14fe01d1222e1399476fa306cf02d8d6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14fe01d1222e1399476fa306cf02d8d6_JaffaCakes118
Size

435KB
MD5

14fe01d1222e1399476fa306cf02d8d6
SHA1

e8a2cefa0168847a34fec62853315e32083f1ca1
SHA256

e17e034545806e97d84b7cdd1fe878b54f49bb8f41ab83d67d2408df3b8814bb
SHA512

514468edf0eab776b5e1794fbe7e7bf72accb164e6414e0c28ad775f5d061fc458c73bf4204a0fcd6f3567a12497d1ddeeb01f3b22186473fbe00235607a67c2
SSDEEP

12288:7ZrCWq9jv9sD51PcPrzPFvEGASB6fyGPnp8ebOZs1c/:7ZNYr1PFEG/6aupLOZ1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14fe01d1222e1399476fa306cf02d8d6_JaffaCakes118

Files

14fe01d1222e1399476fa306cf02d8d6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

39fbf88b291f17fd152deb637f5e05dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetCursorPos
MoveWindow
CallMsgFilterA
GetMenuItemID
SetScrollInfo
DdeConnect
ChangeDisplaySettingsW
CloseDesktop
SetCaretPos
DdePostAdvise
DeleteMenu
DialogBoxParamA
CharUpperBuffW
EnumClipboardFormats
EnumDesktopsA
SendMessageTimeoutA
PostThreadMessageA
GetClassNameW
EnumDisplaySettingsExA
CloseWindow
OpenClipboard
DefWindowProcW
SwitchDesktop
GetCursorPos
InvalidateRect
GetKeyboardLayoutList
ShowScrollBar
GetCaretPos
ScrollWindowEx
InsertMenuW
ModifyMenuW
SetWindowRgn
GetPropA
GetMenuCheckMarkDimensions
GetDlgItemInt
CharPrevExA
IsCharAlphaW
CharUpperBuffA
DestroyIcon
SetWindowPos
DdeFreeDataHandle
ExitWindowsEx
GetSystemMetrics
CascadeWindows
AppendMenuA
DrawFocusRect
GetUserObjectInformationA
DefFrameProcW
RegisterClassExW
GetDlgItem
PostMessageW
SubtractRect
SetPropW
EditWndProc
WINNLSGetIMEHotkey
IntersectRect
CreateAcceleratorTableA
MonitorFromRect
GetKeyNameTextW
GetShellWindow
GetMenuState
EnumWindowStationsW
AppendMenuW
ModifyMenuA
CreateDialogIndirectParamW
LockWindowUpdate
SetRectEmpty
MapDialogRect
RedrawWindow
LoadCursorFromFileW
ShowCursor
GetLastActivePopup
DispatchMessageW
CallMsgFilter
ToUnicodeEx
DragObject
ChildWindowFromPointEx
MonitorFromWindow
SendIMEMessageExW
DispatchMessageA
ClientToScreen
CharNextW
WindowFromPoint
DlgDirListW
GetGuiResources
SetUserObjectSecurity
SetLastErrorEx
GetProcessDefaultLayout
FlashWindow
GetMessageTime
MessageBoxA
DdeQueryNextServer
CreateDialogParamW
OemToCharW
WaitMessage
UnregisterHotKey
BroadcastSystemMessageW
GetForegroundWindow
GetWindowTextW
EnumThreadWindows
BeginPaint
LoadAcceleratorsW
DeferWindowPos
WaitForInputIdle
GetWindowTextLengthW
MonitorFromPoint
EnumPropsExA
EndTask
PostQuitMessage
DefDlgProcW
IsZoomed
GetScrollBarInfo
SetDlgItemTextA
DrawFrame
SetDlgItemInt
CheckMenuItem
GetDlgItemTextW
CreatePopupMenu
OemToCharA
GetProcessWindowStation
DrawMenuBar
AttachThreadInput
CreateDialogParamA
OpenDesktopW
SendNotifyMessageW
SetProcessWindowStation
GetSysColor
TileWindows
GetWindowPlacement
UnhookWindowsHook
GetClientRect
GetAncestor
DlgDirSelectExA
SetClipboardData

