e0977815f79f4187b07876aa2520478b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e0977815f79f4187b07876aa2520478b_JaffaCakes118
Size

82KB
MD5

e0977815f79f4187b07876aa2520478b
SHA1

ba99db198d1dc7c16dbc1a6cbe91cdca6c91a352
SHA256

be7c4ec6da8986d56ba76b51d50bcc9b17657e3f8e823e9b3421e61d45a6b3fb
SHA512

77ac3c25ba9c39aff8440a726d7d916a8581d502a84f27bf11e6c1b97f0caca6bd5bc38528e739996f3aea6c86627c83440f6080f4fe7780e9b691bd9a6e6718
SSDEEP

1536:GmcYCPkUNMGurmoNzC0IsU4kWg5G43u8n//zki66XZ8Gs7:ZCPdb/8m07Ul5X3u8HzRho

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0977815f79f4187b07876aa2520478b_JaffaCakes118

Files

e0977815f79f4187b07876aa2520478b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a75c30ee897debcacabd7b21066db5a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrIsIntlEqualA
PathFindFileNameA
SHRegSetUSValueW
UrlIsNoHistoryW
SHSetValueA
PathAppendA
SHCreateStreamOnFileA
SHRegQueryInfoUSKeyA
PathIsUNCA
StrCmpNA
PathRemoveBlanksA
StrStrIW
PathStripPathA
UrlIsNoHistoryA
PathFindSuffixArrayW
PathCommonPrefixA
PathIsSystemFolderA
PathAddBackslashW
PathIsFileSpecW
PathGetArgsA
PathIsContentTypeW
StrRetToBufW
PathGetArgsW
PathRemoveExtensionW
StrStrA
PathFileExistsA
SHRegEnumUSValueW
PathMatchSpecW
PathUnmakeSystemFolderW
PathQuoteSpacesA
StrStrIA
PathRemoveFileSpecW
SHOpenRegStreamA
UrlUnescapeA
PathFindExtensionA
SHGetInverseCMAP
PathStripToRootW
PathUnquoteSpacesA
UrlIsOpaqueA
StrPBrkA
ColorRGBToHLS
wnsprintfA
StrCmpW
SHRegWriteUSValueW
PathRemoveArgsW
UrlCombineA
StrFormatByteSizeW
PathUndecorateW
PathCommonPrefixW
PathRemoveArgsA
PathStripToRootA
StrRStrIA
AssocQueryKeyA
PathCanonicalizeA
SHCopyKeyA
StrRChrIW
PathCompactPathExA
StrFromTimeIntervalA
UrlCanonicalizeA
SHRegGetBoolUSValueA
AssocQueryStringW
StrCpyNW
PathMakePrettyW
AssocQueryKeyW
PathCompactPathExW
PathRelativePathToW
PathBuildRootW
StrPBrkW
wnsprintfW
PathIsFileSpecA
UrlCombineW
PathFindNextComponentW
StrCmpNIA
SHEnumKeyExA
PathFindNextComponentA
PathIsURLW
SHGetValueA
PathRenameExtensionW
PathGetDriveNumberW
StrToIntExW
StrChrIA
PathIsLFNFileSpecW
AssocQueryStringA
PathIsNetworkPathA
PathIsDirectoryEmptyW
PathIsSameRootA
SHSkipJunction
StrIsIntlEqualW
StrRetToStrW
StrToIntA
SHRegQueryInfoUSKeyW
UrlCompareA
ColorAdjustLuma
StrFromTimeIntervalW
PathSearchAndQualifyW
IntlStrEqWorkerA
SHStrDupA
SHOpenRegStream2W
UrlEscapeA
SHRegQueryUSValueA
UrlIsOpaqueW
StrCatBuffW
SHDeleteValueW
PathUnmakeSystemFolderA
PathRemoveBlanksW
StrFormatByteSize64A
SHRegSetUSValueA
PathFindOnPathA
StrToIntW
StrCSpnIA
PathIsSystemFolderW
PathParseIconLocationA
StrCatBuffA
PathAppendW
UrlGetLocationA
SHRegCreateUSKeyW
StrTrimW
UrlGetLocationW
PathSetDlgItemPathA
SHRegEnumUSValueA
PathIsDirectoryA
StrToIntExA
UrlHashA
SHRegGetUSValueA
SHDeleteValueA
UrlCompareW
StrDupW

