b3f7b80fdd5a09ea5272d45280051ade_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3f7b80fdd5a09ea5272d45280051ade_JaffaCakes118
Size

670KB
MD5

b3f7b80fdd5a09ea5272d45280051ade
SHA1

9cbbd1e4c4e1a2cc191a51c35d9ab4d7255ddb85
SHA256

592e656155ae9b9a9b090c4c24b03d7da261e995968a68eb00b4b68b8fc013c3
SHA512

395f2fbeebf4b1a342a37876618d22fa4c0ddc0af81539a501c0818c87672b19881cb49dd3c1a0911ee932eb888d52830197bdce730718d7ab4b570b91d874f4
SSDEEP

12288:XoHwf/KqwwdGG1/R19p8VRKu8hI5Q8crUXfnhNPmuoE+l6X3/pIu9ZLjUpbObU:XogeQ8cwfvP7jpIssbKU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3f7b80fdd5a09ea5272d45280051ade_JaffaCakes118

Files

b3f7b80fdd5a09ea5272d45280051ade_JaffaCakes118
.exe windows:5 windows x86 arch:x86

651c13807c82e3cf32afc77c7473e36f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

aa_global

?AA_GetVersion@@YAHPA_W@Z
?AABadProcessW@@YAHPA_W0K0@Z
?AABadServiceW@@YAHPA_W0K0@Z
?AABadLSP@@YAHKPA_W00K0@Z
?AABadShellServiceObjectDelayLoad@@YAHPA_W000@Z
?AABadSharedTaskScheduler@@YAHPA_W000@Z
?AABadRunKeyW@@YAHPA_W00K0@Z
?AABadWinlogonValue@@YAHPA_W00@Z
?AABadStartupFolderW@@YAHHPA_W00@Z
?AABadScheduledTask@@YAHPA_W00@Z
?AABadProgramAssociation@@YAHPA_W00@Z
?AABadShellExtension@@YAHPA_W0K0@Z
?AABadShellExecuteHook@@YAHPA_W0K0@Z
?AABadFolderDll@@YAHPA_W0K0@Z
?AABadExtDll@@YAHPA_W0K0@Z
?AABadNotifyDll@@YAHPA_W0K0@Z
?AABadProtocolFilter@@YAHPA_W00K0@Z
?AABadProtocolHandler@@YAHPA_W00K0@Z
?AABadIEBHOW@@YAHPA_W0K0@Z
?AABadIEToobarW@@YAHPA_W0K0@Z
?AABadIEExplorerBar@@YAHPA_W0K0@Z
?AABadIEUrlSearchHook@@YAHPA_W0K0@Z
?AABadIEProxy@@YAHPA_W000@Z
?AABadStartMenuInternet@@YAHPA_W00@Z
?AABadSysRestriction@@YAHPA_WK00@Z
?AABadSecurityProvider@@YAHPA_W00@Z
?AABadSecurityPackage@@YAHPA_W000@Z
?AABadUnknownDll@@YAHPA_WK0@Z
?AABadAppCert@@YAHPA_W00@Z
?AABadRootkit@@YAHPA_W0K0@Z
?AABadHKCRKey@@YAHPA_W0@Z
?AABadInterfaceKey@@YAHPA_W0@Z
?AABadSoftwareKey@@YAHPA_W0@Z
?AABadUninstaller@@YAHPA_W0@Z
?AABadFolder@@YAHPA_W0@Z
?AABadFile@@YAHPA_W0@Z
?AA_CV@@YAHPA_W@Z
?AANormalAppInit_Dll@@YAHPA_W@Z

