9629f3a96f18bc9c59beb7cffb96d219_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9629f3a96f18bc9c59beb7cffb96d219_JaffaCakes118
Size

2.8MB
MD5

9629f3a96f18bc9c59beb7cffb96d219
SHA1

433733742f368ed00a21976fe38a877feecefe3b
SHA256

c0370832e0c77831fe5ff99e6d9bbe2fb885d67f4b4c7ac0c4bc256eaafb761d
SHA512

5d2f9146f4fa3ce7049267575ebb73b232b3c9bc2cc57f96fa843df9653f0cc1a1808298af9f8ab4f166a2b99edf3bd23fdff3fc17604bc6c7c98417a2b683ae
SSDEEP

24576:cd8uxOc/QpDkhpGYCW5uXSA7jTeFadRsxFb/g/J/ulZl:8OYLC8A7/eFwY3l/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9629f3a96f18bc9c59beb7cffb96d219_JaffaCakes118

Files

9629f3a96f18bc9c59beb7cffb96d219_JaffaCakes118
.exe windows:6 windows x86 arch:x86

b94dd67b6a4d667d1d489b1520f949f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

explorer.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyW
RegGetValueW
RegOpenKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
EventWrite
EventEnabled
GetLengthSid
GetTokenInformation
OpenProcessToken
EventUnregister
EventRegister
GetUserNameW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
TraceMessage
RegOpenKeyW
RegEnumKeyW
RegEnumValueW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
QueryServiceStatus
CheckTokenMembership
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
ConvertSidToStringSidW
StartServiceW
CreateWellKnownSid

kernel32

GetSystemTime
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
FlushInstructionCache
RaiseException
GetSystemWindowsDirectoryW
SetLastError
ReadFile
GetFileSize
CreateFileW
InterlockedCompareExchange
LoadLibraryA
SystemTimeToFileTime
ExpandEnvironmentStringsW
GlobalGetAtomNameW
MultiByteToWideChar
GetEnvironmentVariableW
GetCurrentProcessId
GetModuleHandleW
lstrlenW
OpenEventW
SetEvent
GetBinaryTypeW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
CompareFileTime
GlobalFree
GetTickCount
MulDiv
GetUserDefaultLangID
GetPrivateProfileIntW
GetCurrentThread
GetThreadPriority
GetCurrentThreadId
SetThreadPriority
CompareStringOrdinal
lstrcmpiW
HeapSetInformation
SetErrorMode
CreateMutexW
ReleaseMutex
GetTimeZoneInformation
SetFilePointer
SetProcessShutdownParameters
GetSystemDirectoryW
CreateEventW
SetTermsrvAppInstallMode
RegisterApplicationRestart
ExitProcess
GetModuleFileNameW
GetPrivateProfileStringW
HeapDestroy
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcess
GetProcessHeap
HeapAlloc
QueryPerformanceFrequency
GetFileAttributesExW
QueueUserWorkItem
GetLongPathNameW
GetProcessTimes
TerminateThread
GetProcessId
CreateIoCompletionPort
GetQueuedCompletionStatus
GetWindowsDirectoryW
FormatMessageW
QueryFullProcessImageNameW
GlobalAlloc
DuplicateHandle
GetCurrentDirectoryW
WideCharToMultiByte
WriteFile
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
FindResourceExW
LoadResource
LockResource
GetUserDefaultUILanguage
LoadLibraryW
GetProcAddress
FreeLibrary
WaitForSingleObject
CreateProcessW
GetCommandLineW
GetStartupInfoW
CreateThread
AssignProcessToJobObject
ResumeThread
Sleep
QueryInformationJobObject
LocalAlloc
LocalFree
CloseHandle
OpenProcess
SetPriorityClass
GetPriorityClass
CreateJobObjectW
SetInformationJobObject
GetLastError
InterlockedDecrement
InterlockedIncrement
HeapFree
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedExchange
VirtualAlloc
VirtualFree
DelayLoadFailureHook

