feed8529df137bc1344e729fb6e60fc8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

feed8529df137bc1344e729fb6e60fc8_JaffaCakes118
Size

86KB
MD5

feed8529df137bc1344e729fb6e60fc8
SHA1

1431130aeaf5f0ade6a5bf8de5af44e304b48f2b
SHA256

4508b728e9d3762d41b679fb1e27b583aa94e0839d4b134c64c93a9aa2dc1870
SHA512

7434fcb95401170bc39873c0b14c945606bdb184362eeb2bf58bfbb8b5ced2187fb8f0d0576c018fa82b3b8ce19a8282ff56e4a36517ba383d8e5ed6c06c44fd
SSDEEP

1536:ebA4elkkGStky3RbZphkDH+bRY6iB86LtVbCJqqZ7t2Iasz+QestSRDTnTTAInE+:p4W73BXhkDHkRexLr6gIaszu9TTTzE7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
feed8529df137bc1344e729fb6e60fc8_JaffaCakes118

Files

feed8529df137bc1344e729fb6e60fc8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

358a393ec0775ea0ad8cc8e5662a18d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleSetAutoConvert
OleGetIconOfFile
CoRevokeClassObject
OleCreateLinkFromData
CoRegisterChannelHook
CoRegisterMallocSpy
UtConvertDvtd16toDvtd32
CoReleaseServerProcess
GetHookInterface
ReadFmtUserTypeStg
OleLockRunning
CoRevertToSelf
OleCreateMenuDescriptor
CoLoadLibrary
StgIsStorageFile
OleSetMenuDescriptor
CoSetProxyBlanket
CoReleaseMarshalData
CoGetCurrentLogicalThreadId
OleInitialize
CoRegisterSurrogate
ReadStringStream
OleSave
UtGetDvtd32Info
CLSIDFromString
OleQueryLinkFromData
CoGetInstanceFromFile
ReadOleStg
OleUninitialize
WriteOleStg
OleSetContainedObject
PropVariantClear
OleCreateDefaultHandler
IsAccelerator
CoTaskMemFree
UpdateDCOMSettings
CoGetInterfaceAndReleaseStream
PropVariantCopy
CoQueryReleaseObject
StgGetIFillLockBytesOnILockBytes
IsEqualGUID
CoLockObjectExternal
CoFreeLibrary
CreateILockBytesOnHGlobal
CoUnmarshalHresult
OleLoadFromStream
CoGetStandardMarshal
WriteClassStm
OleCreateLinkToFile
OleCreate
WriteStringStream
CreateOleAdviseHolder
OleLoad
CoUnmarshalInterface
CoMarshalInterface
OleGetClipboard
GetConvertStg
SetDocumentBitStg
OleCreateFromData
CoTaskMemAlloc
FreePropVariantArray
CoDisconnectObject
OleCreateFromFileEx
ReadClassStg
StgOpenAsyncDocfileOnIFillLockBytes
StgOpenStorageEx
WriteFmtUserTypeStg
CoCreateInstanceEx
UtConvertDvtd32toDvtd16
OleDoAutoConvert
CoTaskMemRealloc
CreateBindCtx
CoDosDateTimeToFileTime
CreateGenericComposite
CoFileTimeToDosDateTime
GetHGlobalFromILockBytes
CoGetTreatAsClass
OleCreateLinkFromDataEx
OleRun
CoQueryAuthenticationServices
OleRegEnumVerbs
CoTreatAsClass
GetRunningObjectTable
GetDocumentBitStg
CoGetCallerTID
RegisterDragDrop
StringFromGUID2
CoCreateInstance
OleRegEnumFormatEtc
OleCreateEx
CoMarshalHresult
OleIsCurrentClipboard
OleCreateEmbeddingHelper
OleGetIconOfClass
CreateStreamOnHGlobal
OleSetClipboard
CoImpersonateClient
OleQueryCreateFromData
OleCreateLinkEx
CoAddRefServerProcess
OleConvertIStorageToOLESTREAMEx
CoRegisterClassObject
CoGetObject
OleDraw

