aed0c83198c97d47f32e61bbef95ea7b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aed0c83198c97d47f32e61bbef95ea7b_JaffaCakes118
Size

71KB
MD5

aed0c83198c97d47f32e61bbef95ea7b
SHA1

1adcb2638d523098a224144dfa353f4af2961b22
SHA256

a250b1d8e039867fca95545bb318d0122a3f75a50a07ab40571bf3ecf77f5ce9
SHA512

8ea4f462ae472f22fc9de900cb07579166e642c42b67f994133fd6dc5d4a06124b3a4191c7e906a5ecbc5d2d9af028e7f2b357cc87f88c78885674092f6b7315
SSDEEP

1536:mZBuBGx2KYYe/RgL/FmzyTbDwprTaapoHiTWSx88pmVIoVJOpBTev:mLGqeJr+7IrhoCfC8pQKBTe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aed0c83198c97d47f32e61bbef95ea7b_JaffaCakes118

Files

aed0c83198c97d47f32e61bbef95ea7b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4621af927e811bcc92b4d68464b1be4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextW
RegEnumValueW
ObjectOpenAuditAlarmW
RegCreateKeyA
OpenThreadToken
GetCurrentHwProfileW
AddAce
TrusteeAccessToObjectW
SetSecurityDescriptorDacl
GetExplicitEntriesFromAclA
AdjustTokenGroups
SetFileSecurityA
AllocateLocallyUniqueId
GetOldestEventLogRecord
GetSecurityDescriptorGroup
SetTokenInformation
GetTrusteeNameW
TrusteeAccessToObjectA
GetSidIdentifierAuthority
LookupSecurityDescriptorPartsW
GetAccessPermissionsForObjectA
MakeAbsoluteSD
GetServiceKeyNameA
CryptReleaseContext
SetSecurityInfo
CryptVerifySignatureW
IsTextUnicode
MakeSelfRelativeSD
RegisterEventSourceA
RegSetValueExW
GetMultipleTrusteeOperationW
BuildTrusteeWithNameA
RegDeleteValueA
InitializeSid
RegOpenKeyA
SetNamedSecurityInfoW
EnumServicesStatusA
SetKernelObjectSecurity
CryptSetProviderA
GetUserNameW
RegQueryValueW
GetSecurityDescriptorControl
GetNamedSecurityInfoW
CryptSignHashW
GetAccessPermissionsForObjectW
OpenServiceW
ReportEventW
QueryServiceConfigA
GetSecurityDescriptorSacl
OpenBackupEventLogW
SetEntriesInAuditListW
InitializeSecurityDescriptor
CryptSetProvParam
AccessCheckAndAuditAlarmA
RegRestoreKeyA
ImpersonateSelf
SetEntriesInAccessListW
CryptSetProviderExA
BuildImpersonateTrusteeA
BuildSecurityDescriptorA
StartServiceCtrlDispatcherA
PrivilegedServiceAuditAlarmA
ConvertSecurityDescriptorToAccessNamedA
ObjectPrivilegeAuditAlarmW
CryptExportKey
InitializeAcl
ObjectDeleteAuditAlarmA
CryptHashData
CloseServiceHandle
RegEnumKeyExW
UnlockServiceDatabase
GetSecurityDescriptorOwner
RegRestoreKeyW
CancelOverlappedAccess
ClearEventLogW
AddAccessAllowedAce
GetSidSubAuthority
AbortSystemShutdownW
ConvertSecurityDescriptorToAccessA
CryptGenKey
BuildImpersonateTrusteeW
SetNamedSecurityInfoExW
FreeSid
RegUnLoadKeyW
PrivilegeCheck
RegCreateKeyExA
ConvertSecurityDescriptorToAccessW
AbortSystemShutdownA
SetAclInformation
LookupPrivilegeDisplayNameW
QueryServiceLockStatusA
AdjustTokenPrivileges
AllocateAndInitializeSid
ReadEventLogW
ConvertAccessToSecurityDescriptorA
PrivilegedServiceAuditAlarmW
NotifyBootConfigStatus
StartServiceW
BuildSecurityDescriptorW
OpenSCManagerW
AccessCheckAndAuditAlarmW
AreAnyAccessesGranted
ObjectOpenAuditAlarmA

