afa1f0a864943fc85192c5177acf34aa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

afa1f0a864943fc85192c5177acf34aa_JaffaCakes118
Size

86KB
MD5

afa1f0a864943fc85192c5177acf34aa
SHA1

a7388b0ebb9f490e4dde5b92edd952f8d7b38f47
SHA256

710e8c89406dde4dcb5443e89bf7c46a80c475aeca617250e9724b309ab15574
SHA512

9c33162b42aeca7daa1cf1312e8e31e5d2fca1ad956b26189d20fd00bb7b9b31b295510532af9bf35d0e522e7927315e3c29b2b085dcad34864fe3728f0a2617
SSDEEP

1536:BR1CfuVspDioadTDJWsydemqRgXaM7ibRC5Cd0eDV1ncyCUHpHvcc+z0:BRUhDioad/EFdRwmioCd0+8QJPccC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afa1f0a864943fc85192c5177acf34aa_JaffaCakes118

Files

afa1f0a864943fc85192c5177acf34aa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5fab9b9b9703132c62cf39733c6ca8ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CreateProcessAsUserW
GetAclInformation
GetTrusteeTypeA
GetExplicitEntriesFromAclA
GetPrivateObjectSecurity
GetTrusteeTypeW
GetNamedSecurityInfoW
PrivilegedServiceAuditAlarmW
DeregisterEventSource
FreeSid
NotifyBootConfigStatus
SetEntriesInAuditListW
QueryServiceLockStatusW
RegDeleteKeyW
RegOpenKeyW
TrusteeAccessToObjectW
GetSecurityInfo
CryptDestroyHash
RegEnumKeyA
CryptSetProviderExW
LookupSecurityDescriptorPartsA
GetSidLengthRequired
CryptImportKey
InitializeSecurityDescriptor
CryptEnumProviderTypesW
CreatePrivateObjectSecurity
SetEntriesInAccessListA
RegCreateKeyExA
RegSaveKeyA
AdjustTokenPrivileges
AddAuditAccessAce
ObjectCloseAuditAlarmA
CopySid
GetSecurityDescriptorSacl
BuildSecurityDescriptorA
RegQueryInfoKeyW
GetCurrentHwProfileW
ConvertAccessToSecurityDescriptorA
SetSecurityDescriptorGroup
CryptSignHashA
RegOpenKeyExA
StartServiceCtrlDispatcherW
ChangeServiceConfigW
EnumDependentServicesW
InitializeSid
RegEnumKeyW
LockServiceDatabase
InitiateSystemShutdownW
AccessCheckAndAuditAlarmA
CryptGenRandom
GetFileSecurityW
RegCreateKeyExW
CryptReleaseContext
GetEffectiveRightsFromAclW
CryptAcquireContextA
RegFlushKey
OpenServiceA
CryptSetProviderW
CloseServiceHandle
OpenServiceW
GetOverlappedAccessResults
RegQueryValueExA
ImpersonateSelf
ConvertSecurityDescriptorToAccessNamedW
PrivilegedServiceAuditAlarmA
GetServiceDisplayNameW
GetSidSubAuthority
GetNamedSecurityInfoA
ReadEventLogW
SetSecurityInfoExA
EnumServicesStatusA
ConvertAccessToSecurityDescriptorW
CryptContextAddRef
RegSetValueA
RegQueryValueExW
GetMultipleTrusteeOperationW
GetExplicitEntriesFromAclW
RegEnumKeyExW
RegQueryValueA
BuildExplicitAccessWithNameA
BuildImpersonateExplicitAccessWithNameW
RegQueryMultipleValuesW
GetAccessPermissionsForObjectA
GetAccessPermissionsForObjectW
CryptEnumProvidersW
CryptGenKey
GetNumberOfEventLogRecords
CryptAcquireContextW
RegisterServiceCtrlHandlerW
SetSecurityInfoExW
AreAnyAccessesGranted
DeleteService
CryptSignHashW
RegSetValueW
CryptHashSessionKey
SetNamedSecurityInfoExW
OpenEventLogW
ReadEventLogA
RegCreateKeyA
CryptGetDefaultProviderW
ClearEventLogW
SetSecurityDescriptorOwner
LookupSecurityDescriptorPartsW
EnumServicesStatusW
RegConnectRegistryA
InitializeAcl
GetCurrentHwProfileA
CreateServiceW
SetEntriesInAclW
LookupAccountSidW
RegCreateKeyW
CryptExportKey
BuildImpersonateTrusteeA
RegDeleteValueA
IsValidAcl
AddAccessDeniedAce
MakeAbsoluteSD

