ff8dd500089ef3b578d283169d029e1e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ff8dd500089ef3b578d283169d029e1e_JaffaCakes118
Size

2.8MB
MD5

ff8dd500089ef3b578d283169d029e1e
SHA1

50ec18340130995857a6aa0913312d4ab2bdb61a
SHA256

f18e5dc734b909a49892cec1d6ac204b2177408071a885a6c71fe627b00bc444
SHA512

ab6296cac678c175e4cf73a79f503c0dca06d3485685c83117b3fc35fb5b575433bacccab31688f09a0bf140e1608fa3ea139652e932d3f1e7d194c8805459da
SSDEEP

49152:E++DRB1wjtC+3393VLjz8393VLjzZHHHTLzz12icrew6qYzJ+J5lnaHvo3MXcz:X+DRBS872iyF6qGiPaHg3M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff8dd500089ef3b578d283169d029e1e_JaffaCakes118

Files

ff8dd500089ef3b578d283169d029e1e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c3c34a7b2e6c13cdedca4c9dabc2814b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
RegSaveKeyA
GetUserNameA
LookupAccountSidA
OpenThreadToken
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegConnectRegistryA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
IsValidSid
AllocateAndInitializeSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
EqualSid
AdjustTokenPrivileges
LookupPrivilegeValueA
SetThreadToken
DuplicateToken
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
LookupAccountNameA
GetUserNameW
LogonUserA
GetLengthSid
CopySid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSid
GetSidLengthRequired
GetAce
RegSetKeySecurity
RegEnumKeyExA
DeleteAce
GetSecurityDescriptorDacl
RegGetKeySecurity
RegQueryValueExA
RegCreateKeyA
RegFlushKey
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA

awprhook

?SetHook@@YAHPAUHWND__@@0I@Z
?QueryIEPassword@@YAHH@Z
?RemoveHook@@YAHXZ
?QueryEditPassword@@YAHH@Z
?QueryDisabledControl@@YAHXZ

comctl32

ImageList_Create
ImageList_DragEnter
ImageList_BeginDrag
ImageList_Add
ImageList_DragLeave
ImageList_EndDrag
ImageList_DrawEx
ImageList_Destroy
ImageList_LoadImageA
InitCommonControls
ImageList_DragMove

esil

CpuGetName
OSGetInstallDate
OSGetOrganization
OSGetOwner
OSGetLanguageID
OSGetVersion
OSGetName
OSGetSPVersion
PathGetLocalAppData
PathGetAppData
DriveGetFreeSize
DriveGetTotalSize
DriveGetSystemName
DriveGetName
DriveGetType
DriveGetDrives
MemGetProcessMaxPagefileUsage
MemGetProcessPagefileUsage
MemGetProcessMaxUsage
MemGetProcessPageFault
MemGetProcessUsage
MemGetLoad
MemGetFreePageFile
MemGetTotalPageFile
MemGetFreeVirtual
MemGetTotalVirtual
MemGetFreePhysical
MemGetTotalPhysical
CpuGetExtFeature
CpuGetQuantity
CpuGetSerialNumber
CpuGetFeature
CpuGetType
CpuGetSpeed
CpuGetVendor
SocketGetStatus
SocketGetDescription
IEGetVersionString
OSGetProductID
LocaleGetLocalLanguage
OSGetVersionString
SocketGetIPAddress
SocketGetHostName
SocketGetComputerName
SocketGetUserName
FileGetVersion
FileGetCR
FileGetProductName
IsMsinfoAvailable
PathGetProfile
PathGetPersonal
PathGetUserProfile
GetLastErrorString
RunMsinfo
PathGetProgramFiles
PathGetDesktop
PathGetPrograms

gdi32

StretchDIBits
SetAbortProc
StartDocA
StartPage
TextOutA
EndPage
EndDoc
ExtTextOutA
MoveToEx
LineTo
CreatePenIndirect
RoundRect
CreateDCA
CreateDIBSection
StretchBlt
CreatePalette
SelectPalette
RealizePalette
CreateDIBitmap
CreateRectRgn
SelectClipRgn
SetROP2
CreatePen
Rectangle
GetTextMetricsA
CreateBitmap
CreatePatternBrush
CreateSolidBrush
SetBkColor
CreateFontIndirectA
GetTextExtentPoint32A
BitBlt
GetObjectA
GetTextColor
SetTextColor
GetBkMode
SetBkMode
GetMapMode
SetMapMode
DeleteDC
RestoreDC
CreateCompatibleDC
CreateCompatibleBitmap
SaveDC
SelectObject
GetStockObject
GetObjectType
DeleteObject
GetDeviceCaps
GetSystemPaletteEntries