kernel32

GlobalSize
CreateMutexW
OpenWaitableTimerA
GetCurrencyFormatW
GlobalFree
RemoveDirectoryA
ReadFile
SignalObjectAndWait
DebugActiveProcess
LoadLibraryA
BuildCommDCBW
FlushFileBuffers
HeapCompact
GlobalReAlloc
GetDiskFreeSpaceW
GlobalAddAtomW
IsBadHugeReadPtr
FindNextFileA
GetModuleFileNameW
GetEnvironmentVariableA
GetLocalTime
GetVersion
FindFirstChangeNotificationA
WriteProfileSectionA
DebugBreak
lstrcpy
GetUserDefaultLCID
GetCommMask
SetThreadLocale
WritePrivateProfileSectionA
WriteConsoleW
WaitForSingleObject
DeleteFileW
BeginUpdateResourceA
DeleteFileA
GetDevicePowerState
SwitchToThread
VirtualAlloc
GetVolumeInformationA
TransmitCommChar
CreateThread
ReleaseSemaphore
WaitCommEvent
GetCurrentProcess
LoadLibraryW
GetFileAttributesExA
AreFileApisANSI
SetConsoleMode
GetShortPathNameA
Heap32Next
GetProcessWorkingSetSize
GetComputerNameW
GetOEMCP
VerLanguageNameW
GetDiskFreeSpaceExW
GetStringTypeA
DuplicateHandle
GetDefaultCommConfigA
CreateTapePartition
GetTempFileNameA
SetLocalTime
lstrcmpA
WriteProcessMemory
WriteConsoleOutputCharacterA
WriteConsoleOutputCharacterW
GetAtomNameW
GetUserDefaultLangID
GetSystemTime
SetEndOfFile
GetVersionExW
WritePrivateProfileStructW
Module32First
GetLongPathNameA
GetSystemTimeAsFileTime
GetHandleInformation
LocalCompact
GetSystemInfo
VirtualProtect
CommConfigDialogA
CreateDirectoryExW
EnumTimeFormatsW
SetConsoleCtrlHandler
EnumResourceNamesA
FoldStringW
GetNumberOfConsoleInputEvents
WriteConsoleOutputW
GlobalFindAtomA
EnumDateFormatsExW
WriteProfileStringA
GetBinaryTypeA
SearchPathW
GetEnvironmentVariableW
GlobalFindAtomW
FormatMessageA
LoadLibraryExW
SetCommTimeouts
GetSystemDefaultLangID
EnumDateFormatsA
WriteProfileStringW
GetConsoleMode
GetProfileSectionA
ReadConsoleOutputAttribute
GetNamedPipeInfo
SetLocaleInfoW
HeapLock
LocalReAlloc
PulseEvent
WritePrivateProfileSectionW
GetComputerNameA
lstrcpyn
GetCalendarInfoA
OpenProcess

ole32

OleCreateLinkToFile
OleRegEnumVerbs
StgCreateStorageEx
CoCreateFreeThreadedMarshaler
OleDuplicateData
EnableHookObject
UtConvertDvtd32toDvtd16
OleBuildVersion
RegisterDragDrop
CoInitializeEx
CoCreateGuid
CoTreatAsClass
OleFlushClipboard
OleCreateFromFile
CoGetPSClsid
OleDestroyMenuDescriptor
OleConvertIStorageToOLESTREAMEx
MonikerCommonPrefixWith
OleSave
CreateOleAdviseHolder
OleDoAutoConvert
CoInitializeSecurity
OleCreateLink
OleCreateLinkFromDataEx
PropVariantCopy
CoIsHandlerConnected
OleConvertIStorageToOLESTREAM
CoAddRefServerProcess
CoGetMalloc
CoReleaseServerProcess
CoRegisterPSClsid
RevokeDragDrop
CoFreeLibrary
ReadOleStg
CreateDataCache
CoCreateInstanceEx
CoGetInterfaceAndReleaseStream
StgOpenStorage
CreateClassMoniker
CoQueryProxyBlanket
CoSetProxyBlanket
StringFromCLSID
CoResumeClassObjects
StgIsStorageILockBytes
OleSetClipboard
CoCreateInstance
GetDocumentBitStg
OleRegGetUserType
OleUninitialize
OleSaveToStream
UtGetDvtd32Info
CoRegisterClassObject
CoMarshalHresult
DllDebugObjectRPCHook
StgCreateDocfileOnILockBytes
ReleaseStgMedium
StringFromIID
ReadClassStm
OleCreateFromFileEx
WriteClassStg
IsAccelerator
CoGetClassObject
OleNoteObjectVisible
CoCopyProxy
OleGetClipboard
OleSetMenuDescriptor
OleLoadFromStream
CoGetTreatAsClass
CoSwitchCallContext
OleCreateStaticFromData
CreateBindCtx
CoDosDateTimeToFileTime
CoRevokeMallocSpy
FreePropVariantArray
CoGetInstanceFromIStorage
OleIsRunning
StgSetTimes
SetConvertStg
OleConvertOLESTREAMToIStorageEx
CoRegisterChannelHook
StgGetIFillLockBytesOnFile
CoReleaseMarshalData
CoMarshalInterface
DoDragDrop
UpdateDCOMSettings
CoQueryAuthenticationServices
CreateILockBytesOnHGlobal
CoMarshalInterThreadInterfaceInStream
IIDFromString
OleGetIconOfClass
CoGetStandardMarshal
OleConvertOLESTREAMToIStorage
StgCreateDocfile

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4621af927e811bcc92b4d68464b1be4c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 12KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 12KB