gdi32

GetStockObject
CombineRgn
GetLayout
CreatePatternBrush
OffsetViewportOrgEx
GdiAlphaBlend
GetTextExtentPoint32W
ExtTextOutW
SetWindowOrgEx
GetPixel
PatBlt
CreateRectRgn
GetClipRgn
IntersectClipRect
GetViewportOrgEx
SetViewportOrgEx
SelectClipRgn
GetBkColor
CreateCompatibleBitmap
OffsetWindowOrgEx
SetBkColor
GetTextExtentPointW
GetClipBox
CreateDIBSection
CreateRectRgnIndirect
SetTextColor
SetBkMode
GetTextMetricsW
CreateFontIndirectW
CreateSolidBrush
GetObjectW
DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps

user32

GetDlgItem
LoadCursorW
RegisterClassW
IsChild
SetTimer
MonitorFromRect
SetWindowTextW
SetClassLongW
GetClassInfoW
GetClassLongW
KillTimer
GetClassInfoExW
IsWindowEnabled
GetShellWindow
GetIconInfo
SetScrollInfo
GetLastActivePopup
GetSystemMenu
IsIconic
IsZoomed
EnableMenuItem
IsWindowVisible
IsWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowInfo
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetFocus
SetForegroundWindow
LoadMenuW
SetMenuInfo
SetMenuDefaultItem
GetSubMenu
TrackPopupMenuEx
LoadImageW
InsertMenuItemW
DestroyIcon
DeleteMenu
GetMenuItemInfoW
SetMenuItemInfoW
CharUpperBuffW
PostQuitMessage
LoadStringW
ShutdownBlockReasonCreate
GetWindowLongA
SetWindowLongW
UnregisterDeviceNotification
RegisterDeviceNotificationW
RegisterWindowMessageW
SetWindowPos
RegisterClassExW
GetDesktopWindow
UpdateWindow
InvalidateRect
BeginPaint
LoadBitmapW
SetLayeredWindowAttributes
EndPaint
ShowWindow
DefWindowProcW
MoveWindow
DestroyWindow
UnregisterClassW
SetProcessDPIAware
PeekMessageW
CreateWindowExW
DialogBoxParamW
MsgWaitForMultipleObjects
GetKeyboardLayout
ActivateKeyboardLayout
IsProcessDPIAware
PrintWindow
GetDCEx
GetPropW
GetNextDlgGroupItem
GetNextDlgTabItem
GetDlgCtrlID
ChildWindowFromPointEx
GetCapture
GetGUIThreadInfo
SetWindowLongA
CharUpperW
GetWindowDC
RegisterClipboardFormatW
UnhookWinEvent
SetWinEventHook
ReleaseCapture
GetUserObjectInformationW
GetProcessWindowStation
FlashWindowEx
GetForegroundWindow
PostMessageW
CreatePopupMenu
GetWindowThreadProcessId
MsgWaitForMultipleObjectsEx
CharPrevW
CharNextW
DispatchMessageW
TranslateMessage
GetMessageW
EqualRect
UnionRect
MapWindowPoints
GetClientRect
EnumWindows
EndTask
SetThreadDesktop
GetThreadDesktop
GetMenuItemID
IsHungAppWindow
DrawTextW
GetSysColor
TrackPopupMenu
SendMessageCallbackW
DeregisterShellHookWindow
EndDialog
IsDlgButtonChecked
LoadIconW
GetSysColorBrush
CloseDesktop
OpenInputDesktop
SetActiveWindow
IsRectEmpty
GetAsyncKeyState
RegisterShellHookWindow
FillRect
GetCursorPos
SetPropW
CopyRect
LockSetForegroundWindow
MonitorFromPoint
InflateRect
GetClassNameW
SubtractRect
RedrawWindow
EnumDisplayMonitors
OffsetRect
IntersectRect
SetWindowRgn
GetMenuState
GhostWindowFromHungWindow
HungWindowFromGhostWindow
GetWindowPlacement
RemovePropW
SendMessageTimeoutW
UnregisterHotKey
RegisterHotKey
InsertMenuW
ModifyMenuW
ClientToScreen
ScreenToClient
GetMenuItemCount
GetFocus
GetScrollInfo
InternalGetWindowText
GetKeyState
ChangeDisplaySettingsW
GetWindowLongW
EnumChildWindows
SendMessageW
GetWindow
GetWindowRect
PtInRect
SetCursor
ChildWindowFromPoint
SetCursorPos
GetMessagePos
LoadAcceleratorsW
WaitMessage
TranslateAcceleratorW
GetWindowRgnBox
GetActiveWindow
MessageBeep
SetWindowPlacement
SetRect
SendNotifyMessageW
UpdateLayeredWindow
GetLastInputInfo
SendDlgItemMessageW
AllowSetForegroundWindow
RemoveMenu
SetParent
CallWindowProcW
EnableWindow
GetDlgItemInt
SetDlgItemInt
CheckDlgButton
CopyIcon
DrawFocusRect
NotifyWinEvent
ExitWindowsEx
DrawEdge
WindowFromPoint
GetDoubleClickTime
SetCapture
TrackMouseEvent
LockWorkStation
AppendMenuW
GetParent
SetScrollPos
SetRectEmpty
AdjustWindowRectEx
BringWindowToTop
CascadeWindows
GetSystemMetrics
SystemParametersInfoW
FindWindowW
ReleaseDC
GetDC
DestroyMenu
GetMenuDefaultItem
TileWindows
GetAncestor
SwitchToThisWindow
CheckMenuItem
ShowWindowAsync