kernel32

MapViewOfFile
SetCalendarInfoA
VirtualAlloc
UnhandledExceptionFilter
UpdateResourceW
CommConfigDialogW
GetDevicePowerState
SetNamedPipeHandleState
ReleaseSemaphore
CreateMutexA
GetBinaryTypeW
Heap32Next
RemoveDirectoryA
GlobalFindAtomW
GenerateConsoleCtrlEvent
CreateDirectoryA
BuildCommDCBA
WaitForDebugEvent
SetDefaultCommConfigA
DosDateTimeToFileTime
GetProcessHeaps
UnlockFile
GetQueuedCompletionStatus
FileTimeToDosDateTime
CreateRemoteThread
IsDBCSLeadByte
CreateEventA
InitAtomTable
GetUserDefaultLCID
GetNumberFormatA
OpenMutexW
CreatePipe
lstrcat
GetCommTimeouts
BackupWrite
FoldStringW
VirtualProtectEx
HeapLock
BeginUpdateResourceA
SetConsoleActiveScreenBuffer
Thread32First
GetConsoleCP
BuildCommDCBAndTimeoutsA
LocalUnlock
FlushViewOfFile
GetThreadLocale
RequestWakeupLatency
GetConsoleTitleA
EnumCalendarInfoExA
GetProcessAffinityMask
SetEnvironmentVariableA
EnumResourceTypesW
FindFirstFileExW
MoveFileA
GetDefaultCommConfigA
Module32Next
GlobalHandle
PeekConsoleInputA
ReadConsoleOutputCharacterW
IsValidCodePage
CreateEventW
GetUserDefaultLangID
LockResource
LocalFileTimeToFileTime
LocalSize
SetConsoleWindowInfo
GetEnvironmentStringsW
AreFileApisANSI
GetSystemInfo
GetConsoleTitleW
IsBadHugeWritePtr
GetComputerNameW
OutputDebugStringW
GlobalGetAtomNameW
GetPrivateProfileIntW
GetDiskFreeSpaceExA
HeapCompact
VirtualProtect
TerminateThread
SetThreadExecutionState
FreeEnvironmentStringsW
GetWindowsDirectoryW
LoadLibraryA
GetProcessShutdownParameters
SetFileTime
CreateDirectoryExA
ResetEvent
SetLastError
GetCommMask
MoveFileExA
AllocConsole
SwitchToThread
CreateToolhelp32Snapshot
FlushConsoleInputBuffer
FindResourceExW
GetTimeZoneInformation
IsBadHugeReadPtr
GetModuleHandleA
EnumTimeFormatsW
GetTapeParameters
SetProcessShutdownParameters
GetStringTypeExA
GetPrivateProfileStringA
GetExitCodeProcess
ConnectNamedPipe
LoadLibraryExW
DeviceIoControl
WideCharToMultiByte
EnumCalendarInfoA
WritePrivateProfileStringW
FileTimeToLocalFileTime
GlobalFree
lstrcatW
CreateFileA
LocalFlags
CallNamedPipeW
PurgeComm
GetLogicalDriveStringsW
WriteConsoleA
GetCurrentDirectoryW
GetVersion
OpenWaitableTimerW
SetCommBreak
LCMapStringA
SetConsoleMode
ReadConsoleOutputA

