0f4d51aa78e3fcb5a43fea7f5b515b00_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0f4d51aa78e3fcb5a43fea7f5b515b00_JaffaCakes118
Size

220KB
MD5

0f4d51aa78e3fcb5a43fea7f5b515b00
SHA1

ce38c0fdc1aa03d142f7e8862c1375e4dd2964c9
SHA256

6ed1218e53f9915dc4fe20aebceffbf2527f5135d1e69cbeaff76390a99e2cff
SHA512

2e280d2e6afa106131b4163a01d8fc37733ca67fde0224071931e0861b7ac729e8fac11c131cbc251bed4cc9ce7314d0950edd8a4697abee8850aeea248c2da9
SSDEEP

6144:HJL3tUPwP1HbRM8ZcgGGughEP291LJq8M5Km3fIs:pBUPwkkTGGughEOo8MXAs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f4d51aa78e3fcb5a43fea7f5b515b00_JaffaCakes118

Files

0f4d51aa78e3fcb5a43fea7f5b515b00_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a11f03a5da36a920546552d8db2ab0ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DebugActiveProcess
DeleteFiber
DuplicateHandle
EnumSystemLanguageGroupsA
EscapeCommFunction
ExpandEnvironmentStringsA
FatalAppExitA
FatalAppExitW
FatalExit
FindAtomW
FindCloseChangeNotification
FindFirstChangeNotificationW
FreeEnvironmentStringsA
FreeLibrary
FreeLibraryAndExitThread
GetCPInfoExA
GetCompressedFileSizeA
GetComputerNameExW
GetConsoleAliasA
GetConsoleWindow
GetCurrentDirectoryA
GetEnvironmentStringsA
GetEnvironmentVariableW
GetFullPathNameA
GetLocaleInfoA
GetLocaleInfoW
GetLongPathNameW
GetNumberFormatW
GetNumberOfConsoleInputEvents
GetQueuedCompletionStatus
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetSystemDirectoryA
GetSystemTimeAdjustment
GetTapeParameters
GetThreadPriority
GetThreadPriorityBoost
GetTickCount
GetVolumeInformationW
GlobalFindAtomW
GlobalHandle
HeapCreate
HeapValidate
IsBadStringPtrA
IsBadStringPtrW
LoadLibraryA
LoadLibraryExA
LocalCompact
LocalFileTimeToFileTime
LocalFlags
LockFile
MapUserPhysicalPages
MapViewOfFileEx
Module32Next
CreateThread
OpenEventA
OpenMutexW
PeekConsoleInputA
Process32FirstW
Process32Next
ProcessIdToSessionId
QueueUserAPC
QueueUserWorkItem
ReadConsoleW
ReadFile
RemoveDirectoryA
ReplaceFileW
RequestWakeupLatency
ScrollConsoleScreenBufferW
SetCalendarInfoW
SetConsoleOutputCP
SetConsoleTextAttribute
SetEnvironmentVariableW
SetFileApisToANSI
SetFileAttributesA
SetFileAttributesW
SetLastError
SetMailslotInfo
SetPriorityClass
SetProcessPriorityBoost
SetSystemPowerState
SetSystemTimeAdjustment
SetThreadPriorityBoost
SetTimeZoneInformation
SetVolumeLabelA
SetVolumeLabelW
SetupComm
Sleep
SystemTimeToTzSpecificLocalTime
Thread32First
Thread32Next
TlsGetValue
TlsSetValue
Toolhelp32ReadProcessMemory
VerifyVersionInfoA
VirtualLock
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WriteConsoleOutputAttribute
WriteFile
WritePrivateProfileSectionW
WriteProcessMemory
WriteTapemark
_hread
_llseek
lstrcmpA
lstrlenW
CreateRemoteThread
CreateProcessA
CreateNamedPipeA
CreateDirectoryExA
CopyFileW
CopyFileExW
CopyFileExA
ConnectNamedPipe
CloseHandle
BuildCommDCBA
CreateFileA
BindIoCompletionCallback
BeginUpdateResourceA
BackupRead
AreFileApisANSI
AllocateUserPhysicalPages
AllocConsole
AddConsoleAliasW
AddAtomA
VirtualAlloc
GetWindowsDirectoryA
lstrlenA
lstrcpyA
MoveFileWithProgressA

