aa08e3668375b0ba400455dffe71852e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aa08e3668375b0ba400455dffe71852e_JaffaCakes118
Size

86KB
MD5

aa08e3668375b0ba400455dffe71852e
SHA1

a4edbe661884d925a4d97ae1dce1752328217909
SHA256

535d21f936cfbe0b4dca8b4b7d71ebb44873d3e964641aca1326350d2cee2eeb
SHA512

ea64e890a38da779a2840e726ab0010bbf9e1b68845ee4c744bae4c844b20e2b7d147a2ffdc6a0cc78e045f21b3fe6134b0f6f523b8793f1f119bc52e1d594f1
SSDEEP

1536:kVgoYNAxiDRUJqUfn+o4wuZtzVfsIdiY9Ar/JejyipEOKCKMC2GTaM:kVJYNAwRUJqSn+o4wu5fsWiY9q/JaKCy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa08e3668375b0ba400455dffe71852e_JaffaCakes118

Files

aa08e3668375b0ba400455dffe71852e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a7ec35a2558ec2802f49da429f4d975a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StgIsStorageFile
CoSetProxyBlanket
OleConvertOLESTREAMToIStorageEx
OleCreateLinkToFileEx
CoMarshalInterThreadInterfaceInStream
WriteClassStm
WriteStringStream
CreateILockBytesOnHGlobal
StgCreateDocfile
StgGetIFillLockBytesOnFile
StgOpenStorageOnILockBytes
CoGetObject
CreatePointerMoniker
CoGetMalloc
OleSave
CoGetCurrentProcess
CoCreateFreeThreadedMarshaler
IsEqualGUID
CoQueryAuthenticationServices
CoGetTreatAsClass
GetHookInterface
SetDocumentBitStg
StgOpenAsyncDocfileOnIFillLockBytes
OleGetClipboard
CoCreateGuid
OleCreateFromFile
OleCreateLinkFromData
UtConvertDvtd32toDvtd16
OleRegGetMiscStatus
CoFreeLibrary
CoUnmarshalHresult
CLSIDFromString
OleSaveToStream
StringFromGUID2
OleTranslateAccelerator
CoGetStandardMarshal
CreateDataCache
OleIsRunning
StringFromIID
OleGetIconOfClass
CoRegisterMallocSpy
CoGetInstanceFromFile
ReadStringStream
CoInitialize
ProgIDFromCLSID
UtGetDvtd16Info
FreePropVariantArray
CoReleaseServerProcess
ReadClassStm
CoTaskMemRealloc
CoMarshalHresult
CoDisconnectObject
OleCreateDefaultHandler
MkParseDisplayName
CoRegisterChannelHook
OleSetAutoConvert
IIDFromString
CoGetInstanceFromIStorage
GetDocumentBitStg
OleCreateLinkFromDataEx
CreateClassMoniker
CoGetPSClsid
StgOpenStorage
OleRegGetUserType
OleIsCurrentClipboard
CoRevokeClassObject
OleLoadFromStream
CreateOleAdviseHolder
CoIsHandlerConnected
OleQueryCreateFromData
CoRevokeMallocSpy
CoRegisterClassObject
GetClassFile
BindMoniker
OleLockRunning
OleGetAutoConvert
StringFromCLSID
CreateAntiMoniker
WriteClassStg
CoDosDateTimeToFileTime
CoQueryReleaseObject
CoCreateInstanceEx
CoQueryProxyBlanket
CoGetMarshalSizeMax
OleCreateLink
OleMetafilePictFromIconAndLabel
OleConvertOLESTREAMToIStorage
SetConvertStg
RegisterDragDrop
DllDebugObjectRPCHook
OleDuplicateData
CoLockObjectExternal
CoGetInterfaceAndReleaseStream
CoQueryClientBlanket
MonikerRelativePathTo
OleCreateFromFileEx
CoSwitchCallContext
CoResumeClassObjects