shlwapi

SHQueryInfoKeyA
PathParseIconLocationA
SHOpenRegStreamW
StrCmpNA
IntlStrEqWorkerA
PathIsSameRootA
PathGetCharTypeW
SHRegOpenUSKeyW
PathFindSuffixArrayW
PathIsUNCServerShareW
PathGetDriveNumberW
StrNCatW
GetMenuPosFromID
SHRegDeleteEmptyUSKeyW
PathStripPathA
PathCreateFromUrlA
StrCSpnA
PathCompactPathExA
StrStrW
SHSetValueA
PathSkipRootW
PathRemoveBackslashW
PathRemoveExtensionA
StrIsIntlEqualW
PathCanonicalizeA
SHQueryInfoKeyW
SHRegDuplicateHKey
StrTrimW
PathSkipRootA
UrlHashW
SHGetThreadRef
StrCpyW
SHRegCreateUSKeyW
ChrCmpIW
UrlGetPartA
SHEnumKeyExW
SHRegEnumUSValueW
PathGetCharTypeA
UrlEscapeA
PathStripToRootW
UrlGetLocationW
PathIsUNCServerShareA
AssocQueryStringW
SHEnumValueA
SHRegQueryUSValueA
SHSetThreadRef
PathFindOnPathA
SHDeleteKeyA
UrlCombineW
StrToIntA
SHRegWriteUSValueW
PathIsFileSpecA
SHRegDeleteEmptyUSKeyA
PathUnquoteSpacesW
PathRemoveBlanksA
PathIsSystemFolderA
StrChrIW
PathRenameExtensionA
PathFindOnPathW
StrFormatKBSizeA
UrlGetPartW
PathAppendW
PathCompactPathA
PathIsLFNFileSpecA
StrSpnW
SHQueryValueExA
SHEnumKeyExA
SHStrDupA
SHRegDeleteUSValueW
PathRemoveArgsA
StrRetToStrA
SHGetInverseCMAP
UrlEscapeW
PathIsUNCW
PathMakePrettyA
PathFindFileNameA
AssocQueryStringA
StrStrIW
PathIsNetworkPathW
SHRegGetUSValueA
PathCommonPrefixA
PathIsUNCServerA
PathRemoveFileSpecW
StrCmpW
AssocQueryStringByKeyW
SHRegWriteUSValueA
PathIsRootA
AssocQueryKeyW
PathAddExtensionA
PathAddBackslashW
SHEnumValueW
SHRegSetUSValueW
PathFindSuffixArrayA
PathIsSameRootW
PathStripPathW
PathRemoveBlanksW
StrToIntW
SHDeleteValueA
PathCanonicalizeW
PathIsRootW
StrSpnA
StrFromTimeIntervalA
PathMakeSystemFolderA
StrChrA
StrToIntExW
SHRegSetUSValueA
PathQuoteSpacesW
PathIsUNCServerW

ole32

CoFileTimeToDosDateTime
UtGetDvtd16Info
CoGetMalloc
ReadClassStg
CoGetPSClsid
CoMarshalInterface
StringFromIID
OleInitialize
OleCreateDefaultHandler
StgOpenAsyncDocfileOnIFillLockBytes
CreateFileMoniker
ReadClassStm
CoGetInstanceFromIStorage
WriteOleStg
PropVariantCopy
OleNoteObjectVisible
CoRegisterPSClsid
OleCreateFromData
IIDFromString
CoRegisterMallocSpy
CoCreateInstance
OleSetAutoConvert
StgOpenStorage
CoLockObjectExternal
CoImpersonateClient
CoRegisterChannelHook
CoReleaseServerProcess
OleCreateFromFileEx
CoIsOle1Class
CoInitializeEx
WriteClassStg
CoLoadLibrary
CoReleaseMarshalData
CreateClassMoniker
OleConvertIStorageToOLESTREAMEx
CoDisconnectObject
CoCopyProxy
SetConvertStg
ReadFmtUserTypeStg
OleRegEnumFormatEtc
CoRegisterClassObject
CoTaskMemAlloc
WriteClassStm
CoQueryAuthenticationServices
OleRegGetMiscStatus
OleCreateLinkEx
OleSaveToStream
CoGetClassObject
CreateItemMoniker
CoIsHandlerConnected
PropVariantClear
CoTaskMemRealloc
OleSetMenuDescriptor
StringFromGUID2
UpdateDCOMSettings
CreateBindCtx
GetDocumentBitStg
DoDragDrop
MkParseDisplayName
CoRegisterSurrogate
OleCreate
StgIsStorageILockBytes
CoFreeAllLibraries
CoGetObject
OleQueryCreateFromData
OleCreateStaticFromData
CreateGenericComposite
OleCreateLink
CoBuildVersion
OleIsCurrentClipboard
WriteStringStream
OleCreateLinkFromData
CreateObjrefMoniker
CoUnmarshalInterface
StgCreateStorageEx
UtGetDvtd32Info
CoTaskMemFree
OleConvertOLESTREAMToIStorage
CoFileTimeNow
CoSwitchCallContext
ReleaseStgMedium
StgCreateDocfile
MonikerRelativePathTo
GetHookInterface
IsEqualGUID
OleQueryLinkFromData
CoMarshalInterThreadInterfaceInStream
CoUninitialize
StgOpenStorageEx
OleLoadFromStream
OleMetafilePictFromIconAndLabel
OleCreateLinkFromDataEx
CoCreateInstanceEx
ReadOleStg
CoGetInstanceFromFile
CreateAntiMoniker
CreateOleAdviseHolder
OleCreateLinkToFile
CoGetCallerTID
OleRun
CoTreatAsClass
SetDocumentBitStg
WriteFmtUserTypeStg
CoDosDateTimeToFileTime