user32

TrackMouseEvent
UnhookWinEvent
UnpackDDElParam
UnregisterHotKey
UpdateLayeredWindow
WindowFromDC
keybd_event
ToAsciiEx
ActivateKeyboardLayout
ArrangeIconicWindows
BeginDeferWindowPos
BroadcastSystemMessageA
ChangeDisplaySettingsExA
CharLowerBuffA
CloseClipboard
CloseWindow
CopyAcceleratorTableW
CreateAcceleratorTableA
CreateDesktopW
CreateDialogIndirectParamA
CreateMDIWindowA
CreateWindowExA
CreateWindowStationW
DdeAccessData
DdeConnect
DdeEnableCallback
DdeFreeStringHandle
DefFrameProcA
DefMDIChildProcA
DefMDIChildProcW
DeleteMenu
DeregisterShellHookWindow
DialogBoxIndirectParamA
DialogBoxParamW
DlgDirListW
DlgDirSelectExA
DlgDirSelectExW
DragDetect
DrawEdge
DrawFrameControl
DrawTextA
DrawTextW
EnableMenuItem
EnableWindow
EnumChildWindows
EnumDisplayDevicesA
EnumPropsExA
EnumPropsExW
EqualRect
ExcludeUpdateRgn
FillRect
FrameRect
GetCapture
GetClassInfoExA
GetClassNameA
GetClipboardFormatNameA
GetClipboardOwner
GetDlgItemInt
GetGUIThreadInfo
GetKBCodePage
GetKeyNameTextA
GetKeyNameTextW
GetKeyboardLayout
GetKeyboardType
GetMenuItemID
GetMenuItemInfoA
GetMenuItemRect
GetNextDlgGroupItem
GetPropA
GetQueueStatus
GetScrollPos
GetScrollRange
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetThreadDesktop
GetTopWindow
GetUpdateRect
GetUserObjectInformationW
GetWindow
GetWindowContextHelpId
GetWindowInfo
GetWindowTextA
GetWindowTextLengthW
InSendMessageEx
InvalidateRect
InvalidateRgn
IsIconic
IsRectEmpty
KillTimer
LoadAcceleratorsW
LoadImageW
LoadKeyboardLayoutW
LoadStringA
LoadStringW
MapVirtualKeyExW
MessageBeep
MessageBoxExA
MessageBoxIndirectW
OemToCharA
OpenIcon
PeekMessageA
PostMessageA
PostThreadMessageW
RealGetWindowClassA
RealGetWindowClassW
RedrawWindow
RegisterClassA
RegisterClipboardFormatW
RegisterHotKey
SwitchToThisWindow
ShowWindowAsync
ShowScrollBar
ShowOwnedPopups
SetWindowsHookW
SetWindowsHookA
SetWindowWord
SetWindowTextA
SetWindowLongA
SetPropA
SetMenuItemInfoA
SetMenuInfo
SetFocus
SetCaretPos
SendNotifyMessageW
SendMessageCallbackW
SendDlgItemMessageA
ScrollWindow
RemovePropW
RegisterWindowMessageA

comdlg32

ChooseFontA
ChooseFontW
CommDlgExtendedError
FindTextA
FindTextW
GetFileTitleA
GetFileTitleW
GetOpenFileNameA
GetOpenFileNameW
ChooseColorW
GetSaveFileNameW
PageSetupDlgA
PageSetupDlgW
PrintDlgA
PrintDlgExA
PrintDlgExW
PrintDlgW
ReplaceTextA
ReplaceTextW
GetSaveFileNameA
ChooseColorA