kernel32

DeleteFiber
LoadLibraryA
GetStartupInfoA
lstrlen
EnumResourceTypesW
lstrcat
CommConfigDialogA
GetFileAttributesW
FatalAppExitW
MapViewOfFile
GetPrivateProfileStructA
GetEnvironmentStringsA
FlushInstructionCache
GetSystemDirectoryA
GetVersionExA
GetSystemPowerStatus
VirtualAlloc
WritePrivateProfileStringA
UpdateResourceA
IsBadCodePtr
MapViewOfFileEx
FindNextFileA
CreateSemaphoreW
EnumResourceLanguagesA
GetFileInformationByHandle
Thread32Next
GetBinaryType
SetLocaleInfoW
IsBadHugeWritePtr
EnumTimeFormatsA
RaiseException
CopyFileA
ReadFile
SetProcessShutdownParameters
CreateTapePartition
GetProfileStringA
SetThreadContext
CreateEventW
EnumSystemLocalesW
GlobalFindAtomW
FindFirstChangeNotificationA
CallNamedPipeA
WriteConsoleA
CopyFileExA
IsBadStringPtrW
ReleaseSemaphore
GlobalSize
GetCurrentThreadId
lstrcpy
IsValidCodePage
SetConsoleActiveScreenBuffer
SignalObjectAndWait
SetFileAttributesA
MoveFileExW
CreateEventA
FindResourceExW
LockResource
GetEnvironmentVariableW
QueryPerformanceFrequency
GetTapeStatus
WriteProcessMemory
Beep
Heap32Next
LoadLibraryExW
GetPrivateProfileStringA
GetPrivateProfileSectionW
FileTimeToLocalFileTime
GetPrivateProfileSectionNamesA
GetCalendarInfoW
OpenEventA
GetShortPathNameW
FindFirstFileExA
LoadLibraryExA
ConnectNamedPipe
HeapWalk
GlobalReAlloc
Sleep
GetCommTimeouts
RtlFillMemory
IsValidLocale
GlobalGetAtomNameW
EnumDateFormatsExW
ConvertThreadToFiber
GetEnvironmentStringsW
GetUserDefaultLCID
VirtualProtect
SetCurrentDirectoryW
ReadFileEx
lstrcpynA
GetCPInfo
EnumTimeFormatsW
SetEnvironmentVariableA
GetProfileStringW
GetExitCodeProcess
FileTimeToSystemTime
ReadConsoleOutputAttribute
BuildCommDCBW
GetWindowsDirectoryA
SetDefaultCommConfigA
EnumResourceNamesA
GetTempFileNameA
WriteConsoleOutputW
GetCommMask
AddAtomW
GetSystemTimeAdjustment
ResetWriteWatch
EnumSystemCodePagesA
DeviceIoControl
SetErrorMode
FindNextChangeNotification
WaitForMultipleObjectsEx
ReadDirectoryChangesW
OutputDebugStringA
GetOEMCP
SwitchToThread
CreateMailslotA
SetPriorityClass
Module32First
TransactNamedPipe
HeapFree
WriteProfileStringW
WriteConsoleInputW
DefineDosDeviceA
VerLanguageNameW
GetPrivateProfileIntW
OpenSemaphoreW
GetLogicalDriveStringsW
SetSystemTimeAdjustment
GetLocaleInfoA
GetThreadTimes
GetLogicalDrives
QueryDosDeviceA
LCMapStringA
HeapCreate
VirtualUnlock
DisableThreadLibraryCalls
GetCompressedFileSizeW

