f5e3b998666f8d31d9b243df00d81112_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f5e3b998666f8d31d9b243df00d81112_JaffaCakes118
Size

117KB
MD5

f5e3b998666f8d31d9b243df00d81112
SHA1

469b7776716ce54c100acf157b678e486aff3fa0
SHA256

e0dc299005080df4a04340ebd8cb1558c4f424c9fbf544b2cfaabff67ddd22af
SHA512

a9a810d0c373c298b7801954f1df992ade837d1bc4fe5647962a98d53d5eee42f9ad71d9777bad78a60750b9194c822f25d3975b994317ec1a3a10e574c38746
SSDEEP

3072:sT7d9ofeKNVPE7u6IeCrwkC+nkASnbBYL9VnCPs:AZ9oG6PEKEcGbBW91T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5e3b998666f8d31d9b243df00d81112_JaffaCakes118

Files

f5e3b998666f8d31d9b243df00d81112_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1a9738a5303e115816425c9fd6e97aa1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyW
AssocQueryStringW
PathRemoveExtensionW
UrlUnescapeW
StrChrIW
wnsprintfA
SHDeleteKeyA
StrRChrW
PathIsUNCW
PathIsURLW
SHStrDupW
PathFileExistsW
PathGetDriveNumberW
StrCatBuffW
UrlCanonicalizeW
StrStrW
StrCmpNIA
PathIsRelativeW
StrTrimW
StrStrIW
StrRetToBufW
StrStrIA
SHSetValueW
PathSkipRootW
PathRemoveBackslashW
PathIsDirectoryW
PathCreateFromUrlW
PathRemoveFileSpecW
PathCombineW
PathFindExtensionW
PathIsRootW
PathAddBackslashW
StrCmpNW
StrCpyNW
PathAppendW
SHDeleteValueA
PathStripToRootA
PathFindFileNameW
StrToIntW
PathAppendA
SHRegGetBoolUSValueW
UrlIsW
StrCpyW
StrCmpNIW

oleaut32

VariantCopyInd
VariantChangeTypeEx
SafeArrayGetLBound
SafeArrayUnaccessData
SysStringByteLen
VariantChangeType
SafeArrayCreate
SysFreeString
SysAllocStringLen
OleLoadPicture
GetActiveObject
SysReAllocStringLen
SafeArrayGetElement
SafeArrayPtrOfIndex
VariantClear
SafeArrayAccessData
SafeArrayGetUBound

kernel32

InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsW
CreateFileW
ReleaseSemaphore
ReleaseMutex
GetVersion
OpenEventW
LocalFree
GetACP
InterlockedDecrement
GetCurrentProcess
lstrcpyW
FormatMessageA
ResetEvent
WriteConsoleW
SetUnhandledExceptionFilter
GetComputerNameW
CreateFileA
lstrcmpA
lstrcmpiW
GetWindowsDirectoryA
VirtualQuery
CreateMutexA
GetModuleFileNameW
CreateDirectoryW
GetExitCodeProcess
TerminateProcess
GlobalLock
ReadFile
GetStringTypeW
GetSystemInfo
HeapAlloc
GetStdHandle
DeleteCriticalSection
WaitForSingleObject
DeleteFileA
GetTempPathA
GetLocalTime
FindResourceA
LockResource
TlsSetValue
SetErrorMode
CreateEventW
GetFileAttributesW
CreateMutexW
MultiByteToWideChar
GetTickCount
SetLastError
LCMapStringW
CloseHandle
ResumeThread
UnmapViewOfFile
GetConsoleMode
GetStartupInfoA
IsBadReadPtr
FileTimeToSystemTime
IsBadWritePtr
GetCurrentThread
VirtualFree
LoadLibraryExA
GetVersionExW
InterlockedCompareExchange
lstrlenA
IsDBCSLeadByte
SetFileAttributesA
lstrcatA
GetCurrentProcessId
GetLastError
MulDiv
GetCurrentDirectoryW
GetThreadLocale
SystemTimeToFileTime
GetCommandLineA
GetCommandLineW
CreateEventA
FlushFileBuffers
VirtualAlloc
GetSystemTime
DisableThreadLibraryCalls
GetModuleHandleA
GetDriveTypeW
LocalAlloc
FindFirstFileW
GetFileType
FindNextFileW
SetFileAttributesW
FindClose
LoadResource
GetProcessHeap
lstrcmpW
SetEvent
WaitForMultipleObjects