advapi32

RegOpenKeyExA

shell32

DragQueryFileW
DragQueryFileA
DragQueryFile
DragFinish
DragAcceptFiles
DoEnvironmentSubstA
CommandLineToArgvW
DragQueryPoint
Shell_NotifyIconW
ShellExecuteW
ShellExecuteExW
ShellExecuteEx
ShellAboutA
SHQueryRecycleBinW
SHQueryRecycleBinA
SHPathPrepareForWriteW
SHPathPrepareForWriteA
SHLoadInProc
SHIsFileAvailableOffline
SHInvokePrinterCommandW
SHInvokePrinterCommandA
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetMalloc
SHGetInstanceExplorer
SHGetIconOverlayIndexA
SHGetFolderPathA
SHGetFolderLocation
SHGetFileInfoW
SHGetFileInfoA
SHGetFileInfo
SHGetDiskFreeSpaceA
SHGetDesktopFolder
SHGetDataFromIDListA
SHFormatDrive
SHFileOperationW
SHEmptyRecycleBinA
SHCreateDirectoryExW
SHCreateDirectoryExA
SHChangeNotify
SHBrowseForFolderW
SHBrowseForFolder
SHBindToParent
SHAddToRecentDocs
FindExecutableW
ExtractIconW
ExtractIconExW
ExtractIconEx
ExtractIconA
ExtractAssociatedIconW
ExtractAssociatedIconExW
ExtractAssociatedIconExA
ExtractAssociatedIconA
DuplicateIcon

ole32

WriteStringStream
WriteClassStg
WdtpInterfacePointer_UserUnmarshal
UtGetDvtd32Info
UtGetDvtd16Info
UtConvertDvtd32toDvtd16
UpdateDCOMSettings
StgOpenStorageOnILockBytes
StgOpenStorageEx
StgOpenAsyncDocfileOnIFillLockBytes
StgCreatePropStg
StgCreatePropSetStg
StgCreateDocfileOnILockBytes
StgCreateDocfile
StgConvertVariantToProperty
StgConvertPropertyToVariant
SetDocumentBitStg
STGMEDIUM_UserSize
SNB_UserSize
RevokeDragDrop
ReadOleStg
ReadClassStg
PropVariantCopy
PropVariantClear
OpenOrCreateStream
OleSetContainedObject
OleRun
OleRegGetMiscStatus
OleRegEnumFormatEtc
OleQueryLinkFromData
OleQueryCreateFromData
OleNoteObjectVisible
OleMetafilePictFromIconAndLabel
OleLoadFromStream
OleLoad
OleInitializeWOW
OleGetAutoConvert
OleFlushClipboard
OleDuplicateData
OleDraw
OleDoAutoConvert
OleCreateLinkFromDataEx
OleCreateLinkEx
OleCreateFromData
OleCreateEx
OleConvertIStorageToOLESTREAMEx
OleBuildVersion
MonikerCommonPrefixWith
IsEqualGUID
IsAccelerator
HkOleRegisterObject
HWND_UserUnmarshal
HWND_UserSize
HWND_UserMarshal
HPALETTE_UserFree
HMETAFILE_UserUnmarshal
HMETAFILE_UserSize
HMETAFILEPICT_UserSize
HMETAFILEPICT_UserMarshal
HMETAFILEPICT_UserFree
HGLOBAL_UserUnmarshal
HGLOBAL_UserSize
HGLOBAL_UserMarshal
HGLOBAL_UserFree
HENHMETAFILE_UserUnmarshal
HDC_UserUnmarshal
HDC_UserSize
HDC_UserFree
HBRUSH_UserUnmarshal
HBITMAP_UserMarshal
HACCEL_UserUnmarshal
HACCEL_UserSize
HACCEL_UserMarshal
HACCEL_UserFree
GetRunningObjectTable
GetHGlobalFromStream
GetDocumentBitStg
EnableHookObject
DllGetClassObjectWOW
CreatePointerMoniker
CreateItemMoniker
CreateFileMoniker
CreateClassMoniker
CreateAntiMoniker
CoTaskMemRealloc
CoRevokeMallocSpy
CoRevokeClassObject
CoRevertToSelf
CoRegisterSurrogate
CoRegisterMallocSpy
CoRegisterClassObject
CoRegisterChannelHook
CoQueryClientBlanket
CoIsOle1Class
CoIsHandlerConnected
CoInitializeWOW
CoInitializeSecurity
CoImpersonateClient
CoGetStdMarshalEx
CoGetObjectContext
CoGetMarshalSizeMax
CoGetMalloc
CoGetInterfaceAndReleaseStream
CoGetInstanceFromIStorage
CoGetInstanceFromFile
CoGetCurrentLogicalThreadId
CoGetClassObject
CoGetCallerTID
CoGetCallContext
CoFreeLibrary
CoFreeAllLibraries
CoDosDateTimeToFileTime
CoCreateObjectInContext
CoCreateInstanceEx
CoCreateFreeThreadedMarshaler
CoCopyProxy
CLIPFORMAT_UserMarshal
BindMoniker