shlwapi

SHRegGetUSValueW
SHSetValueA
UrlIsW
PathMakePrettyA
PathIsLFNFileSpecW
UrlApplySchemeA
PathAddExtensionA
PathFindSuffixArrayW
UrlIsOpaqueW
StrFormatByteSizeW
PathCompactPathA
PathFindSuffixArrayA
PathUnquoteSpacesW
SHRegCreateUSKeyW
StrRetToStrW
StrCmpIW
wvnsprintfA
PathBuildRootA
SHRegDeleteEmptyUSKeyA
StrFromTimeIntervalA
UrlGetPartW
PathIsNetworkPathA
PathRemoveBackslashW
PathIsNetworkPathW
PathIsURLW
SHCreateShellPalette
SHQueryValueExA
PathIsUNCServerW
SHRegDeleteEmptyUSKeyW
PathSetDlgItemPathA
StrToIntW
PathIsContentTypeA
PathCanonicalizeA
StrChrIA
PathUnquoteSpacesA
PathIsFileSpecA
PathMatchSpecW
SHGetValueW
PathCreateFromUrlA
SHIsLowMemoryMachine
PathStripPathA
IntlStrEqWorkerW
SHGetThreadRef
PathGetDriveNumberA
UrlCompareW
SHOpenRegStream2A
SHDeleteEmptyKeyA
StrCpyNW
SHEnumKeyExA
SHSetThreadRef
PathFindOnPathW
UrlApplySchemeW
PathIsRelativeA
PathQuoteSpacesW
StrCSpnIW
PathIsPrefixW
StrSpnA
SHRegEnumUSValueW
SHDeleteValueA
PathCanonicalizeW
ChrCmpIA
AssocQueryStringW
PathCombineA
UrlIsOpaqueA
PathIsFileSpecW
SHRegDeleteUSValueW
StrTrimW
PathUnmakeSystemFolderA
StrChrW
SHCreateStreamOnFileA
PathRemoveExtensionA
IntlStrEqWorkerA
StrToIntExW
PathIsDirectoryEmptyA
UrlCompareA
SHRegOpenUSKeyA
PathRemoveFileSpecA
PathAppendW
UrlHashA
SHCopyKeyW
SHDeleteKeyA
StrDupA
UrlIsNoHistoryA
PathSkipRootW
PathIsUNCServerShareA
SHQueryValueExW
PathIsUNCW
StrPBrkW
PathAppendA
PathAddBackslashA
PathSearchAndQualifyW
StrDupW
StrToIntA
StrCatBuffA
PathGetCharTypeA
StrStrW
PathRemoveFileSpecW
StrCmpNA
StrIsIntlEqualW
SHGetValueA
StrStrIA
StrStrIW
AssocQueryStringA
PathRenameExtensionA
PathCompactPathW
SHRegGetUSValueA
SHRegOpenUSKeyW
PathFindNextComponentW
UrlEscapeW
SHCopyKeyA
wnsprintfW
SHStrDupA
PathIsDirectoryA
StrCmpNIA
SHDeleteKeyW
StrIsIntlEqualA

advapi32

DeleteService
RegCreateKeyW
GetEffectiveRightsFromAclA
ControlService
OpenBackupEventLogW
ClearEventLogA
CreateProcessAsUserW
DeleteAce
LookupPrivilegeDisplayNameA
RegUnLoadKeyW
GetNamedSecurityInfoW
IsValidSid
CryptDuplicateHash
RegEnumKeyExA
SetSecurityDescriptorDacl
GetSecurityDescriptorOwner
CryptEnumProvidersW
RegLoadKeyA
GetMultipleTrusteeA
GetSecurityDescriptorControl
BuildSecurityDescriptorA
AllocateAndInitializeSid
RevertToSelf
OpenSCManagerW
GetExplicitEntriesFromAclA
AddAccessDeniedAce
GetAccessPermissionsForObjectW
RegEnumKeyExW
LookupSecurityDescriptorPartsA
GetTrusteeTypeW
RegisterEventSourceW
BuildImpersonateTrusteeA
SetSecurityInfoExA
PrivilegedServiceAuditAlarmW
InitializeSecurityDescriptor
StartServiceA
SetThreadToken
CryptExportKey
GetNamedSecurityInfoExA
PrivilegedServiceAuditAlarmA
RegOpenKeyA
CryptGetUserKey
DeregisterEventSource
CreateServiceW
StartServiceCtrlDispatcherW
BackupEventLogA
CryptDestroyKey
RegSaveKeyW
ImpersonateSelf
RegDeleteKeyA
GetSecurityDescriptorDacl
RegNotifyChangeKeyValue
ImpersonateNamedPipeClient
RegQueryMultipleValuesW
CryptSetProviderW
CreateProcessAsUserA
RegCreateKeyExW
CloseEventLog
DuplicateToken
RegEnumValueW
EnumServicesStatusA
ReportEventA
CryptCreateHash
EnumDependentServicesA
SetKernelObjectSecurity
RegCloseKey
AllocateLocallyUniqueId
GetServiceDisplayNameA
BuildSecurityDescriptorW
CreateServiceA
RegQueryInfoKeyA
SetEntriesInAclW
BuildTrusteeWithNameW
GetServiceDisplayNameW
AdjustTokenPrivileges
CryptGetDefaultProviderA
SetSecurityDescriptorSacl
ConvertSecurityDescriptorToAccessNamedW
RegReplaceKeyA
BuildTrusteeWithSidA
GetNamedSecurityInfoA
OpenBackupEventLogA
SetServiceObjectSecurity
SetNamedSecurityInfoExW
GetLengthSid
GetMultipleTrusteeOperationA
CryptDuplicateKey
RegQueryValueExW
InitiateSystemShutdownW
SetSecurityInfoExW
CryptSetKeyParam
QueryServiceLockStatusA
BuildImpersonateExplicitAccessWithNameA
OpenSCManagerA
AccessCheckAndAuditAlarmA