kernel32

PurgeComm
GetCPInfoExA
SetFileAttributesA
GetTapePosition
VirtualAlloc
GetCPInfo
GetProcessAffinityMask
GetLocalTime
GetExitCodeThread
AreFileApisANSI
WriteProfileStringW
GetPrivateProfileIntW
GetCurrentDirectoryA
GetDevicePowerState
SetSystemPowerState
SetComputerNameW
DefineDosDeviceW
GetAtomNameW
VirtualUnlock
lstrcat
GetLogicalDriveStringsW
EnumDateFormatsW
CancelDeviceWakeupRequest
MoveFileExW
GetTapeStatus
ReadConsoleOutputA
WriteTapemark
VirtualProtect
CancelWaitableTimer
GetConsoleTitleW
CallNamedPipeW
OpenSemaphoreW
WritePrivateProfileSectionW
GetDiskFreeSpaceA
SetConsoleCtrlHandler
Module32Next
GetModuleHandleW
GetBinaryType
GetProcessShutdownParameters
WriteConsoleOutputCharacterA
GetStartupInfoW
Heap32First
GetNamedPipeHandleStateW
lstrcmpi
GetCommProperties
TlsFree
FindFirstFileExW
GetStringTypeExA
GetThreadTimes
VerLanguageNameA
SetProcessPriorityBoost
FreeConsole
DebugActiveProcess
GetProfileSectionA
EnumSystemCodePagesA
DeleteFileW
GetUserDefaultLCID
Beep
MapViewOfFile
GetPrivateProfileSectionNamesW
SetComputerNameA
LCMapStringA
CreateWaitableTimerW
QueryPerformanceFrequency
SetTapePosition
GetConsoleCP
Heap32ListFirst
lstrcmpiW
GetCurrentThread
GetWindowsDirectoryW
SetSystemTime
LockResource
EnumSystemCodePagesW
FreeLibrary
FindFirstChangeNotificationW
GetLocaleInfoW
SetConsoleCursorInfo
ResetEvent
GetTempPathA
GetModuleFileNameW
SetSystemTimeAdjustment
SetThreadExecutionState
CreateMailslotW
GetLargestConsoleWindowSize
Thread32Next
ReadConsoleW
ExpandEnvironmentStringsA
VerLanguageNameW
GetSystemDefaultLangID
LocalUnlock
GetCommConfig
GetWindowsDirectoryA
EnumResourceNamesW
lstrcatW
SearchPathA
SetCommTimeouts
BackupWrite
EnumResourceTypesA
EnumResourceNamesA
RemoveDirectoryW
SetHandleCount
FindFirstFileExA
GetProcessWorkingSetSize
CreateDirectoryExA
CopyFileA
TlsGetValue
SetHandleInformation
TransactNamedPipe
Heap32ListNext
CreateFiber
HeapCompact
OpenWaitableTimerA
CompareStringA
ReadFile
SetMessageWaitingIndicator
GetEnvironmentVariableA
SetPriorityClass
EnumResourceLanguagesA
WriteConsoleOutputCharacterW
lstrcpyn
GenerateConsoleCtrlEvent
SetThreadLocale
GetDiskFreeSpaceW
VirtualFreeEx
GetACP
GlobalCompact
LoadResource
LocalHandle
ReadProcessMemory
SetNamedPipeHandleState
WideCharToMultiByte
lstrcatA
EndUpdateResourceW
MoveFileExA
CreateTapePartition

