fb8a996f71e27d8dfcf9c8f3d0cd3008_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb8a996f71e27d8dfcf9c8f3d0cd3008_JaffaCakes118
Size

31KB
MD5

fb8a996f71e27d8dfcf9c8f3d0cd3008
SHA1

a18c9f0de459a687b2d831e3abec6dfc2bf13cb8
SHA256

d24c5bb1b116abd065bc29447a0d1edea49f4e7b3411f364a940ca74ee77877e
SHA512

13b77fb8879f7a4603e09de514eb14aaf5b326e23912fdbbbf8e83081882bd78376dddfed7893dba986530a0963e9fa67be4ee99d95ff534de92e4436fe520b5
SSDEEP

768:0UJkT5RUvHLMZD8/0hMzHsYErN+FahyauznctnmadE4:0FRUHoZg/0AmAyyauAtnma

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb8a996f71e27d8dfcf9c8f3d0cd3008_JaffaCakes118

Files

fb8a996f71e27d8dfcf9c8f3d0cd3008_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a7b34d309d556ec7458d0b06aa45d5b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathW
SHGetDesktopFolder
SHBindToParent
ShellExecuteExW
DragQueryFileW
SHBrowseForFolderA
SHBrowseForFolderW
SHGetMalloc
SHChangeNotify
SHGetSpecialFolderPathW
DragQueryFileA
SHFileOperationW
SHGetPathFromIDListA
CommandLineToArgvW
ShellExecuteA
SHGetSpecialFolderLocation
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW

msvcrt

_tell
__p__iob
_ftol
_chsize
rand
_finite
_stat
_commit
srand
_rotl
__p__osver
exit

user32

GetDC
CreateWindowExA
EnableMenuItem
GetAncestor
CharLowerW
GetCursorPos
MessageBoxW
SetDlgItemTextW
RegisterWindowMessageW
GetWindowLongW
GetSubMenu
DialogBoxParamA
SetWindowLongA
LoadIconA
GetParent
GetCapture
GetFocus
SetWindowTextW
GetWindow
DrawTextW
ScreenToClient
GetWindowRect
PeekMessageA
CallWindowProcA
GetDlgItem
GetSystemMetrics
PostMessageW
SetWindowRgn
GetForegroundWindow
IsZoomed
OffsetRect
GetSysColorBrush
CreatePopupMenu
EnableWindow
PostQuitMessage
IsWindowVisible
EqualRect
GetDlgItemTextW
UnregisterClassW
GetDlgCtrlID
wsprintfW
GetPropA
RegisterClipboardFormatW
SetWindowLongW
LoadImageW
CharNextW
LoadStringW
SendDlgItemMessageW
IsMenu
IsIconic
GetMenu
DispatchMessageA
MsgWaitForMultipleObjects
GetClassNameW
RedrawWindow
FindWindowA
GetWindowThreadProcessId
IsRectEmpty
GetWindowDC
CharUpperA
GetSystemMenu

kernel32

FindResourceA
GetFileType
MulDiv
VirtualAlloc
GetEnvironmentStringsW
FreeLibrary
CreateFileMappingA
CreateMutexW
lstrcpynA
lstrcmpiW
GetModuleHandleW
GetFileAttributesA
GetCurrentDirectoryW
CreateFileMappingW
DeleteCriticalSection
SetFileAttributesW
CreateDirectoryW
GetACP
FileTimeToLocalFileTime
LCMapStringW
GetFileSize
OutputDebugStringA
HeapCreate
TlsGetValue
lstrcatA
DisableThreadLibraryCalls
GetStringTypeW
HeapDestroy
HeapFree
RtlUnwind
lstrcmpW
FindFirstFileA
GlobalLock
ReleaseMutex
GetModuleHandleA
FindNextFileW
GetFileAttributesW
GetEnvironmentStrings
GetFullPathNameW
WaitForSingleObject
GetExitCodeThread
VirtualFree
GetVersion
GetLastError
GetCommandLineW
lstrcpyA
lstrcmpA
CreateThread
SizeofResource
TlsFree
CreateEventW
CreateProcessW
LockResource
InterlockedDecrement
GetSystemTime
FormatMessageA
GetStringTypeA
CompareStringA
UnmapViewOfFile
GetTempPathA
GetStdHandle
VirtualProtect
GetSystemTimeAsFileTime
HeapReAlloc
GetExitCodeProcess
GetWindowsDirectoryW
SetFileAttributesA
SetThreadPriority
CreateEventA
GetCPInfo
SetLastError
LoadLibraryExW
Sleep
GetSystemDirectoryA
LoadLibraryW
lstrcpynW
GetConsoleMode
InitializeCriticalSectionAndSpinCount
OpenEventW
SetEvent
WriteConsoleW
ReleaseSemaphore
ReadFile
TerminateProcess
GetDriveTypeW
FindClose
lstrlenW
ResumeThread
LeaveCriticalSection
GetVersionExW
IsBadWritePtr
VirtualQuery
UnhandledExceptionFilter
TlsAlloc
GetOEMCP
WaitForMultipleObjects
FindFirstFileW
lstrlenA
CreateMutexA
OpenEventA
GetCurrentThreadId