user32

GetWindowDC
LookupIconIdFromDirectoryEx
GetIconInfo
SetParent
LoadMenuIndirectW
GetWindowInfo
SetWindowPlacement
GetPropA
GetMenuItemInfoW
SetClassLongW
GetWindowModuleFileNameW
PostQuitMessage
IsWindowEnabled
GetCaretBlinkTime
IsCharAlphaW
RegisterHotKey
LoadBitmapW
GetInputDesktop
LoadMenuW
SendDlgItemMessageW
TabbedTextOutA
CharLowerA
DdePostAdvise
GetMenu
CreateWindowExW
BeginPaint
CharToOemA
CreateMDIWindowA
CallMsgFilterW
CreateMDIWindowW
GetActiveWindow
EqualRect
OpenWindowStationA
BringWindowToTop
SetProcessDefaultLayout
GrayStringA
MessageBoxA
DrawIcon
EnumPropsA
FreeDDElParam
GetAncestor
LoadImageA
GetMenuItemID
GetProcessDefaultLayout
DrawStateW
WINNLSGetIMEHotkey
MoveWindow
DrawFrameControl
OemToCharBuffA
KillTimer
CloseDesktop
RegisterClipboardFormatA
ReleaseCapture
ShowCaret
DrawTextA
DdeCreateStringHandleW
IsDialogMessage
BroadcastSystemMessageW
GetClassInfoExA
GetMenuState
DlgDirListW
AppendMenuA
CloseClipboard
ReuseDDElParam
SetDebugErrorLevel
CharUpperBuffA
EnumWindowStationsA
DdeSetQualityOfService
DrawTextW
ReleaseDC
GetKeyboardType
ValidateRect
RegisterClassA
GetClassLongA
SetWindowContextHelpId
GetClipboardViewer
MenuItemFromPoint
GetScrollRange
DdeAccessData
DefDlgProcW
MessageBeep
WaitMessage
EditWndProc
DefFrameProcW
DdeDisconnect
GetWindowPlacement
EndPaint
SetWindowRgn
SendNotifyMessageA
GetTabbedTextExtentW
ScrollWindow
OpenIcon
CharUpperBuffW
TrackPopupMenu
BroadcastSystemMessageA
DrawTextExW
SetWindowTextA
UnhookWindowsHook
ToAscii
EnumPropsW
GetDlgItem
IsCharAlphaNumericW
CreateIcon
ScrollDC
SetProcessWindowStation
SetUserObjectInformationA
SetWindowsHookExA
TranslateMDISysAccel
LoadIconW
GetWindowLongA
SendMessageTimeoutW
GetDoubleClickTime
ToUnicodeEx
DdeCreateDataHandle
CopyAcceleratorTableA
DialogBoxParamW
GetTitleBarInfo
SetMenuItemInfoW
VkKeyScanExW
EnumDisplaySettingsExA
EnumDisplayDevicesW
CharUpperW
GetMenuItemRect
MapDialogRect
SetScrollInfo
TranslateAcceleratorA
TrackMouseEvent
CreateDesktopW
DispatchMessageA
SetDlgItemTextA