user32

GetDlgItem
GetCaretPos
EndDialog
SetUserObjectSecurity
DefFrameProcW
DdeGetLastError
GetKeyboardLayout
CreateCaret
GetAltTabInfo
MessageBoxExW
SendMessageTimeoutA
DlgDirSelectComboBoxExW
CascadeWindows
GetMenu
GetClassWord
ChangeDisplaySettingsExA
GetMenuItemInfoW
ReplyMessage
SendDlgItemMessageW
SetParent
IsCharAlphaA
GetUserObjectInformationA
SwitchDesktop
GetKeyboardLayoutNameA
PeekMessageA
GetWindowLongA
SetDoubleClickTime
GetClassNameA
OemToCharW
CreateDialogParamW
NotifyWinEvent
DdeQueryConvInfo
RemovePropW
GetCursor
GetWindowThreadProcessId
DdeFreeDataHandle
EnumDisplaySettingsW
ChangeMenuW
RealChildWindowFromPoint
GetKeyboardLayoutNameW
CloseClipboard
SetActiveWindow
GetMonitorInfoW
RegisterWindowMessageA
GetDlgItemInt
LoadMenuIndirectW
PostMessageW
CharLowerW
CascadeChildWindows
OpenWindowStationA
CopyRect
LoadMenuW
PostThreadMessageW
CheckDlgButton
DragObject
InvalidateRgn
GetMenuItemID
SetClipboardViewer
LoadBitmapA
DdeAddData
LockWindowUpdate
OpenWindowStationW
GetWindowRect
GetMessageExtraInfo
OemKeyScan
GetNextDlgGroupItem
IsCharLowerW
GetKeyNameTextA
CallWindowProcA
CharLowerBuffW
ToUnicode
ShowCursor
EnumDesktopWindows
CreateWindowStationW
EditWndProc
IsCharAlphaNumericA
SystemParametersInfoW
DdeConnect
CreatePopupMenu
CheckRadioButton
SendMessageCallbackA
ToAscii
GetScrollPos
GetShellWindow
SetPropW
DefDlgProcA
GetCaretBlinkTime
IntersectRect
DefDlgProcW
GetMenuItemRect
GetDC
ChangeDisplaySettingsExW
CharUpperBuffA
LoadKeyboardLayoutA
IsZoomed
DefWindowProcA
OffsetRect
MapVirtualKeyExW
CreateDialogIndirectParamW
ChildWindowFromPoint
GetGUIThreadInfo
DialogBoxIndirectParamA
RemovePropA
InsertMenuA
SetMenuItemInfoW
EndTask
SendMessageTimeoutW
ToUnicodeEx
SubtractRect
EnumThreadWindows
SetCursor
LoadStringW
OpenIcon
ShowCaret
SendIMEMessageExW
IsRectEmpty
SetDlgItemTextA
LoadStringA
GetWindowInfo
GetClipCursor
CreateDesktopW
DefFrameProcA
GetForegroundWindow
DlgDirListA
EnumDisplayMonitors
MapVirtualKeyW
DrawFocusRect
GetUserObjectInformationW
AppendMenuW
GetAsyncKeyState
EnumChildWindows
ShowWindow

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5fab9b9b9703132c62cf39733c6ca8ac

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

shlwapi

ole32

user32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 4KB