01e1826258f6b02ed603aa2b354b3de0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01e1826258f6b02ed603aa2b354b3de0_JaffaCakes118
Size

689KB
MD5

01e1826258f6b02ed603aa2b354b3de0
SHA1

385c02a05407fc40f5f6d42d3d0d44dedb56ff28
SHA256

02c1bd6cb19b0cf7f9875600ec74c0b5e579d3ab98d0edccf3008c901e0308af
SHA512

c858dba6f91a655fa372d5bb85eb584a1c7df8f9b76c56bd86a0e415f5ca918bc4570f0c93b1652add5260878e71e0cd5d89e66358c902acb073e6c6af35e900
SSDEEP

12288:ubMzwszKD0K2FuB1YjtWZrawyPW743Xpk0UGBhKEtdK7RgGYc4Oe03FKE6:ubMzwsz409EotyrPyeOlnhKmdo8H04

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01e1826258f6b02ed603aa2b354b3de0_JaffaCakes118

Files

01e1826258f6b02ed603aa2b354b3de0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7092c4718d68dc684b410e4d2abc0234

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrFromTimeIntervalA
UrlIsW
SHCreateShellPalette
StrRStrIA
PathFindSuffixArrayW
PathRemoveExtensionA
PathStripPathW
SHRegSetUSValueA
StrCSpnIA
SHRegWriteUSValueW
SHRegCreateUSKeyA
PathUndecorateA
UrlCanonicalizeW
StrRChrA
PathSkipRootA
StrStrIW
PathRemoveBackslashW
StrChrW
PathMakeSystemFolderA
PathIsUNCServerShareA
StrRetToStrW
SHRegWriteUSValueA
PathFindExtensionA
SHSetValueW
PathMakeSystemFolderW
PathIsDirectoryEmptyA
StrCSpnIW
SHCreateStreamOnFileA
SHSetValueA
StrPBrkW
UrlIsNoHistoryW
StrIsIntlEqualA
PathGetArgsA
PathSkipRootW
UrlCreateFromPathA
PathIsRootA
StrSpnA
UrlGetLocationA
StrCmpIW
ColorRGBToHLS
StrToIntExW
PathFileExistsA
StrCSpnW
PathAppendA
SHAutoComplete
SHGetValueW
SHRegCloseUSKey
StrRStrIW
PathIsUNCA
PathStripToRootA
PathCreateFromUrlA
PathQuoteSpacesW
SHStrDupW
PathUnmakeSystemFolderA
PathIsDirectoryEmptyW
PathAddBackslashA
StrRetToStrA
wnsprintfA
PathFindFileNameA
SHDeleteEmptyKeyW
PathIsLFNFileSpecA
PathGetCharTypeA
SHRegOpenUSKeyA
StrCpyNW
PathFindNextComponentW
StrDupA
PathStripToRootW
SHStrDupA
PathParseIconLocationW
PathCanonicalizeW
StrStrA
PathFindSuffixArrayA
PathIsDirectoryW
SHRegEnumUSKeyW
PathParseIconLocationA
PathFindOnPathW
SHQueryInfoKeyA
PathRemoveBlanksA
PathMakePrettyA
StrCSpnA
PathCompactPathExW
SHRegQueryInfoUSKeyW
PathIsSameRootW
PathIsNetworkPathA
PathRelativePathToW
PathIsUNCServerA
StrRChrIW
PathIsURLA
StrFormatByteSizeA
StrChrA
PathSetDlgItemPathW
PathIsURLW
PathGetDriveNumberA
ChrCmpIA
PathBuildRootW
UrlUnescapeA
PathSetDlgItemPathA
PathIsUNCServerW
UrlGetLocationW
StrIsIntlEqualW
StrCmpNIA
UrlEscapeW
SHSkipJunction
SHGetValueA
UrlApplySchemeA
StrFormatKBSizeA
PathIsFileSpecW
PathUnmakeSystemFolderW
SHIsLowMemoryMachine
PathMatchSpecA
UrlEscapeA