kernel32

SetConsoleCtrlHandler
InterlockedIncrement
FreeResource
HeapReAlloc
RtlUnwind
VirtualAlloc
ExitThread
ExitProcess
MoveFileA
CopyFileA
GetTempPathA
GetWindowsDirectoryA
SetCurrentDirectoryA
CreateDirectoryA
RemoveDirectoryA
SetFileAttributesA
GetDiskFreeSpaceA
GetDriveTypeA
GetVolumeInformationA
WritePrivateProfileStringA
SetErrorMode
lstrcpynA
CompareFileTime
OpenEventA
ResetEvent
ReleaseMutex
MapViewOfFile
UnmapViewOfFile
FileTimeToSystemTime
OpenFileMappingA
CreateFileMappingA
OpenMutexA
CreateMutexA
SystemTimeToFileTime
LocalAlloc
GetPrivateProfileIntA
SetPriorityClass
GetPrivateProfileSectionA
GetCurrentDirectoryA
GlobalSize
GetSystemTime
FindFirstFileA
FindNextFileA
FindClose
VirtualQueryEx
lstrcpyW
lstrcatW
LocalFree
GetTickCount
Sleep
CreateEventA
CreateThread
WriteProcessMemory
EnterCriticalSection
ResumeThread
GetCurrentProcessId
CreateNamedPipeA
SetEvent
ConnectNamedPipe
ReadFile
DisconnectNamedPipe
ExpandEnvironmentStringsA
SystemTimeToTzSpecificLocalTime
GetEnvironmentVariableA
GetCurrentThread
HeapAlloc
HeapFree
GetEnvironmentVariableW
GetComputerNameA
GetComputerNameW
FlushFileBuffers
GetPrivateProfileStringA
lstrcmpiA
OpenProcess
ReadProcessMemory
lstrcmpA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
GetCommandLineA
CompareStringA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetPrivateProfileSectionNamesA
WaitForSingleObject
DebugBreak
SetLastError
GetLastError
LoadLibraryExA
FormatMessageA
FreeLibrary
lstrcatA
lstrcpyA
lstrlenA
GetProcessHeap
VirtualQuery
GetLocaleInfoW
GetVersionExA
GlobalMemoryStatus
GetSystemInfo
GetSystemDirectoryA
GetLocaleInfoA
IsBadReadPtr
SetUnhandledExceptionFilter
GetCurrentProcess
LeaveCriticalSection
GetFileType
TlsSetValue
InitializeCriticalSection
SetStdHandle
SetEndOfFile
GetStartupInfoA
GetVersion
HeapSize
TlsAlloc
TlsFree
TlsGetValue
HeapDestroy
HeapCreate
IsBadWritePtr
DeleteCriticalSection
FatalAppExitA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
GetStdHandle
SetHandleCount
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadCodePtr
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
CompareStringW
SetEnvironmentVariableA
GetFileTime
DosDateTimeToFileTime
SetFileTime
LocalFileTimeToFileTime
VirtualProtect
GetCurrentDirectoryW
GetCurrentThreadId
SetHandleInformation
VirtualFree
SetThreadPriority
CreateRemoteThread
GetFileSize
TerminateProcess
OutputDebugStringA
DeleteFileA
GetTimeZoneInformation
GetLocalTime
CreateProcessA
GetDateFormatA
GetTimeFormatA
CreateFileA
SetFilePointer
WriteFile
CloseHandle
GetModuleFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
LockResource
FindResourceA
SizeofResource
LoadResource
GetProcAddress
InterlockedDecrement
GetModuleHandleA
GetProcAddress
lstrlen

msvcrt

_fileno
_wcsicmp
_memicmp
_strrev
_stat
_CxxThrowException

oleaut32

VariantChangeType
SetErrorInfo
GetErrorInfo
VariantInit
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
SysAllocStringLen
VariantClear
SysAllocString
SysStringLen
SysAllocStringByteLen
SysFreeString
CreateErrorInfo