oleaut32

VarR8FromI2
VarR8FromDisp
VarR8FromDec
VarR8FromDate
VarR4FromUI4
VarR4FromDec
VarR4FromDate
VarR4FromBool
VarR4CmpR8
VarOr
VarNeg
VarMul
VarInt
VarI4FromUI4
VarI4FromStr
VarI4FromR4
VarI4FromI1
VarI4FromDisp
VarI4FromBool
VarI2FromI4
VarI2FromDate
VarI1FromR4
VarI1FromI4
VarI1FromDisp
VarI1FromCy
VarFormatCurrency
VarFix
VarEqv
VarDiv
VarDecSu
VarDecNeg
VarDecFromStr
VarDecFromI2
VarDecFix
VarDecDiv
VarDecCmpR8
VarDateFromUdateEx
VarDateFromUI4
VarDateFromUI2
VarDateFromR4
VarDateFromCy
VarCySu
VarCyMulI4
VarCyInt
VarCyFromUI1
VarCyFromStr
VarCyFromR4
VarCyFromI4
VarCyFromI2
VarCyFromDisp
VarCyCmp
VarCyAbs
VarCmp
VarCat
VarBstrFromUI2
VarBstrFromI4
VarBstrFromDate
VarBoolFromUI4
VarBoolFromStr
VarBoolFromI1
VarBoolFromDec
VarBoolFromDate
VarBoolFromCy
VARIANT_UserFree
UnRegisterTypeLi
SystemTimeToVariantTime
SysReAllocString
SafeArrayUnlock
SafeArraySetRecordInfo
SafeArraySetIID
SafeArrayPutElement
SafeArrayLock
SafeArrayGetVartype
SafeArrayGetLBound
SafeArrayGetIID
SafeArrayGetElement
SafeArrayDestroyDescriptor
SafeArrayCreateVector
SafeArrayCopy
SafeArrayAllocDescriptorEx
SafeArrayAllocDescriptor
RegisterTypeLi
QueryPathOfRegTypeLi
OleLoadPicturePath
OleLoadPictureFile
OleCreatePictureIndirect
OACreateTypeLib2
LoadTypeLi
LPSAFEARRAY_Marshal
GetAltMonthNames
GetActiveObject
DispInvoke
DispGetParam
CreateStdDispatch
ClearCustData
BstrFromVector
BSTR_UserUnmarshal
BSTR_UserSize
VariantInit
VariantCopyInd
VariantChangeTypeEx
VariantChangeType
VarXor
VarUdateFromDate
VarUI4FromUI1
VarUI4FromI4
VarR8FromI4
VarR8FromR4
VarSu
VarUI1FromCy
VarUI1FromDate
VarUI2FromBool
VarUI2FromDec
VarUI2FromI4
VarUI2FromStr
VarUI2FromUI1
VarUI2FromUI4
VarUI4FromBool
VarUI4FromDate
VarUI4FromI2
VarUI4FromDec

shlwapi

StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrRChrA
StrStrW
StrStrIW
StrStrIA
StrStrA
StrRStrIW
StrRStrIA
StrRChrIW
StrRChrIA
StrChrA

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a11f03a5da36a920546552d8db2ab0ea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 136B

.data3 Size: 1024B - Virtual size: 1000B

.data2 Size: 1024B - Virtual size: 1000B

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 136B

.data3
Size: 1024B - Virtual size: 1000B

.data2
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 3KB