rpcrt4

RpcBindingToStringBindingW
UuidToStringA
CStdStubBuffer_IsIIDSupported
RpcRevertToSelf
NdrOleAllocate
NdrOleFree
NdrCStdStubBuffer2_Release
CStdStubBuffer_DebugServerQueryInterface
RpcStringBindingParseW
CStdStubBuffer_Invoke
RpcServerRegisterIfEx
UuidFromStringW
NdrCStdStubBuffer_Release
RpcRaiseException
RpcServerUseProtseqEpW
RpcBindingVectorFree
IUnknown_AddRef_Proxy
RpcServerInqBindings
CStdStubBuffer_QueryInterface
RpcBindingFree
RpcEpResolveBinding
NdrDllUnregisterProxy
RpcStringFreeA
RpcServerUnregisterIf
NdrDllCanUnloadNow
IUnknown_QueryInterface_Proxy
RpcStringFreeW
NdrServerCall2
CStdStubBuffer_CountRefs
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrDllRegisterProxy
CStdStubBuffer_AddRef
UuidToStringW
NdrStubCall2
NdrClientCall2
NdrStubForwardingFunction
UuidCreate
IUnknown_Release_Proxy
RpcServerRegisterAuthInfoW
CStdStubBuffer_Connect
CStdStubBuffer_DebugServerRelease
RpcImpersonateClient
NdrDllGetClassObject
CStdStubBuffer_Disconnect
RpcBindingSetAuthInfoW

shlwapi

SHDeleteKeyA
StrChrIW
PathRemoveBackslashW
StrToIntExW
PathAppendA
StrDupW
SHStrDupW
PathRemoveBlanksW
StrStrIW
PathCreateFromUrlW
PathFindFileNameW
StrRetToBufW
SHSetValueW
PathRemoveExtensionW
StrCmpNIA
PathStripToRootA
StrChrW
PathIsDirectoryW
SHGetValueW
StrCmpIW
UrlIsW
StrCatW
SHDeleteKeyW
PathStripToRootW
PathIsRelativeW
PathIsRootW
PathFindExtensionA
PathAddBackslashW
PathAppendW
UrlCanonicalizeW
AssocQueryStringW
StrStrIA
PathCombineW
PathIsURLW
StrToIntW
PathGetDriveNumberW
StrCpyNW
StrCatBuffW
PathFileExistsW
PathRemoveFileSpecA
PathFindFileNameA
PathSkipRootW
StrCmpNIW
StrCmpNW
SHRegGetBoolUSValueW
StrStrW
PathFindExtensionW
PathRemoveFileSpecW

ntdll

RtlInitializeResource
RtlStringFromGUID
wcsncpy
NtQuerySymbolicLinkObject
strncpy
wcscpy
RtlQueryInformationAcl
strrchr
RtlGetDaclSecurityDescriptor
NtQueryInformationToken
RtlAcquireResourceShared
NtCreateKey
RtlDestroyHeap
RtlEnterCriticalSection
RtlAcquireResourceExclusive
_wcsnicmp
RtlRunDecodeUnicodeString
RtlCompareUnicodeString
NtAdjustPrivilegesToken
NtOpenEvent
RtlReAllocateHeap
NtQueryDirectoryObject
wcslen
NtQueryInformationThread
NtSetVolumeInformationFile
NtWriteFile
strchr
NtCancelIoFile
NtDuplicateObject
RtlConvertSidToUnicodeString
RtlFreeAnsiString
RtlSizeHeap
RtlInitializeCriticalSection
NtQueryInformationFile
_stricmp
RtlNewSecurityObject
RtlDosPathNameToNtPathName_U
NtSetEvent
RtlUnicodeStringToOemString
RtlRaiseStatus
RtlInsertElementGenericTable
NtQueryVirtualMemory
NtSetSecurityObject
RtlDeleteSecurityObject
RtlNtStatusToDosError
RtlUnicodeStringToAnsiString
RtlUnicodeToOemN
NtCreateSection
RtlInitializeSid
RtlSetEnvironmentVariable
RtlUnicodeToMultiByteSize