ole32

CoTaskMemRealloc
OleRun
MkParseDisplayName
CoReleaseMarshalData
StgCreateDocfile
CreateDataAdviseHolder
ProgIDFromCLSID
CoFreeUnusedLibraries
CoCreateInstanceEx
WriteClassStm
OleRegGetMiscStatus
ReleaseStgMedium
GetRunningObjectTable
OleRegEnumVerbs
CoMarshalInterThreadInterfaceInStream
CoRevertToSelf
PropVariantClear
CreateItemMoniker
CoImpersonateClient
CLSIDFromString
StgOpenStorage
CoInitializeEx
OleUninitialize
CreateOleAdviseHolder
CoRevokeClassObject
CoMarshalInterface
OleSaveToStream
CoUninitialize
StringFromIID
PropVariantCopy
CoInitialize
CoDisconnectObject
CreateILockBytesOnHGlobal
CoUnmarshalInterface
IIDFromString
StgIsStorageFile
StgCreateDocfileOnILockBytes
CoSetProxyBlanket
CoInitializeSecurity
GetHGlobalFromStream
CoCreateFreeThreadedMarshaler
CoTaskMemFree
OleRegGetUserType
CreateStreamOnHGlobal
CoRegisterClassObject
OleLoadFromStream

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTraceEnableLevel
CryptHashData
GetSidLengthRequired
SetSecurityDescriptorOwner
LockServiceDatabase
EqualSid
RegQueryValueW
ImpersonateLoggedOnUser
DeregisterEventSource
RegSetValueExW
GetSidSubAuthorityCount
LookupPrivilegeValueA
RegSetValueExA
OpenThreadToken
AddAce
RegisterTraceGuidsW
AdjustTokenPrivileges
DeleteService
UnregisterTraceGuids
GetSecurityDescriptorOwner
SetServiceStatus
SetThreadToken
RevertToSelf
RegSetValueW
RegQueryValueA
QueryServiceStatus
SetNamedSecurityInfoW
GetAclInformation
MakeSelfRelativeSD
RegEnumValueW
GetSecurityDescriptorLength
GetTraceLoggerHandle
GetUserNameA
DuplicateTokenEx
OpenSCManagerW
LookupAccountNameW
RegDeleteKeyA
CryptAcquireContextA
CryptGetHashParam
RegDeleteValueW
CryptDestroyKey
ConvertSidToStringSidW
RegEnumKeyExW
RegOpenKeyW
CloseServiceHandle
RegEnumValueA
RegisterEventSourceW
RegOpenKeyExW
GetTokenInformation
OpenServiceW
RegQueryValueExW
SetSecurityDescriptorDacl
OpenProcessToken
LookupAccountSidW
RegQueryInfoKeyA
RegConnectRegistryW
OpenSCManagerA
RegOpenKeyA
LsaClose
GetTraceEnableFlags
SetFileSecurityW
UnlockServiceDatabase
ReportEventW
CryptAcquireContextW
LsaQueryInformationPolicy
RegSetValueA
OpenServiceA
GetSidSubAuthority
RegCreateKeyW
ConvertStringSidToSidW
RegCloseKey
RegOpenKeyExA
RegFlushKey
RegDeleteValueA
CryptDestroyHash

msvcrt

__p__osver
_finite
_tell
__p__iob
_rotl
srand
_ftol
exit
malloc
strncpy
_commit
rand
_wsplitpath
_access
_chsize

user32

CreatePopupMenu
BeginPaint
GetMessageA
GetWindowTextA
EnumChildWindows
IntersectRect
SendMessageW
RegisterClassW
LoadImageW
ClientToScreen
DrawFocusRect
SetFocus
CharUpperA
PtInRect
GetWindowDC
CheckDlgButton
EndPaint
IsRectEmpty
wsprintfA
GetClientRect
GetProcessWindowStation
GetCursorPos
SetWindowLongA
GetDlgCtrlID
WinHelpW
UnhookWindowsHookEx
IsWindowEnabled
CreateWindowExW
SetRect
SendDlgItemMessageW
DrawIcon
EnableWindow
GetSubMenu
MessageBoxW
DestroyMenu
CallWindowProcW
GetWindowLongW
PeekMessageW
ShowWindow
UnregisterClassW
GetFocus
GetForegroundWindow
GetSysColorBrush
MapWindowPoints
DispatchMessageW
GetWindowTextW
SetWindowTextW
PostQuitMessage
GetDesktopWindow
CharNextA
GetKeyState
IsIconic
PostMessageA
GetWindowPlacement
CharUpperW
RegisterWindowMessageW
GetClassNameA
SetMenu
EqualRect
GetWindowLongA
UpdateWindow
wsprintfW
LoadCursorW
LoadBitmapA
DialogBoxParamA
KillTimer
GetMenu
InflateRect
ExitWindowsEx
TranslateMessage
GetSysColor
LoadBitmapW
OffsetRect
ReleaseDC
SystemParametersInfoW
CharLowerW
CheckMenuItem
RedrawWindow
RegisterClassExA
SetCursor
PeekMessageA
RegisterClipboardFormatW

