ff81ce0260dc7925115886974e8db998_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ff81ce0260dc7925115886974e8db998_JaffaCakes118
Size

903KB
MD5

ff81ce0260dc7925115886974e8db998
SHA1

ebc9b983546b47eeb50585122ed3f879b90e01b4
SHA256

231a530805d00e4408fcbf60083553710e2780c91ccc895e34eb7c9275fb66b0
SHA512

4ee11c6d40bc5b7caba7f71cf0b20bf5749ec394f37b924f86ecbe6c46b5c81d1d517424dd87d287052e56f1c6a3ab44716de0c6bd0edb03bdc66173db057277
SSDEEP

12288:xVd571QWSdoRYKe1sC+6Bj7VO7jmwukrfGVParTt2kCCKnf9uBOYB:nxCdoRY5bjADuViTtE9u4YB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff81ce0260dc7925115886974e8db998_JaffaCakes118

Files

ff81ce0260dc7925115886974e8db998_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1149d4ccbe3bab12e8a7229e6cf8e5c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

HelpCtr.pdb

Imports

msvcrt

_wcsdup
_wtoi
wcscat
wcscmp
iswspace
memmove
_ftol
_beginthreadex
_vsnwprintf
_CxxThrowException
_wcsicmp
_purecall
wcslen
__CxxFrameHandler
realloc
free
_snwprintf
_wtol
wcschr
wcsstr
_strdup
sprintf
strncpy
_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
wcscpy
wcsncpy
swprintf
_wcsnicmp
wcsncat
wcsrchr
swscanf
wcsncmp
malloc

advapi32

InitializeSecurityDescriptor
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
AddAuditAccessObjectAce
AddAccessDeniedObjectAce
CryptEncrypt
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
DeregisterEventSource
RegOpenKeyExA
RegQueryValueExA
CryptGenRandom
QueryServiceStatus
StartServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ConvertSidToStringSidW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
InitializeAcl
RegQueryValueExW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
GetAce
GetLengthSid
GetAclInformation
IsValidAcl
EqualSid
RegConnectRegistryW
RegEnumKeyW
OpenProcessToken
AddAce
SetThreadToken
CopySid
GetTokenInformation
OpenThreadToken
AddAccessAllowedAceEx
AddAccessDeniedAceEx
AddAuditAccessAceEx
AddAccessAllowedObjectAce

kernel32

lstrcmpiW
GetProcAddress
lstrcpynW
HeapDestroy
lstrcatW
GetModuleFileNameW
FreeLibrary
InterlockedIncrement
lstrlenA
SizeofResource
LoadResource
FindResourceW
GetLastError
LoadLibraryExW
GetShortPathNameW
InterlockedDecrement
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetLocaleInfoW
GetUserDefaultUILanguage
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedExchange
Sleep
WaitForMultipleObjects
SetEvent
CloseHandle
CreateEventW
WaitForSingleObject
GetCurrentThread
SetEnvironmentVariableW
GetTempPathW
GetEnvironmentVariableW
GetSystemTime
GetLocalTime
QueryPerformanceFrequency
GlobalMemoryStatusEx
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
GetCommandLineW
GetFileAttributesExW
GetUserDefaultLCID
GetTimeZoneInformation
DeleteCriticalSection
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempFileNameW
WideCharToMultiByte
LocalFree
DuplicateHandle
ReadFile
WriteFile
SetFilePointer
GetFileInformationByHandle
CreateFileW
CopyFileW
SetFileAttributesW
DeleteFileW
MoveFileExW
RemoveDirectoryW
GlobalFree
GetModuleHandleA
GetStartupInfoW
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
VirtualFree
VirtualAlloc
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
lstrlenW
MultiByteToWideChar
lstrcmpiA
SetLastError
GetVersionExW
TlsGetValue
GlobalReAlloc
SetThreadPriority
lstrcmpW
LocalAlloc
RaiseException
ReleaseMutex
FlushViewOfFile
UnmapViewOfFile
OpenMutexW
CreateMutexW
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
ResetEvent
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
HeapReAlloc
FlushFileBuffers
GetModuleHandleW
GetSystemDefaultLCID
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
TlsAlloc
ExitProcess
TlsSetValue
LoadLibraryW
TlsFree

gdi32

CreateDIBSection
CreateSolidBrush
CreateCompatibleBitmap
SelectObject
BitBlt
GetStockObject
GetObjectW
CreateCompatibleDC
DeleteObject
CreateRectRgnIndirect
CreateDCW
GetDeviceCaps
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
SetLayout