ole32

StgCreateDocfileOnILockBytes
CoLockObjectExternal
IsAccelerator
CoRevokeClassObject
CoFreeUnusedLibraries
StgOpenStorageOnILockBytes
CoMarshalHresult
OleGetClipboard
CoReleaseServerProcess
CoDosDateTimeToFileTime
OleConvertOLESTREAMToIStorage
CoImpersonateClient
CoBuildVersion
OleDestroyMenuDescriptor
OleConvertOLESTREAMToIStorageEx
CreateStreamOnHGlobal
CreateOleAdviseHolder
WriteStringStream
CoDisconnectObject
CreateItemMoniker
CoGetMalloc
OleDraw
SetConvertStg
CoRegisterClassObject
OleSetMenuDescriptor
StgOpenAsyncDocfileOnIFillLockBytes
OleCreateFromFile
UtGetDvtd32Info
CreateAntiMoniker
OleCreateEmbeddingHelper
OleSetClipboard
CoGetMarshalSizeMax
CoTaskMemFree
CoResumeClassObjects
ReadClassStm
OleCreateEx
OleBuildVersion
WriteClassStm
CoInitializeEx
PropVariantCopy
OleConvertIStorageToOLESTREAM
StgCreateDocfile
OleIsCurrentClipboard
WriteClassStg
CoGetCurrentProcess
CoRevokeMallocSpy
OleTranslateAccelerator
CoRegisterSurrogate
CoFreeAllLibraries
CreateDataCache
OleCreateLinkEx
StringFromCLSID
IsEqualGUID
CoCreateInstanceEx
CoRegisterMessageFilter
OleMetafilePictFromIconAndLabel
OleDoAutoConvert
ReadFmtUserTypeStg
OleGetAutoConvert
GetClassFile
FreePropVariantArray
GetConvertStg
CoGetPSClsid
PropVariantClear
OpenOrCreateStream
CoMarshalInterThreadInterfaceInStream
CoIsOle1Class
CoRegisterPSClsid
CoSetProxyBlanket
CoQueryAuthenticationServices
OleCreateFromDataEx
CoFreeLibrary
CoFileTimeNow
OleSetContainedObject
OleRun
CoCreateInstance
OleNoteObjectVisible
CreateDataAdviseHolder
CreateClassMoniker
OleGetIconOfFile
OleUninitialize
GetDocumentBitStg
CoMarshalInterface
CoTreatAsClass
CLSIDFromProgID
CoQueryReleaseObject
OleRegGetUserType
GetHookInterface
RegisterDragDrop
CoGetCallContext
OleRegEnumFormatEtc
OleConvertIStorageToOLESTREAMEx
OleCreateFromFileEx
OleQueryCreateFromData

kernel32

CallNamedPipeA
EnumSystemLocalesW
SwitchToFiber
OpenProcess
FillConsoleOutputCharacterA
SignalObjectAndWait
FindFirstFileExA
lstrcmp
GlobalGetAtomNameA
LocalSize
EnumResourceNamesA
WriteConsoleA
FindNextFileA
CreateToolhelp32Snapshot
UpdateResourceW
CreateEventW
WaitCommEvent
Process32Next
GetNumberOfConsoleMouseButtons
SetLastError
GlobalAddAtomA
FlushViewOfFile
GetBinaryTypeW
GetPrivateProfileIntA
GlobalAddAtomW
SetConsoleScreenBufferSize
GetDriveTypeA
WriteProfileStringA
Heap32ListNext
GlobalFlags
FindAtomA
SetSystemPowerState
Heap32Next
LoadLibraryA
ClearCommError
VirtualAlloc
FlushInstructionCache
GetProfileStringW
CloseHandle
ReadConsoleInputW
FoldStringW
LoadLibraryW
LoadResource
QueryDosDeviceW
FindNextFileW
DeleteFileA
VirtualProtect
GetConsoleMode
CommConfigDialogA
GetDiskFreeSpaceExA
SetProcessPriorityBoost
BeginUpdateResourceW
CreateProcessA
SetTapeParameters
lstrcatW
GetFileAttributesExA
SetMailslotInfo
GetCurrentThreadId
LoadLibraryExW
OpenMutexA
LocalUnlock
DeleteFileW
lstrcmpiW
ReadFileScatter
CancelDeviceWakeupRequest
GetQueuedCompletionStatus
ReadConsoleOutputW
EnumTimeFormatsA
GetTickCount
GetHandleInformation
GetEnvironmentStrings
ReleaseMutex
CreateDirectoryExW
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
WriteProfileStringW
LocalShrink
lstrlen
GetEnvironmentVariableA
CreateMailslotW
GetEnvironmentStringsW
GetConsoleCP
CreateDirectoryExA
CreateDirectoryW
SetCalendarInfoW
BuildCommDCBW
Module32First
lstrcat
CreateFileW
lstrcmpA
CreateNamedPipeA
ExitProcess
VirtualLock
LCMapStringA
GetTapeStatus
GetVersion
GetThreadPriorityBoost
MoveFileExW
DuplicateHandle
GetCompressedFileSizeA
CancelWaitableTimer
GlobalHandle
GetSystemDirectoryA
ReadConsoleOutputAttribute
WaitForMultipleObjectsEx
GetProcessAffinityMask
GetLocaleInfoA
IsValidLocale
GlobalFindAtomW
GetCommandLineA
EnumCalendarInfoExA
ConvertThreadToFiber
GetModuleFileNameW
EraseTape
FreeEnvironmentStringsA
CreateIoCompletionPort
AllocConsole
GlobalFindAtomA
IsBadWritePtr
EnumResourceNamesW
MapViewOfFileEx
GetTempPathA
lstrcpynW
LocalAlloc
CreatePipe
LocalHandle
SetCommConfig
ClearCommBreak
FatalAppExitA
GetCalendarInfoA
SetVolumeLabelA
GetConsoleCursorInfo
CreateThread
VirtualUnlock
CreateProcessW
WaitNamedPipeW
GetLongPathNameA
GetDiskFreeSpaceExW