gdi32

GetTextAlign
GetTextExtentPointW
GetPixel
GetDIBits
Rectangle
GetCurrentObject
DPtoLP
Ellipse
CreateBrushIndirect
PatBlt
SetViewportOrgEx
CreatePatternBrush
FillRgn
GetClipBox
GetNearestColor
StretchDIBits

shell32

ShellExecuteExW
SHFileOperationW
DragQueryFileW
SHGetFileInfoW
SHBrowseForFolderW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHBrowseForFolderA
ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteA
SHGetPathFromIDListW
SHGetPathFromIDListA

comctl32

InitCommonControlsEx
InitCommonControls
PropertySheetW
ImageList_ReplaceIcon
ImageList_Destroy
CreatePropertySheetPageW

rpcrt4

RpcServerUseProtseqEpW
IUnknown_QueryInterface_Proxy
RpcBindingFromStringBindingW
CStdStubBuffer_DebugServerQueryInterface
RpcServerUnregisterIf
RpcRevertToSelf
NdrStubCall2
NdrClientCall2
NdrStubForwardingFunction
RpcRaiseException
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_DebugServerRelease
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
RpcServerRegisterAuthInfoW
UuidCreate
CStdStubBuffer_AddRef
UuidToStringA
RpcServerInqBindings
CStdStubBuffer_CountRefs
UuidToStringW
RpcEpResolveBinding
NdrOleFree
RpcBindingSetAuthInfoW
RpcStringBindingParseW
NdrCStdStubBuffer2_Release
NdrServerCall2
CStdStubBuffer_QueryInterface
UuidFromStringW
RpcBindingVectorFree
NdrOleAllocate
NdrDllGetClassObject
IUnknown_Release_Proxy
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
NdrDllRegisterProxy
NdrDllUnregisterProxy
RpcStringFreeW
RpcServerRegisterIfEx
IUnknown_AddRef_Proxy
RpcStringFreeA
CStdStubBuffer_Disconnect
RpcImpersonateClient

comdlg32

CommDlgExtendedError
GetOpenFileNameA
PrintDlgW
PrintDlgExW
PageSetupDlgA
FindTextW
PrintDlgA
GetOpenFileNameW
GetFileTitleA
ChooseFontA
PageSetupDlgW
GetSaveFileNameW
FindTextA
GetSaveFileNameA
ChooseColorA
ChooseFontW
GetFileTitleW
ChooseColorW

ntdll

RtlInsertElementGenericTable
RtlWriteRegistryValue
NtOpenDirectoryObject
RtlDestroyEnvironment
wcsrchr
NtPowerInformation
wcstol
wcscmp
RtlUnicodeToMultiByteN
NtQuerySymbolicLinkObject
RtlFreeUnicodeString
_wcsupr
RtlNtStatusToDosError
wcsstr
NtRequestWaitReplyPort
NtWriteFile
RtlCreateTimer
RtlClearBits
NtClose
RtlAcquireResourceExclusive
NtQueryPerformanceCounter
RtlxAnsiStringToUnicodeSize
RtlLengthSid
RtlUnicodeToMultiByteSize
RtlAllocateAndInitializeSid
RtlNewSecurityObject
NtQueryInformationToken
strchr
NtDeleteValueKey
RtlOemStringToUnicodeString
RtlPrefixUnicodeString
RtlGetFullPathName_U
RtlValidSecurityDescriptor
NtUnmapViewOfSection
NtOpenKey
RtlReAllocateHeap
RtlAddAccessAllowedAce
NtMapViewOfSection
RtlUnwind
_allmul
RtlCreateHeap
RtlQueryInformationAcl
NtOpenProcess
RtlEqualSid
NtAllocateLocallyUniqueId
RtlCreateUnicodeString
RtlUnicodeStringToAnsiString
RtlInitializeCriticalSectionAndSpinCount
RtlExpandEnvironmentStrings_U
NtOpenEvent
RtlCreateTimerQueue
NtDuplicateObject
RtlSubAuthoritySid

Sections

BSS
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a9738a5303e115816425c9fd6e97aa1

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

oleaut32

kernel32

ole32

advapi32

msvcrt

user32

gdi32

shell32

comctl32

rpcrt4

comdlg32

ntdll

Sections

BSS Size: 3KB - Virtual size: 3KB

.text Size: 110KB - Virtual size: 109KB

.tls Size: 512B - Virtual size: 304KB

.tls Size: 1024B - Virtual size: 1004B

.rsrc Size: 1024B - Virtual size: 1024B

BSS
Size: 3KB - Virtual size: 3KB

.text
Size: 110KB - Virtual size: 109KB

.tls
Size: 512B - Virtual size: 304KB

.tls
Size: 1024B - Virtual size: 1004B

.rsrc
Size: 1024B - Virtual size: 1024B