenuItemInfoA
DrawFrameControl
CloseDesktop
GetWindowThreadProcessId
SetScrollInfo
DrawFrame
GetMessageA
AttachThreadInput
InsertMenuItemW
GetFocus
ChangeDisplaySettingsExA
ScrollWindow
SwitchDesktop
GetClassLongW
MonitorFromRect
SetKeyboardState
TranslateAcceleratorA
PostThreadMessageA
AppendMenuA
DrawIconEx
GetWindowContextHelpId
CharToOemW
ChangeMenuW
DlgDirSelectExW
LoadImageW
MsgWaitForMultipleObjects
UnpackDDElParam
DispatchMessageA
BlockInput
SetMessageExtraInfo
TrackPopupMenu
GetKeyboardLayoutNameA
DragDetect
GetUserObjectSecurity
UnloadKeyboardLayout
IsDialogMessageW
MapVirtualKeyW
RegisterClipboardFormatA
GetMenuStringA
CharNextA
GetKeyState
GetAsyncKeyState
SendMessageTimeoutW
DdePostAdvise
DrawTextW
GetCaretBlinkTime
CharPrevW
GetNextDlgTabItem
GetCursorInfo
GetDC
GetThreadDesktop
CloseWindowStation
DdeCreateStringHandleW
GetKeyNameTextW
GetWindowLongA
GetKBCodePage
DdeFreeDataHandle
LoadCursorW
GetWindowTextW
DestroyCursor
RemovePropW
IsCharLowerW
DrawStateA
EnableScrollBar
DdeSetUserHandle
EnumPropsW
GetSysColor
GetActiveWindow
EndPaint
FlashWindowEx

advapi32

RegSetValueA
SetSecurityInfo
LookupPrivilegeNameA
GetAccessPermissionsForObjectA
CreateServiceA
RegQueryMultipleValuesA
CryptSignHashA
CreatePrivateObjectSecurity
AdjustTokenPrivileges
QueryServiceStatus
ReportEventW
LookupAccountNameA
RegSetValueExA
GetOverlappedAccessResults
LookupPrivilegeValueW
CryptEnumProviderTypesA
CreateProcessAsUserA
ConvertSecurityDescriptorToAccessNamedA
RegEnumValueA
SetEntriesInAclW
QueryServiceLockStatusW
ConvertSecurityDescriptorToAccessA
AddAccessDeniedAce
CryptSignHashW
ControlService
RegQueryValueExW
RegDeleteKeyA
PrivilegedServiceAuditAlarmA
ImpersonateLoggedOnUser
RegDeleteValueW
CryptDestroyKey
SetTokenInformation
LookupSecurityDescriptorPartsW
GetServiceKeyNameA
DuplicateTokenEx
ConvertAccessToSecurityDescriptorW
LookupPrivilegeDisplayNameA
BuildTrusteeWithNameA
LookupPrivilegeValueA
RegConnectRegistryA
ReportEventA
AddAce
CryptReleaseContext
EqualSid
StartServiceCtrlDispatcherA
OpenThreadToken
SetServiceStatus
AddAuditAccessAce
CryptHashSessionKey
GetExplicitEntriesFromAclA
BuildImpersonateExplicitAccessWithNameW
NotifyBootConfigStatus
CryptGetDefaultProviderW
GetMultipleTrusteeA
CryptDuplicateHash
EqualPrefixSid
CreateServiceW
GetPrivateObjectSecurity
GetAclInformation
CryptGetDefaultProviderA
MakeSelfRelativeSD
MapGenericMask
GetServiceDisplayNameW
GetMultipleTrusteeW
OpenEventLogW
DestroyPrivateObjectSecurity
DeleteService
GetSecurityInfo
RegOpenKeyW
RegSaveKeyW
SetNamedSecurityInfoA
ObjectCloseAuditAlarmW
RegQueryMultipleValuesW
LogonUserA
AddAccessAllowedAce
CryptGetProvParam
ClearEventLogA
EnumServicesStatusW
SetNamedSecurityInfoW
GetSidLengthRequired
GetSecurityDescriptorOwner
ObjectOpenAuditAlarmW
LockServiceDatabase
GetSidIdentifierAuthority
RegQueryInfoKeyA
GetEffectiveRightsFromAclA
BackupEventLogW
ObjectDeleteAuditAlarmA
OpenBackupEventLogW
GetAccessPermissionsForObjectW
GetEffectiveRightsFromAclW
ImpersonateSelf
BuildTrusteeWithNameW
LookupPrivilegeNameW
CryptGetHashParam
RegEnumKeyExA
AbortSystemShutdownA
InitiateSystemShutdownA
RegQueryValueA
OpenSCManagerA
BuildSecurityDescriptorW
ObjectPrivilegeAuditAlarmW
CryptEnumProviderTypesW
CryptSetProviderExW
CryptExportKey
SetEntriesInAccessListA