ole32

OleDuplicateData
CoQueryClientBlanket
CoFreeAllLibraries
StgCreateStorageEx
CoCreateInstance
OleRegGetMiscStatus
CreatePointerMoniker
OleFlushClipboard
StringFromCLSID
CreateILockBytesOnHGlobal
CoQueryProxyBlanket
CoRegisterPSClsid
OleCreateFromDataEx
EnableHookObject
CoGetCallerTID
DllDebugObjectRPCHook
RevokeDragDrop
UtGetDvtd16Info
CoRegisterMessageFilter
CreateItemMoniker
StringFromIID
CoCreateInstanceEx
CreateBindCtx
UtConvertDvtd16toDvtd32
CoSwitchCallContext
CreateAntiMoniker
RegisterDragDrop
CoRegisterMallocSpy
CoImpersonateClient
OleCreate
ReadClassStg
CreateClassMoniker
ProgIDFromCLSID
OleDestroyMenuDescriptor
CoBuildVersion
CoTaskMemAlloc
OleCreateLinkToFileEx
CoGetInstanceFromFile
CoGetCallContext
OleLoadFromStream
CoGetInterfaceAndReleaseStream
CoRegisterChannelHook
OleCreateFromFile
CoGetMarshalSizeMax
OleLockRunning
CoInitializeSecurity
CoIsOle1Class
CoLoadLibrary
OleRegEnumVerbs
CoDisconnectObject
PropVariantCopy
OleSetContainedObject
CoTaskMemRealloc
StgOpenStorage
OleConvertIStorageToOLESTREAMEx
CoRevokeMallocSpy
StgIsStorageILockBytes
CoUnmarshalInterface
CoTreatAsClass
CoFileTimeNow
OleIsCurrentClipboard
WriteFmtUserTypeStg
StringFromGUID2
CoCreateGuid
CoSuspendClassObjects
OleNoteObjectVisible
CreateFileMoniker
CoQueryReleaseObject
OpenOrCreateStream
ReadFmtUserTypeStg
OleQueryLinkFromData
MonikerRelativePathTo
CoGetCurrentLogicalThreadId
CoGetCurrentProcess
IsAccelerator
DoDragDrop
OleGetAutoConvert
StgSetTimes
CoInitialize
ReadOleStg
CoInitializeEx
OleQueryCreateFromData
CoMarshalInterThreadInterfaceInStream
StgCreateDocfileOnILockBytes
GetRunningObjectTable
CoFileTimeToDosDateTime
OleConvertIStorageToOLESTREAM
OleUninitialize
StgGetIFillLockBytesOnFile
CreateOleAdviseHolder
UpdateDCOMSettings
OleLoad
CoGetPSClsid
OleTranslateAccelerator
OleSetAutoConvert
OleCreateEmbeddingHelper
CoTaskMemFree
StgGetIFillLockBytesOnILockBytes
MkParseDisplayName
CoCreateFreeThreadedMarshaler
OleDraw
OleGetIconOfFile
WriteClassStm
OleInitialize
CoGetMalloc
CoQueryAuthenticationServices
OleSaveToStream
ReadClassStm
IsEqualGUID
UtGetDvtd32Info
OleCreateMenuDescriptor
CreateGenericComposite
OleRun