advapi32

AreAnyAccessesGranted
RegReplaceKeyA
GetSecurityDescriptorOwner
DeleteService
ImpersonateSelf
GetSidSubAuthority
CryptSetProviderExA
GetAccessPermissionsForObjectA
CryptDecrypt
GetMultipleTrusteeOperationA
AreAllAccessesGranted
RegQueryInfoKeyA
RegCreateKeyA
RegFlushKey
GetSidSubAuthorityCount
BuildImpersonateExplicitAccessWithNameW
ControlService
SetSecurityInfo
GetTrusteeNameA
BuildImpersonateTrusteeW
ObjectOpenAuditAlarmA
CryptCreateHash
LookupSecurityDescriptorPartsA
GetEffectiveRightsFromAclA
BuildTrusteeWithSidW
OpenBackupEventLogW
GetServiceKeyNameW
RegCreateKeyExA
AdjustTokenGroups
EnumServicesStatusW
RevertToSelf
GetNamedSecurityInfoA
CryptVerifySignatureA
GetAuditedPermissionsFromAclA
ConvertSecurityDescriptorToAccessNamedA
LookupSecurityDescriptorPartsW
ChangeServiceConfigA
RegisterEventSourceA
CopySid
CryptSetProvParam
BuildTrusteeWithNameW
GetServiceKeyNameA
SetServiceObjectSecurity
LookupAccountSidA
SetThreadToken
ClearEventLogA
CryptSetKeyParam
RegDeleteValueA
LookupPrivilegeNameW
SetPrivateObjectSecurity
SetEntriesInAccessListA
CancelOverlappedAccess
ChangeServiceConfigW
CryptGenRandom
NotifyChangeEventLog
CryptGetDefaultProviderA
SetSecurityInfoExA
SetSecurityDescriptorOwner
UnlockServiceDatabase
ObjectCloseAuditAlarmA
RegQueryValueExA
RegQueryMultipleValuesA
CryptAcquireContextW
RegRestoreKeyA
BuildExplicitAccessWithNameW
CryptGenKey
BackupEventLogA
RegNotifyChangeKeyValue
CryptHashData
InitiateSystemShutdownA
RegLoadKeyW
CryptDuplicateHash
ReadEventLogA
CryptGetKeyParam
SetNamedSecurityInfoA
ClearEventLogW
CreateProcessAsUserW
AccessCheckAndAuditAlarmW
CryptEnumProvidersA
GetTrusteeNameW
OpenThreadToken
GetSecurityInfoExA
GetTrusteeTypeA
CreatePrivateObjectSecurity
LookupPrivilegeNameA
GetOverlappedAccessResults
BuildImpersonateTrusteeA
CryptEnumProviderTypesA
RegCreateKeyExW
GetKernelObjectSecurity
RegSaveKeyW
AccessCheckAndAuditAlarmA
ConvertAccessToSecurityDescriptorA
CryptGetHashParam
OpenProcessToken
CryptExportKey
InitializeSid
EnumDependentServicesA
StartServiceW
SetSecurityDescriptorGroup
StartServiceCtrlDispatcherA
ObjectDeleteAuditAlarmW
SetTokenInformation
LookupPrivilegeValueW
EnumServicesStatusA
RegCloseKey
RegDeleteKeyA
CryptSignHashW
TrusteeAccessToObjectW
BuildSecurityDescriptorW
RegSetValueExW
EqualPrefixSid
RegConnectRegistryA
CloseEventLog

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a75c30ee897debcacabd7b21066db5a1

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

ole32

kernel32

advapi32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 81B

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 81B