version

GetFileVersionInfoW
GetFileVersionInfoSizeA
VerQueryValueW
VerLanguageNameA
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueA
VerFindFileW

advapi32

RegEnumValueA
RegCreateKeyA
CryptHashData
GetTraceLoggerHandle
SetEntriesInAclW
QueryServiceConfigW
CryptAcquireContextW
CopySid
RegEnumKeyExA
FreeSid
RegisterEventSourceW
GetTraceEnableFlags
GetSecurityDescriptorLength
GetAce
ImpersonateLoggedOnUser
GetSecurityDescriptorControl
CryptAcquireContextA
RegOpenKeyW
RegDeleteValueA
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetLengthSid
MakeSelfRelativeSD
IsValidSecurityDescriptor
RegNotifyChangeKeyValue
LookupPrivilegeValueA
CheckTokenMembership
GetSidIdentifierAuthority
RegConnectRegistryW
CryptDestroyKey
LsaQueryInformationPolicy
LsaClose
RegOpenKeyA
SetThreadToken
RegEnumKeyExW
OpenServiceW
GetSidSubAuthorityCount
CryptGenRandom
RegDeleteValueW
GetSidSubAuthority
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
DeleteService
LockServiceDatabase
ReportEventW
RegOpenKeyExA
RegQueryValueExW
SetFileSecurityW
OpenServiceA
ChangeServiceConfigW
DuplicateTokenEx
RevertToSelf
OpenSCManagerW
GetUserNameW
GetAclInformation
SetNamedSecurityInfoW
RegDeleteKeyA
RegSetValueA
GetSidLengthRequired
RegisterTraceGuidsW
AllocateAndInitializeSid
RegQueryInfoKeyW
RegEnumValueW
EqualSid
SetSecurityDescriptorOwner
RegFlushKey
RegSetValueExA
LsaOpenPolicy
RegSetValueW
OpenProcessToken
CryptGetHashParam
ConvertStringSidToSidW
RegSetValueExW

gdi32

SetWindowExtEx
SetViewportExtEx
PolyBezier
CreateRectRgn
SetBkColor
DeleteObject
SetBrushOrgEx
CreateCompatibleDC
CreateDIBSection
TextOutA
SetWindowOrgEx
DPtoLP
EnumFontFamiliesExW
GetViewportExtEx
GetWindowExtEx
SetTextAlign
SetMapMode
RestoreDC
OffsetViewportOrgEx
TranslateCharsetInfo
GetBkColor
CreateFontIndirectW
GetTextMetricsW
OffsetRgn
GetPixel
CombineRgn
GetTextAlign
UnrealizeObject
GetPaletteEntries
GetBkMode
Ellipse
FillRgn
CreateCompatibleBitmap
CreateBrushIndirect
DeleteMetaFile
PlayMetaFile
ExtTextOutA
ScaleViewportExtEx
Escape
GetTextExtentPoint32W
TextOutW
SetStretchBltMode
GetMapMode
CreatePen
RealizePalette
CreateBitmap
GetTextColor
GetClipBox
CreateDCA
Rectangle
ExcludeClipRect
LPtoDP

Sections

.edata
Size: 1024B - Virtual size: 997B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.code
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 493B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1024B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textbss
Size: 1024B - Virtual size: 994B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a7b34d309d556ec7458d0b06aa45d5b1

Headers

File Characteristics

Imports

shell32

msvcrt

user32

kernel32

rpcrt4

shlwapi

ntdll

version

advapi32

gdi32

Sections

.edata Size: 1024B - Virtual size: 997B

.code Size: 27KB - Virtual size: 26KB

.edata Size: 512B - Virtual size: 493B

DATA Size: 1024B - Virtual size: 15KB

.textbss Size: 1024B - Virtual size: 994B

.edata
Size: 1024B - Virtual size: 997B

.code
Size: 27KB - Virtual size: 26KB

.edata
Size: 512B - Virtual size: 493B

DATA
Size: 1024B - Virtual size: 15KB

.textbss
Size: 1024B - Virtual size: 994B