kernel32

CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
WritePrivateProfileStringW
FileTimeToLocalFileTime
lstrlenA
InterlockedIncrement
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
SetErrorMode
InterlockedExchange
GetFileSizeEx
GetFileTime
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
RaiseException
ExitThread
CreateThread
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetThreadLocale
GlobalGetAtomNameW
GetModuleHandleA
SuspendThread
SetThreadPriority
GetProfileIntW
GetTickCount
InterlockedDecrement
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
FreeLibrary
CompareStringW
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetProcAddress
GetVersionExA
SetLastError
GlobalFree
GlobalSize
GlobalAlloc
FormatMessageW
lstrlenW
MulDiv
GetFileAttributesW
GetLogicalDriveStringsW
DeviceIoControl
GetVersion
GetEnvironmentVariableW
RemoveDirectoryW
SetFileAttributesW
FindNextFileW
GetSystemInfo
GetVersionExW
LocalFree
GetCurrentProcess
GetFileAttributesExW
ExpandEnvironmentStringsW
GetUserDefaultUILanguage
GetModuleFileNameW
CreateMutexW
LoadLibraryW
FindClose
CopyFileW
FindFirstFileW
GetCommandLineW
CreateDirectoryW
GetCurrentProcessId
SetEvent
GetSystemDirectoryW
DeleteFileW
GetWindowsDirectoryW
CreateEventW
Sleep
FileTimeToSystemTime
WaitForSingleObject
ResumeThread
ResetEvent
SetCurrentDirectoryW
GetCurrentDirectoryW
GetLocalTime
WriteFile
WideCharToMultiByte
GlobalUnlock
GlobalLock
FindResourceW
LoadResource
LockResource
SizeofResource
TerminateProcess
GetLastError
OpenProcess
MultiByteToWideChar
lstrcmpiW
CloseHandle
ReadFile
CreateFileW

user32

InvalidateRgn
GetNextDlgGroupItem
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
LoadMenuW
GetWindowThreadProcessId
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
IsWindowEnabled
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
MapDialogRect
CopyAcceleratorTableW
TrackPopupMenu
GetKeyState
SetMenu
SetForegroundWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSystemMetrics
LoadIconW
MessageBoxW
ShowWindow
FindWindowW
UpdateWindow
IsWindowVisible
LoadBitmapW
CopyRect
InflateRect
ReleaseDC
GetDC
GetWindowRect
InvalidateRect
GetSysColor
SetWindowLongW
SetCapture
ReleaseCapture
PtInRect
MessageBeep
SetCursor
LoadCursorW
GetClientRect
PeekMessageW
PostMessageW
GetParent
IsWindow
EnableWindow
SendMessageW
wsprintfW
CharNextW
PostThreadMessageW
SetRect
IsRectEmpty
RegisterClipboardFormatW
PostQuitMessage
UnregisterClassW
SystemParametersInfoW
GetMenuItemInfoW
GetSysColorBrush
ShowOwnedPopups
MapWindowPoints
SetWindowContextHelpId
CharUpperW
UnpackDDElParam
ReuseDDElParam
DestroyMenu
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
SetRectEmpty
BringWindowToTop
TranslateAcceleratorW
EndPaint
BeginPaint
GetWindowDC
GetMessagePos
ClientToScreen
CheckMenuItem

gdi32

GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateSolidBrush
CreateCompatibleBitmap
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
CreatePatternBrush
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateRectRgnIndirect
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CopyMetaFileW
GetDeviceCaps
StretchBlt
BitBlt
CreateCompatibleDC
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
GetStockObject

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegEnumKeyW
RegEnumValueW
StartServiceW
OpenServiceW
CreateServiceW
CloseServiceHandle
OpenSCManagerW
RegSetKeySecurity
InitializeSecurityDescriptor
RegOpenKeyW
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
DragQueryFileW
DragFinish

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoCreateInstance
CoUninitialize
CoRegisterMessageFilter
CoTaskMemFree
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
CoInitializeEx
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoInitialize

oleaut32

VariantCopy
OleCreateFontIndirect
SysAllocString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysFreeString
SysStringLen

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

wininet

InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW

ws2_32

WSCEnumProtocols
WSCGetProviderPath
WSCDeinstallProvider

Sections

.text
Size: 460KB - Virtual size: 459KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

651c13807c82e3cf32afc77c7473e36f

Headers

DLL Characteristics

File Characteristics

Imports

aa_global

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

rpcrt4

wininet

version

psapi

setupapi

ws2_32

Sections

.text Size: 460KB - Virtual size: 459KB

.rdata Size: 121KB - Virtual size: 121KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 53KB - Virtual size: 52KB

.text
Size: 460KB - Virtual size: 459KB

.rdata
Size: 121KB - Virtual size: 121KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 53KB - Virtual size: 52KB