msvcrt

memset
_unlock
_ftol2_sse
_except_handler4_common
__set_app_type
memcpy
free
memmove
realloc
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
_vsnwprintf
malloc
__wgetmainargs
_cexit
_exit
__p__fmode
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode

ntdll

NtOpenThreadToken
NtOpenProcessToken
RtlGetProductInfo
NtQueryInformationToken
NtClose
NtQueryInformationProcess
NtSetInformationProcess
WinSqmAddToStream
NtSetSystemInformation

shlwapi

PathGetDriveNumberW
ord197
ord292
PathRemoveFileSpecW
ord157
ord478
SHRegGetUSValueW
ord433
StrDupW
PathQuoteSpacesW
ord467
ord479
ord163
ord193
StrChrIW
ord388
ord548
ord256
SHRegOpenUSKeyW
SHRegQueryUSValueW
StrCmpW
AssocQueryStringW
ord199
ord204
ord165
ord630
ord629
AssocQueryKeyW
PathParseIconLocationW
PathIsPrefixW
ord509
PathRemoveExtensionW
SHOpenRegStream2W
PathFileExistsW
ord348
ord631
ord184
ord212
PathFindExtensionW
SHQueryInfoKeyW
ord460
ord213
ord192
ord413
ord279
ord16
ord278
ord240
SHDeleteKeyW
PathAppendW
SHDeleteValueW
ord174
ord635
ord618
PathRemoveArgsW
PathRemoveBlanksW
StrCmpNIW
PathFindFileNameW
ord437
SHSetValueW
SHGetValueW
SHCreateThreadRef
SHSetThreadRef
ord158
ord270
PathCombineW
SHRegGetValueW
StrToIntW
ord8
ord9
ord10
PathGetArgsW
StrChrW
ord176
ord175
ord172
ord164
SHStrDupW
ord219
ord171
ord484
ord178
ord177
StrRetToBufW
ord236
ord439
ord2
ord217
ord24
ord476
StrRetToStrW
ord154
ord215
StrStrIW
ord194
ord156
PathMatchSpecW
PathIsRootW
PathIsNetworkPathW
SHQueryValueExW
AssocCreate
StrCmpIW
ord513
ord512
ord571
StrCmpNW
ord237
ord628
StrPBrkW
ord639
ord487
ord168
PathStripToRootW
ord225
PathIsDirectoryW
ord632