user32

OffsetRect
LoadCursorA
SetParent
DdeUninitialize
GetCaretBlinkTime
MoveWindow
GetPropA
WindowFromPoint
GetUpdateRgn
UnpackDDElParam
DialogBoxIndirectParamW
LoadKeyboardLayoutA
GetPriorityClipboardFormat
PaintDesktop
ChangeMenuW
FindWindowExA
OemKeyScan
GetDlgItem
CallMsgFilterW
GetTabbedTextExtentW
GetWindowLongW
SetCaretBlinkTime
CreateAcceleratorTableA
ToUnicode
GetMenuItemCount
GetTitleBarInfo
CheckMenuRadioItem
DdeUnaccessData
DdeQueryConvInfo
SetDebugErrorLevel
OpenWindowStationA
GetKeyboardLayout
OemToCharBuffW
GetLastActivePopup
GetCursor
DlgDirSelectComboBoxExA
GetClassLongA
EnumDisplaySettingsExW
CharLowerW
BeginDeferWindowPos
DdeSetQualityOfService
SetScrollInfo
MonitorFromRect
GetClassInfoW
EmptyClipboard
CreateWindowExA
GetDialogBaseUnits
EnumChildWindows
GetWindowTextW
GetAltTabInfo
TranslateMessage
KillTimer
GetProcessWindowStation
UnhookWindowsHookEx
SetWindowPos
MsgWaitForMultipleObjects
DestroyAcceleratorTable
IsCharLowerW
GetKeyboardLayoutList
RegisterClassA
SetUserObjectSecurity
DdeCmpStringHandles
ScrollWindowEx
SetScrollPos
IsDialogMessageA
GetTabbedTextExtentA
IsDlgButtonChecked
EnumDisplaySettingsA
InvertRect
GetClipboardFormatNameA
CreateDialogIndirectParamA
MessageBoxExA
EnumWindowStationsA
InsertMenuW
LoadMenuIndirectW
GetShellWindow
GetSystemMenu
SetTimer
CopyAcceleratorTableW
GetClassNameA
DlgDirSelectExA
MessageBoxIndirectA
EnumClipboardFormats
SetMenuItemInfoA
CheckRadioButton
SetWindowPlacement
DlgDirSelectExW
MapDialogRect
LoadMenuIndirectA
RemovePropW
OpenDesktopA
DestroyIcon
DdeInitializeA
ChangeDisplaySettingsW
ShowWindowAsync
PeekMessageA
LockWindowUpdate
RegisterClassExW
AttachThreadInput
WINNLSGetIMEHotkey
EnumDesktopsA
LoadAcceleratorsA
IsCharAlphaNumericA
HideCaret
GetIconInfo
GetClientRect
FindWindowExW
ChangeDisplaySettingsExW
ValidateRgn
ShowOwnedPopups
CharLowerBuffW
CharLowerBuffA
CharNextExA
DdeImpersonateClient
EnumDisplayDevicesA
ChangeClipboardChain
SetWindowsHookA
SwitchDesktop
SubtractRect
DrawTextExW
GetClipboardViewer
UnregisterDeviceNotification
CreateIconFromResourceEx
PostMessageW
FlashWindow
BroadcastSystemMessage
GetWindowWord
EndTask
DragDetect
CharToOemBuffW
ShowCursor
DdeQueryStringA
GetMenuItemID

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

358a393ec0775ea0ad8cc8e5662a18d6

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

shlwapi

advapi32

user32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 8KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 8KB