user32

SetWindowLongW
DestroyWindow
IntersectRect
EqualRect
OffsetRect
LoadCursorW
GetClassInfoExW
CreateWindowExW
MessageBoxW
LoadStringW
GetSystemMetrics
SetKeyboardState
DefWindowProcW
EndPaint
GetClientRect
BeginPaint
GetClassNameW
SendMessageTimeoutW
RegisterWindowMessageW
EnumChildWindows
GetWindowRect
SendMessageW
MoveWindow
CharUpperW
IsWindowVisible
DestroyMenu
TrackPopupMenu
MapWindowPoints
GetKeyboardState
GetWindowLongW
CallWindowProcW
IsWindow
GetKeyState
DestroyAcceleratorTable
InvalidateRect
AppendMenuW
CreatePopupMenu
InsertMenuItemW
GetMenuItemCount
GetSystemMenu
MsgWaitForMultipleObjects
DispatchMessageW
SetFocus
IsChild
GetFocus
ShowWindow
GetParent
RegisterClassExW
SetWindowRgn
SetWindowPos
UnionRect
PtInRect
GetDC
ReleaseDC
CharNextW
SystemParametersInfoW
EnumDisplaySettingsW
SystemParametersInfoA
CharUpperBuffW
CharLowerW
SetWindowTextW
LoadIconW
LoadImageW
SetForegroundWindow
IsIconic
PostMessageW
GetSysColor
GetProcessDefaultLayout
GetCursorPos
GetWindow
GetWindowTextW
GetWindowTextLengthW
ReleaseCapture
SetCapture
InvalidateRgn
GetDesktopWindow
GetDlgItem
FillRect
RedrawWindow
CreateAcceleratorTableW
TranslateMessage
PeekMessageW
wsprintfW
CopyImage

comctl32

ImageList_Create
ImageList_DrawIndirect
InitCommonControlsEx
ImageList_LoadImageW
ImageList_Destroy
ImageList_GetImageCount
ImageList_AddMasked

uxtheme

IsThemeActive
GetThemeDocumentationProperty
GetCurrentThemeName

urlmon

URLOpenBlockingStreamW
RegisterBindStatusCallback
CreateURLMoniker
ReleaseBindInfo
CopyBindInfo
CoInternetQueryInfo
CoInternetGetSession

wininet

InternetCloseHandle
CommitUrlCacheEntryW
InternetSetOptionW
InternetQueryOptionW
InternetSetOptionA
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetGetConnectedState
InternetCanonicalizeUrlW
InternetSetStatusCallbackW
DeleteUrlCacheEntryW
CreateUrlCacheEntryW
InternetCombineUrlW
InternetCrackUrlW
InternetAutodial
InternetAutodialHangup

ole32

CLSIDFromProgID
OleLockRunning
OleUninitialize
OleInitialize
StringFromCLSID
CLSIDFromString
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
StgOpenStorageEx
StgCreateStorageEx
GetRunningObjectTable
CreateClassMoniker
CoTaskMemAlloc
CoTaskMemRealloc
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
OleRegGetMiscStatus
OleLoadFromStream
WriteClassStm
OleSaveToStream
CoUninitialize
CoInitializeSecurity
CoInitialize
CoCreateInstance
CoInitializeEx
CreateStreamOnHGlobal
CoGetCallContext
GetHGlobalFromStream
CoGetClassObject
CreateBindCtx

oleaut32

DispCallFunc
VariantInit
VariantTimeToSystemTime
VariantChangeTypeEx
SafeArrayCreateVector
SysAllocStringLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SystemTimeToVariantTime
VariantCopy
OleCreatePropertyFrame
SysStringLen
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
VariantClear
SysAllocString
SysFreeString

shlwapi

PathIsRelativeW
UrlGetPartW
UrlCombineW
StrStrIW

shell32

SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
ShellExecuteExW

msimg32

GradientFill

Sections

.text
Size: 565KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 33KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1149d4ccbe3bab12e8a7229e6cf8e5c5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

user32

comctl32

uxtheme

urlmon

wininet

ole32

oleaut32

shlwapi

shell32

msimg32

Sections

.text Size: 565KB - Virtual size: 564KB

.data Size: 33KB - Virtual size: 34KB

.rsrc Size: 151KB - Virtual size: 150KB

.text
Size: 565KB - Virtual size: 564KB

.data
Size: 33KB - Virtual size: 34KB

.rsrc
Size: 151KB - Virtual size: 150KB