advapi32

EqualSid
AccessCheckAndAuditAlarmW
DuplicateTokenEx
BuildImpersonateExplicitAccessWithNameA
EnumDependentServicesW
CopySid
EqualPrefixSid
InitializeSid
LogonUserA
CryptSetProviderExW
CryptEnumProviderTypesA
ObjectPrivilegeAuditAlarmW
SetNamedSecurityInfoExW
RegisterEventSourceW
CryptSignHashW
GetKernelObjectSecurity
OpenEventLogW
LockServiceDatabase
GetTrusteeTypeW
StartServiceW
PrivilegeCheck
RevertToSelf
ObjectDeleteAuditAlarmW
CryptGetHashParam
SetSecurityDescriptorOwner
RegisterEventSourceA
CreateProcessAsUserA
AddAce
SetEntriesInAccessListA
GetCurrentHwProfileA
ControlService
CryptSetProviderA
ConvertSecurityDescriptorToAccessNamedW
GetAuditedPermissionsFromAclW
AddAuditAccessAce
InitializeSecurityDescriptor
RegFlushKey
CryptHashSessionKey
SetServiceObjectSecurity
CryptHashData
GetSidSubAuthority
CryptCreateHash
GetSidIdentifierAuthority
GetEffectiveRightsFromAclA
ObjectCloseAuditAlarmA
SetNamedSecurityInfoExA
SetSecurityDescriptorSacl
SetNamedSecurityInfoA
RegEnumKeyA
OpenEventLogA
GetServiceKeyNameA
CreateServiceA
GetMultipleTrusteeA
ChangeServiceConfigW
SetEntriesInAuditListW
AllocateAndInitializeSid
CryptSignHashA
OpenServiceW
LookupPrivilegeNameW
RegOpenKeyExW
RegRestoreKeyA
SetAclInformation
CryptExportKey
CryptImportKey
AbortSystemShutdownW
RegLoadKeyA
RegEnumKeyExA
RegDeleteValueW
GetNamedSecurityInfoA
SetSecurityDescriptorDacl
BuildImpersonateTrusteeW
GetSecurityDescriptorDacl
CryptGenRandom
AdjustTokenPrivileges
MakeAbsoluteSD
SetNamedSecurityInfoW
CryptGetProvParam
CryptSetProviderW
RegNotifyChangeKeyValue
DeleteService
GetSecurityDescriptorSacl
RegSetValueExW
SetTokenInformation
ObjectDeleteAuditAlarmA
QueryServiceConfigA
SetSecurityDescriptorGroup
ImpersonateSelf
RegDeleteKeyW
AddAccessAllowedAce
SetEntriesInAuditListA
ChangeServiceConfigA
BuildImpersonateExplicitAccessWithNameW
RegCloseKey
GetAccessPermissionsForObjectW
RegDeleteKeyA
GetPrivateObjectSecurity
GetSecurityDescriptorLength
OpenProcessToken
GetUserNameA
PrivilegedServiceAuditAlarmA
SetFileSecurityW
RegConnectRegistryA
RegOpenKeyW
BuildExplicitAccessWithNameA
CryptSetProvParam
CryptSetHashParam
GetExplicitEntriesFromAclW
OpenServiceA
RegisterServiceCtrlHandlerW
SetKernelObjectSecurity
CryptDestroyKey
GetTokenInformation
RegCreateKeyW
RegReplaceKeyW
RegSetValueW
QueryServiceStatus
GetAclInformation
GetSidSubAuthorityCount
AllocateLocallyUniqueId
MakeSelfRelativeSD
ReportEventA
SetSecurityInfoExA
GetAccessPermissionsForObjectA
BuildTrusteeWithNameW
UnlockServiceDatabase
RegRestoreKeyW
CreatePrivateObjectSecurity

kernel32

GetEnvironmentStrings
GetPrivateProfileSectionNamesW
SetEndOfFile
CreateEventW
GetFileAttributesExA
GetMailslotInfo
SetProcessPriorityBoost
SetConsoleOutputCP
SetCommState
WriteConsoleOutputA
SetMailslotInfo
GetConsoleCP
SetConsoleMode
MoveFileW
CreateDirectoryW
WriteConsoleInputA
GetComputerNameA
EraseTape
GetProcessHeaps
CommConfigDialogA
ScrollConsoleScreenBufferA
GetDateFormatW
GetSystemInfo
WritePrivateProfileStringA
GetProcessShutdownParameters
GetCommModemStatus
SetSystemTimeAdjustment
EnumResourceLanguagesW
VirtualAlloc
WinExec
WaitForDebugEvent
SetTapePosition
LocalFree
FoldStringA
SetTimeZoneInformation
GetProcessWorkingSetSize
LockFile
DosDateTimeToFileTime
SetPriorityClass
SetTapeParameters
lstrcmpW
WaitForSingleObjectEx
lstrcmpiA
CreateTapePartition
CreateFileMappingA
WriteTapemark
ReadDirectoryChangesW
GetProfileSectionA
WriteConsoleOutputCharacterW
GetDiskFreeSpaceExW
GetLargestConsoleWindowSize
SetThreadContext
GlobalAddAtomA
SetUnhandledExceptionFilter
CreatePipe
GetDiskFreeSpaceW
GetPrivateProfileSectionNamesA
PrepareTape
lstrcpyn
CreateThread
GetPrivateProfileStructW
IsBadStringPtrA
GetProcessPriorityBoost
SetFileAttributesW
FindAtomW
GetPrivateProfileStringA
GetDefaultCommConfigW
OpenFile
SetThreadPriority
SetConsoleCP
GetSystemDirectoryW
GetCommandLineA
LocalHandle
GetFullPathNameA
UpdateResourceA
IsSystemResumeAutomatic
SetFileTime
GetCompressedFileSizeA
ReadFileEx
SetErrorMode
GetProcAddress
GetNamedPipeInfo
LocalCompact
PeekConsoleInputW
FindResourceExW
ClearCommBreak
CreateFileW
CreateFileA
GetFileSize
SetHandleInformation
CreateMutexA
SleepEx
ReadConsoleOutputW
lstrcatW
FindFirstChangeNotificationW
GenerateConsoleCtrlEvent
GetModuleHandleA
GetVolumeInformationA
CreateRemoteThread
SetConsoleScreenBufferSize
MoveFileExW
GlobalFindAtomW
GetTempPathA
GlobalLock
FindFirstChangeNotificationA
WaitForSingleObject
HeapUnlock
TlsSetValue
GetPrivateProfileIntA
GetSystemTimeAdjustment
VirtualProtect
VirtualFree