shell32

SHGetPathFromIDListA
SHGetMalloc
Shell_NotifyIconA
ShellExecuteA
SHBrowseForFolderA
SHBrowseForFolder
SHGetPathFromIDList

user32

SendDlgItemMessageA
MapWindowPoints
CreateDialogIndirectParamA
GetDlgItemInt
DestroyCaret
CheckRadioButton
CheckDlgButton
GetDlgItemTextA
GetClassInfoA
ShowCaret
CreateCaret
SetScrollInfo
ScrollWindowEx
SetDlgItemInt
SetCaretPos
ShowCursor
InflateRect
DrawIcon
LoadAcceleratorsA
SetClassLongA
PostQuitMessage
GetDesktopWindow
CharLowerW
CharLowerA
wsprintfW
OemToCharBuffA
PeekMessageA
IsRectEmpty
GetClientRect
CopyRect
WindowFromDC
GetMenuStringA
GetSystemMenu
EnableMenuItem
GetCapture
SetCursorPos
GetAsyncKeyState
GetKeyState
ScreenToClient
ChildWindowFromPointEx
GetWindow
GetWindowDC
ClientToScreen
WindowFromPoint
HideCaret
InvalidateRect
SetCapture
CharUpperA
CharToOemA
IsDlgButtonChecked
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
PtInRect
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsIconic
IsWindowVisible
GetCursorPos
LoadImageA
DestroyIcon
LoadBitmapA
RegisterClipboardFormatA
DrawTextA
GetWindowTextLengthA
GetFocus
SetFocus
GetWindowTextA
RedrawWindow
SetWindowPos
SendMessageTimeoutA
EnumWindows
RegisterWindowMessageA
OemToCharA
IsWindowEnabled
GetWindowThreadProcessId
UpdateWindow
SetCursor
CharLowerBuffA
CharUpperBuffA
SetForegroundWindow
IsCharAlphaNumericA
GetActiveWindow
DialogBoxParamA
SetDlgItemTextA
SetTimer
MessageBeep
KillTimer
GetDlgItem
PostMessageA
TrackPopupMenuEx
IsClipboardFormatAvailable
CreateDialogParamA
CharUpperW
LoadStringA
GetThreadDesktop
GetProcessWindowStation
FindWindowA
IsCharLowerA
FillRect
GetClassNameA
SendMessageA
GetClassLongA
ReleaseDC
GetDC
LoadIconA
LoadCursorA
RegisterClassA
SetWindowTextA
UnregisterClassA
ReleaseCapture
MoveWindow
wsprintfA
MessageBoxA
EndPaint
GetSysColor
SetRect
BeginPaint
CallWindowProcA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
GetMessageA
TranslateMessage
TranslateAcceleratorA
DispatchMessageA
CreateWindowExA
SetWindowLongA
GetSystemMetrics
GetWindowRect
OffsetRect
SetRectEmpty
IsWindow
GetParent
IsDialogMessageA
EndDialog
DestroyWindow
GetWindowLongA
EnableWindow
ShowWindow
EnumChildWindows
DestroyCursor

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

comdlg32

PrintDlgA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA

ole32

CoCreateInstance
CoUninitialize
CLSIDFromString
CoInitialize
CoTaskMemFree
CoTaskMemAlloc

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 158KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 154KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 770KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.poly
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c3c34a7b2e6c13cdedca4c9dabc2814b

Headers

File Characteristics

Imports

advapi32

awprhook

comctl32

esil

gdi32

kernel32

msvcrt

oleaut32

shell32

user32

version

comdlg32

ole32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.data Size: 158KB - Virtual size: 160KB

Size: 154KB - Virtual size: 296KB

.rsrc Size: 770KB - Virtual size: 772KB

Size: - Virtual size: 4KB

.poly Size: 15KB - Virtual size: 16KB

.idata Size: 12KB - Virtual size: 16KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 158KB - Virtual size: 160KB

.rsrc
Size: 770KB - Virtual size: 772KB

.poly
Size: 15KB - Virtual size: 16KB

.idata
Size: 12KB - Virtual size: 16KB