shell32

ord193
ord790
ord787
ord732
ord24
ord719
ord134
ord22
SHGetDesktopFolder
ord261
SHBindToFolderIDListParent
ord152
ord196
ord28
ord265
ord814
ord815
SHGetIDListFromObject
ord747
ord821
ord820
ord839
ord836
ord849
SHCreateShellItemArrayFromIDLists
ord818
ord830
SHCreateItemFromIDList
SHCreateShellItemArrayFromShellItem
ord154
ord6
SHBindToFolderIDListParentEx
SHChangeNotify
SHAddToRecentDocs
DuplicateIcon
ord244
ord733
ord54
ShellExecuteW
ord91
ord254
SHGetPathFromIDListA
SHUpdateRecycleBinIcon
SHGetKnownFolderIDList
SHGetFolderPathEx
SHFileOperationW
ord731
ord711
ord102
ord60
ord21
ord874
SHGetPathFromIDListW
ord64
ord61
ord753
ord16
ord19
ord2
ord644
ord645
ord137
ExtractIconExW
ord727
ord4
ord181
ord162
SHGetSpecialFolderLocation
ord17
ord23
SHBindToParent
Shell_NotifyIconW
SHGetFolderPathAndSubDirW
Shell_GetCachedImageIndexW
SHGetFolderPathW
ord132
SHEvaluateSystemCommandTemplate
ord241
ord236
ord149
ord188
ord660
ord680
ord852
ord201
ord89
ord68
ord200
SHBindToObject
ord25
ShellExecuteExW
ord245
ord723
SHGetSpecialFolderPathW
ord176
SHParseDisplayName
ord155
SHGetFolderLocation
ord190
ord18
ord100
ord85
ord67

ole32

CoTaskMemFree
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoGetClassObject
OleInitialize
OleUninitialize
CoGetObject
StringFromGUID2
CoUninitialize
CoInitialize
RevokeDragDrop
RegisterDragDrop
CoRegisterMessageFilter
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
DoDragDrop
CoInitializeEx
CreateBindCtx
CoFreeUnusedLibraries
PropVariantClear

oleaut32

VariantInit
VariantClear
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString

shdocvw

ord110
ord111

uxtheme

IsCompositionActive
IsAppThemed
GetThemeMargins
GetThemeRect
IsThemePartDefined
GetThemeBackgroundRegion
DrawThemeTextEx
GetThemeFont
GetThemeColor
GetThemeBool
GetThemeInt
SetWindowTheme
DrawThemeText
GetThemeTextExtent
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeParentBackground
GetThemePartSize
GetThemeMetric
GetThemeBackgroundContentRect

powrprof

GetPwrCapabilities

dwmapi

DwmIsCompositionEnabled
ord105
DwmSetWindowAttribute
DwmEnableBlurBehindWindow
DwmQueryThumbnailSourceSize
DwmGetColorizationColor
DwmUpdateThumbnailProperties
DwmRegisterThumbnail
DwmUnregisterThumbnail

gdiplus

GdiplusShutdown
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdiplusStartup
GdipCreateFromHDC
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDeleteGraphics
GdipFree
GdipAlloc
GdipSetCompositingMode

slc

SLGetWindowsInformationDWORD

rpcrt4

RpcBindingFree
RpcStringFreeW
RpcBindingFromStringBindingW
NdrClientCall2
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW

propsys

PSGetPropertyKeyFromName
PSPropertyKeyFromString
PSGetPropertyDescription
PSGetNameFromPropertyKey
VariantToBooleanWithDefault
VariantToInt32WithDefault
VariantToStringWithDefault
PSCreateMemoryPropertyStore
VariantToStringAlloc
PropVariantToStringAlloc

browseui

ord118
ord135

Sections

.text
Size: 431KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b94dd67b6a4d667d1d489b1520f949f2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

shlwapi

shell32

ole32

oleaut32

shdocvw

uxtheme

powrprof

dwmapi

gdiplus

slc

rpcrt4

propsys

browseui

Sections

.text Size: 431KB - Virtual size: 431KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 75KB - Virtual size: 74KB

.text
Size: 431KB - Virtual size: 431KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 75KB - Virtual size: 74KB