user32

DdeQueryConvInfo
LoadStringA
GetMenuInfo
IsCharAlphaNumericW
DlgDirListComboBoxA
SetCursorPos
MapVirtualKeyExW
GetUserObjectInformationW
SetProcessDefaultLayout
RegisterWindowMessageW
CharPrevExA
DrawTextA
CharUpperW
GetMenuContextHelpId
SetParent
CharPrevA
FillRect
InvalidateRect
MessageBeep
SetWindowPos
SetDlgItemTextW
SendInput
InSendMessageEx
GetClassInfoA
SendNotifyMessageW
SetUserObjectSecurity
DlgDirSelectExA
GetMenuDefaultItem
DdeConnectList
EndDialog
EmptyClipboard
DdeQueryNextServer
ImpersonateDdeClientWindow
TrackPopupMenuEx
OemToCharBuffA
DdeUnaccessData
SetCaretBlinkTime
CreateIconIndirect
MsgWaitForMultipleObjects
InflateRect
SetMenuInfo
GetKeyNameTextW
CheckMenuItem
GetWindow
SetWindowsHookExA
SetDeskWallpaper
SendMessageTimeoutW
CharPrevW
OpenClipboard
ShowCursor
WindowFromDC
CheckMenuRadioItem
IsCharLowerA
EnumPropsExW
EnableScrollBar
CloseClipboard
GetScrollRange
GetActiveWindow
DlgDirListW
GetDC
CheckDlgButton
IsDlgButtonChecked
GetMessageTime
EditWndProc
DlgDirListComboBoxW
DrawStateA
SendMessageW
WaitForInputIdle
SetMenu
GetDlgItemTextW
OpenWindowStationA
UnregisterClassW
ExitWindowsEx
MoveWindow
BroadcastSystemMessageW
GetClassLongA
DdeReconnect
EnableWindow
SetWindowTextA
GetPriorityClipboardFormat
ShowOwnedPopups
GetAsyncKeyState
SetRectEmpty
LoadMenuA
UnpackDDElParam
DrawFrame
CharUpperBuffA
TabbedTextOutW
SetForegroundWindow
DefMDIChildProcW
VkKeyScanW
UnregisterClassA
SetWindowsHookExW
DefMDIChildProcA
UnregisterDeviceNotification
HideCaret
GetDesktopWindow
GetDlgCtrlID
GetCursor
DdeKeepStringHandle
UnhookWindowsHook
KillTimer
GetLastActivePopup
SetLastErrorEx
CreateAcceleratorTableW
LoadIconA
DdeNameService
SendIMEMessageExW
DlgDirSelectComboBoxExW
IsMenu
CheckRadioButton
GetGuiResources
GetClipboardData
SetSystemCursor
SetProcessWindowStation
CreateMenu
GetClipCursor
DdeGetData
GetMenuItemInfoW
GetMenu
UnloadKeyboardLayout
SetMenuItemInfoW

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 165B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7092c4718d68dc684b410e4d2abc0234

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ole32

advapi32

kernel32

user32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 165B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 165B