shlwapi

PathIsRelativeA
HashData
SHDeleteKeyW
SHOpenRegStream2W
PathStripPathW
SHRegQueryUSValueW
StrRetToBufA
PathParseIconLocationW
SHSetThreadRef
ColorHLSToRGB
UrlCreateFromPathW
StrCatBuffW
UrlApplySchemeW
SHSkipJunction
UrlUnescapeW
StrRStrIW
PathCompactPathExW
SHAutoComplete
PathMakeSystemFolderA
PathGetCharTypeA
IntlStrEqWorkerA
PathRemoveExtensionA
ColorAdjustLuma
SHRegOpenUSKeyW
SHRegGetBoolUSValueA
PathIsPrefixA
PathRelativePathToW
UrlHashA
SHRegEnumUSValueW
PathMakePrettyA
StrIsIntlEqualA
SHDeleteEmptyKeyW
UrlIsOpaqueA
PathIsSameRootW
SHCopyKeyW
PathFindExtensionW
PathIsDirectoryA
UrlCompareW
PathIsPrefixW
GetMenuPosFromID
StrStrIW
PathAppendA
SHCreateStreamOnFileW
PathAddExtensionW
wnsprintfW
PathRemoveBackslashW
PathUndecorateA
StrCmpW
SHRegQueryInfoUSKeyW
UrlGetLocationW
UrlCompareA
UrlCanonicalizeA
PathFindNextComponentW
SHQueryInfoKeyA
UrlCanonicalizeW
SHRegSetUSValueW
PathFindFileNameW
StrSpnW
PathIsUNCA
SHGetValueW
PathUnmakeSystemFolderA
UrlIsNoHistoryA
PathFindFileNameA
PathIsSystemFolderW
PathAddExtensionA
StrStrA
PathFindSuffixArrayW
StrPBrkA
StrFromTimeIntervalA
SHIsLowMemoryMachine
PathRemoveFileSpecW
SHOpenRegStream2A
PathGetDriveNumberW
PathRemoveBlanksW
StrCmpNW
PathStripPathA
SHRegDeleteEmptyUSKeyW
PathFileExistsW
StrCmpNIW
PathFileExistsA
SHRegGetBoolUSValueW
StrRChrW
StrChrIW
PathIsUNCServerA
PathIsRootA
PathSearchAndQualifyW
PathCreateFromUrlW
StrToIntExA
PathRemoveArgsW
StrCpyNW
StrRetToBufW
PathGetArgsA
SHCreateShellPalette
StrDupA
PathCommonPrefixA
PathIsContentTypeA
PathStripToRootW
PathQuoteSpacesA
IntlStrEqWorkerW
PathCombineA
PathMatchSpecW
SHRegOpenUSKeyA
SHDeleteKeyA
StrFormatByteSize64A
SHStrDupA
StrCSpnIW
PathUnmakeSystemFolderW
wvnsprintfA

ole32

CoRevokeClassObject
OleGetIconOfFile
StgSetTimes
OleRun
CoCreateGuid
MkParseDisplayName
OleLoad
UtConvertDvtd16toDvtd32
CoLockObjectExternal
CoFreeLibrary
WriteStringStream
ReadFmtUserTypeStg
WriteClassStm
GetHGlobalFromILockBytes
OleDestroyMenuDescriptor
IsAccelerator
OleQueryCreateFromData
CoRegisterChannelHook
CoRevertToSelf
CreateILockBytesOnHGlobal
MonikerCommonPrefixWith
StgGetIFillLockBytesOnILockBytes
OleInitialize
OleUninitialize
OleDuplicateData
SetConvertStg
CoGetMalloc
CoFileTimeToDosDateTime
CoUninitialize
CoTreatAsClass
CreatePointerMoniker
UpdateDCOMSettings
OleConvertIStorageToOLESTREAM
CoRegisterMessageFilter
CreateDataAdviseHolder
CoGetPSClsid
OleRegGetMiscStatus
OleQueryLinkFromData
CoCopyProxy
OleGetAutoConvert
OleNoteObjectVisible
IIDFromString
OleCreateStaticFromData
IsEqualGUID
OleSetAutoConvert
ReadClassStg
StgGetIFillLockBytesOnFile
StgOpenStorage
UtConvertDvtd32toDvtd16
CreateBindCtx
CoFreeUnusedLibraries
CoLoadLibrary
StringFromIID
OleGetClipboard
CoGetObject
CoQueryAuthenticationServices
StgCreateDocfileOnILockBytes
SetDocumentBitStg
OleCreateFromFile
WriteOleStg
CoCreateInstance
WriteFmtUserTypeStg
RevokeDragDrop
CoTaskMemFree
GetClassFile
CoRevokeMallocSpy
CoGetCurrentLogicalThreadId
OleDraw
OleGetIconOfClass
OpenOrCreateStream
OleRegEnumVerbs
StgIsStorageILockBytes
OleConvertIStorageToOLESTREAMEx
CoUnmarshalHresult
CoTaskMemAlloc
CoGetInstanceFromFile
CoCreateFreeThreadedMarshaler
EnableHookObject
OleCreateDefaultHandler
OleSave
CoInitialize
OleSetMenuDescriptor
OleCreateLinkEx
OleCreateLink
CoInitializeEx
OleCreateFromFileEx
OleRegGetUserType
CoGetCallerTID
DoDragDrop
CLSIDFromProgID