advapi32

MakeSelfRelativeSD
DeregisterEventSource
GetSecurityDescriptorDacl
RegSaveKeyA
InitializeSecurityDescriptor
TrusteeAccessToObjectA
RegCreateKeyA
GetNamedSecurityInfoW
CryptVerifySignatureW
RegDeleteValueW
CryptEncrypt
RegOpenKeyExA
InitializeSid
GetSidIdentifierAuthority
IsTextUnicode
CryptExportKey
InitializeAcl
BackupEventLogW
GetSecurityInfoExA
GetSecurityDescriptorGroup
RegSetKeySecurity
GetSecurityInfoExW
ClearEventLogW
SetSecurityDescriptorOwner
CancelOverlappedAccess
RegEnumKeyA
GetNamedSecurityInfoExW
SetEntriesInAccessListA
QueryServiceConfigW
GetExplicitEntriesFromAclA
SetEntriesInAuditListA
OpenProcessToken
GetSidLengthRequired
RegUnLoadKeyW
ControlService
GetAccessPermissionsForObjectA
LookupPrivilegeValueW
GetSecurityDescriptorOwner
AccessCheckAndAuditAlarmA
GetTrusteeNameW
SetSecurityInfoExW
BuildImpersonateTrusteeW
RegDeleteKeyA
GetTrusteeTypeA
OpenSCManagerW
GetEffectiveRightsFromAclA
ReadEventLogW
AddAccessAllowedAce
GetServiceDisplayNameA
LookupSecurityDescriptorPartsA
GetNamedSecurityInfoA
CryptAcquireContextW
CryptSetProvParam
GetServiceKeyNameW
UnlockServiceDatabase
GetFileSecurityA
LookupPrivilegeValueA
GetServiceKeyNameA
GetSidSubAuthorityCount
AdjustTokenGroups
BuildSecurityDescriptorW
InitiateSystemShutdownW
GetTrusteeNameA
RegReplaceKeyW
RegDeleteValueA
GetSecurityInfo
SetSecurityInfoExA
RegQueryValueExA
CryptAcquireContextA
RegCreateKeyW
RevertToSelf
RegUnLoadKeyA
EqualPrefixSid
RegOpenKeyA
GetMultipleTrusteeA
SetSecurityInfo
CryptSetProviderW
CryptEnumProvidersW
BuildTrusteeWithNameW
RegReplaceKeyA
SetSecurityDescriptorGroup
StartServiceCtrlDispatcherW
AddAce
SetFileSecurityA
OpenBackupEventLogW
CryptDecrypt
SetFileSecurityW
GetOldestEventLogRecord
CryptGetUserKey
CloseEventLog
ConvertAccessToSecurityDescriptorW
NotifyChangeEventLog
RegisterEventSourceW
ReportEventA
RegOpenKeyExW
AdjustTokenPrivileges
GetMultipleTrusteeOperationW
RegEnumKeyExA
LockServiceDatabase
PrivilegedServiceAuditAlarmW
CreateProcessAsUserA
ChangeServiceConfigA
LookupAccountSidW
LogonUserW
SetEntriesInAccessListW
CopySid
StartServiceA
OpenServiceA
GetUserNameW
ObjectPrivilegeAuditAlarmW
ReadEventLogA
ObjectDeleteAuditAlarmA
CryptEnumProviderTypesA
CryptEnumProvidersA
GetExplicitEntriesFromAclW
CryptGenRandom
OpenEventLogW
QueryServiceStatus
BuildImpersonateExplicitAccessWithNameW
ObjectOpenAuditAlarmA
OpenEventLogA
SetSecurityDescriptorSacl
CryptSetKeyParam
LogonUserA
AccessCheck
MapGenericMask
CryptDeriveKey
GetFileSecurityW

user32

PostThreadMessageA
GetKeyboardLayoutNameA
ShowOwnedPopups
SetDlgItemInt
UnhookWinEvent
HiliteMenuItem
DeferWindowPos
ShowWindowAsync
DdeFreeDataHandle
GetDCEx
GetClipboardData
CharLowerW
WINNLSGetEnableStatus
DdeImpersonateClient
GetUpdateRgn
DestroyAcceleratorTable
IsCharAlphaA
SendNotifyMessageW
GetDlgItemInt
PaintDesktop
UnionRect
SetWindowTextW
SwitchDesktop
DestroyCursor
UnregisterClassA
GetKeyNameTextA
GetMessageA
CascadeWindows
LoadIconA
SetWindowPos
GetInputState
SwitchToThisWindow
InvalidateRect
CharToOemBuffW
EnumDisplaySettingsExA
IsChild
AdjustWindowRectEx
DestroyWindow
GetMenuItemID
DispatchMessageA
SetCapture
OffsetRect
OemToCharW
OpenDesktopA
MessageBoxExW
EndMenu
DlgDirListW
LoadAcceleratorsA
GetAsyncKeyState
GetDlgItem
SetWindowLongW
GetUserObjectInformationW
GetScrollInfo
CreateDesktopA
GetClipboardFormatNameW
GetForegroundWindow
CheckDlgButton
EndTask
SetCaretBlinkTime
GetKeyboardState
EnumWindows
ReuseDDElParam
SystemParametersInfoW
UnregisterDeviceNotification
GetCursorInfo
CreateWindowExA
SetWindowWord
AdjustWindowRect
SetWindowRgn
CreateDialogIndirectParamW
GetThreadDesktop
GetMenuBarInfo
RegisterClipboardFormatA
GetMenuItemInfoA
MapWindowPoints
TranslateMDISysAccel
IsCharAlphaNumericW
DdeSetUserHandle
GetNextDlgGroupItem
ShowCursor
SendMessageTimeoutW
ChangeMenuW
DdeKeepStringHandle
LoadBitmapW
GetWindowLongW
DdeUnaccessData
NotifyWinEvent
DefDlgProcW
DrawTextW
CheckMenuRadioItem
SetForegroundWindow
VkKeyScanW
ModifyMenuW
DefFrameProcA
InternalGetWindowText
GrayStringA
CreatePopupMenu
GetClipboardOwner
GetKeyState
SendMessageW
IsDialogMessageW
KillTimer
EqualRect
CopyImage
EnumPropsW
GetNextDlgTabItem
CountClipboardFormats
GetClassInfoExW
RegisterClipboardFormatW
EnumChildWindows
GetMenuStringA
SetWindowsHookExW
TrackPopupMenu
ReplyMessage
SendInput
EnableWindow
ToUnicodeEx
GetFocus
DrawTextA
PeekMessageW
DragObject
GetKeyboardType
GetWindowContextHelpId
SetThreadDesktop
SetMenuInfo
GetWindowLongA
GetClipboardSequenceNumber
IsWindowUnicode
ShowWindow

shlwapi

PathIsNetworkPathA
PathFindFileNameA
UrlCreateFromPathA
wnsprintfA
UrlApplySchemeW
SHQueryValueExA
PathFindFileNameW
PathCombineA
PathStripPathW
PathIsURLW
PathParseIconLocationA
SHRegEnumUSKeyA
SHAutoComplete
SHEnumKeyExW
UrlCompareA
PathSearchAndQualifyW
StrCmpNA
PathIsRootA
ChrCmpIA
PathMakePrettyW
SHCreateStreamOnFileW
UrlCanonicalizeW
PathIsSystemFolderW
StrToIntW
StrRChrA
SHRegOpenUSKeyW
AssocQueryKeyW
PathCombineW
PathCreateFromUrlA
StrCSpnA
PathIsFileSpecA
PathIsDirectoryA
AssocQueryStringA
PathAddBackslashW
PathIsUNCA
SHRegGetBoolUSValueA
UrlGetPartW
UrlIsA
StrCmpW
PathUnquoteSpacesA
SHCopyKeyW
PathFindNextComponentW
PathStripPathA
PathIsSameRootA
PathCommonPrefixW
PathRenameExtensionW
SHStrDupW
PathRemoveBackslashW
PathQuoteSpacesA
PathIsRelativeW
StrFormatByteSizeW
UrlEscapeA
PathCompactPathExA
PathRemoveExtensionW
PathSkipRootA
ColorAdjustLuma
SHRegGetBoolUSValueW
UrlIsOpaqueA
SHOpenRegStream2W
SHGetThreadRef
AssocQueryStringByKeyA
StrCatBuffA
StrToIntExW
StrDupW
StrStrA
StrStrIW
PathUndecorateA
SHEnumValueW
PathRemoveArgsW
SHCreateShellPalette
PathAddExtensionA
PathIsNetworkPathW
StrRetToBufW
PathBuildRootA
SHIsLowMemoryMachine
StrChrIW
PathIsRelativeA
UrlUnescapeW
PathGetArgsA
StrRChrIA
PathMatchSpecA
StrSpnA
SHRegDeleteUSValueW
SHRegDeleteUSValueA
UrlApplySchemeA
PathCompactPathW
PathIsDirectoryEmptyA
PathFileExistsA
SHRegGetUSValueW
AssocQueryKeyA
SHEnumKeyExA
AssocQueryStringByKeyW
StrFormatByteSize64A
StrToIntA
PathAppendW
HashData
PathGetDriveNumberA
PathIsURLA

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 181B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a7ec35a2558ec2802f49da429f4d975a

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

advapi32

user32

shlwapi

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 181B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 181B