kernel32

FreeLibraryAndExitThread
VerLanguageNameA
IsDebuggerPresent
CreateDirectoryExA
GetDiskFreeSpaceExW
GetModuleHandleW
VirtualProtectEx
GetPrivateProfileIntA
FileTimeToLocalFileTime
FreeConsole
GetFileAttributesExA
lstrcpynA
GetCommMask
OpenMutexW
CreateMailslotW
EnumCalendarInfoW
GetConsoleOutputCP
LCMapStringW
FormatMessageW
GetShortPathNameW
ExitProcess
SetThreadLocale
CopyFileExW
OpenEventW
CreateEventA
WaitForMultipleObjects
EnumResourceTypesA
GetSystemTimeAsFileTime
VirtualProtect
SystemTimeToTzSpecificLocalTime
WaitForDebugEvent
GetDiskFreeSpaceW
GetConsoleScreenBufferInfo
lstrcmpW
ReadConsoleOutputAttribute
GetStartupInfoA
SetEnvironmentVariableA
GlobalMemoryStatus
SetConsoleOutputCP
WriteConsoleOutputW
HeapFree
IsBadHugeWritePtr
FlushViewOfFile
GetSystemInfo
EnumResourceLanguagesA
FillConsoleOutputCharacterW
SetCalendarInfoA
GlobalAlloc
EnumCalendarInfoA
EnumResourceLanguagesW
GetThreadContext
CreateMutexW
VirtualFree
GetWriteWatch
GetCPInfo
lstrlenA
SetVolumeLabelW
VirtualFreeEx
IsSystemResumeAutomatic
GetNamedPipeHandleStateW
GetPrivateProfileSectionA
GetTempFileNameW
GetSystemDirectoryW
CreateFiber
GlobalFindAtomW
lstrcmpA
VirtualAlloc
GetLocalTime
MoveFileExA
GetPrivateProfileStringA
GetPriorityClass
GetCurrentThread
SetupComm
EnumSystemLocalesA
SetThreadPriorityBoost
LoadResource
GetNumberOfConsoleMouseButtons
GetPrivateProfileIntW
GetBinaryTypeA
SetConsoleTitleA
ReleaseMutex
RemoveDirectoryW
HeapValidate
CreateDirectoryExW
IsBadStringPtrW
GetCurrentProcess
GetEnvironmentStringsA
EndUpdateResourceA
SetConsoleCtrlHandler
GetThreadPriorityBoost
FreeEnvironmentStringsW
GetNumberFormatW
CreateProcessW
GetFileInformationByHandle
Heap32Next
CreateFileW
GetUserDefaultLangID
ReadConsoleOutputA
GetCommProperties
GetProcAddress
CancelIo
CompareStringA
LoadLibraryA
GetProfileIntA
SetConsoleScreenBufferSize
TlsSetValue
ReadConsoleOutputW
WritePrivateProfileStringW
LoadLibraryExW
FindResourceExW
SetUnhandledExceptionFilter
MapViewOfFileEx
WritePrivateProfileStructA
FatalAppExitA
IsBadStringPtrA
EnumDateFormatsA
BeginUpdateResourceA
FlushInstructionCache
CopyFileA
FoldStringA
ReadConsoleA
lstrcmpiA
CreateDirectoryA
ReadFile
CreateConsoleScreenBuffer
SetProcessWorkingSetSize
WritePrivateProfileSectionW
GlobalLock
WaitCommEvent
CreateTapePartition
SetConsoleCP
SystemTimeToFileTime
SetFilePointer
GetVersion
GetDriveTypeW
PurgeComm
WritePrivateProfileSectionA
CloseHandle
lstrcmpiW
GetDateFormatW

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 326B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4c317a879868b941a965444eede73069

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

shlwapi

ole32

kernel32

Sections

.text Size: 69KB - Virtual size: 69KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 326B

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 326B