shlwapi

StrSpnW
UrlGetLocationW
StrDupW
SHSetValueA
StrCpyW
PathFindOnPathW
UrlCanonicalizeA
UrlHashA
SHRegGetBoolUSValueW
wnsprintfW
UrlCombineW
PathMakePrettyA
StrNCatA
SHDeleteValueW
SHAutoComplete
UrlHashW
PathIsSystemFolderW
StrCmpNIW
ColorHLSToRGB
StrCSpnIW
PathFindSuffixArrayA
PathSetDlgItemPathW
SHRegDeleteEmptyUSKeyA
PathAddExtensionA
PathStripToRootW
StrChrIA
SHRegQueryInfoUSKeyA
SHOpenRegStreamW
wnsprintfA
SHOpenRegStream2A
SHRegOpenUSKeyW
PathCombineA
PathUnquoteSpacesA
PathMatchSpecW
ColorRGBToHLS
SHRegCloseUSKey
PathCreateFromUrlA
PathIsFileSpecA
SHRegSetUSValueA
StrRChrW
SHRegEnumUSValueA
UrlGetPartW
SHCreateStreamOnFileA
SHSetValueW
PathIsLFNFileSpecW
SHRegDeleteUSValueW
PathSearchAndQualifyA
PathIsPrefixW
UrlIsOpaqueA
PathCompactPathExW
SHQueryValueExA
ChrCmpIA
PathStripPathA
PathRenameExtensionA
UrlCanonicalizeW
UrlCreateFromPathW
PathFindExtensionA
PathFindFileNameA
PathIsRootA
PathStripToRootA
StrIsIntlEqualA
UrlEscapeA
PathRemoveExtensionA
UrlIsOpaqueW
PathUnmakeSystemFolderA
AssocQueryStringByKeyA
StrToIntExA
PathRemoveBackslashA
PathIsUNCServerShareA
SHRegWriteUSValueW
SHQueryInfoKeyW
PathRemoveBlanksA
PathParseIconLocationA
wvnsprintfW
PathSkipRootW
AssocQueryStringByKeyW
SHRegQueryUSValueW
SHEnumValueA
PathIsRelativeA
PathFindFileNameW
StrCmpNIA
StrCatW
StrStrW
UrlCompareA
UrlCompareW
SHRegWriteUSValueA
SHRegGetUSValueA
SHRegGetBoolUSValueA
PathIsUNCW
PathIsLFNFileSpecA
PathIsRootW
UrlApplySchemeW
PathIsDirectoryEmptyW
PathQuoteSpacesA
SHSetThreadRef

advapi32

BuildTrusteeWithSidA
LookupAccountSidW
CryptDeriveKey
RegCreateKeyExA
BuildExplicitAccessWithNameW
GetNamedSecurityInfoExW
DuplicateTokenEx
GetAuditedPermissionsFromAclW
RegQueryValueExA
CryptGenRandom
ReportEventA
LookupAccountNameA
RegisterServiceCtrlHandlerW
RegDeleteKeyW
ObjectDeleteAuditAlarmA
SetEntriesInAccessListA
RegFlushKey
ObjectCloseAuditAlarmW
GetNamedSecurityInfoA
EqualPrefixSid
SetNamedSecurityInfoExW
OpenSCManagerA
GetMultipleTrusteeA
LookupSecurityDescriptorPartsW
OpenEventLogW
GetServiceDisplayNameW
GetEffectiveRightsFromAclA
OpenProcessToken
ReadEventLogA
CryptAcquireContextA
ConvertAccessToSecurityDescriptorA
CreateProcessAsUserW
BuildSecurityDescriptorW
FreeSid
CryptGetProvParam
RegEnumKeyA
ChangeServiceConfigW
RegRestoreKeyW
CryptSignHashW
CloseServiceHandle
PrivilegedServiceAuditAlarmW
DestroyPrivateObjectSecurity
BuildExplicitAccessWithNameA
CryptDestroyHash
CryptGetUserKey
PrivilegeCheck
AddAccessDeniedAce
GetServiceKeyNameA
EqualSid
ControlService
RegSetKeySecurity
SetTokenInformation
SetSecurityInfoExA
RegOpenKeyA
RegReplaceKeyA
AreAllAccessesGranted
LockServiceDatabase
SetEntriesInAclW
CryptSetProviderExA
CryptHashSessionKey
RegEnumValueA
GetSecurityDescriptorGroup
RegOpenKeyW
OpenBackupEventLogA
QueryServiceConfigA
IsValidSecurityDescriptor
CreatePrivateObjectSecurity
RegLoadKeyA
GetAuditedPermissionsFromAclA
RegisterServiceCtrlHandlerA
CryptVerifySignatureA
CryptGetDefaultProviderA
AddAccessAllowedAce
GetTrusteeTypeA
RegOpenKeyExA
GetNamedSecurityInfoW
ConvertSecurityDescriptorToAccessNamedA
CryptEnumProviderTypesA
GetSecurityInfoExW
OpenServiceA
StartServiceW
GetLengthSid
CryptReleaseContext
OpenServiceW
CryptSetProvParam
ConvertSecurityDescriptorToAccessW
SetSecurityInfo
CryptGetHashParam
CryptGetDefaultProviderW
GetSecurityInfo
CancelOverlappedAccess
CryptGenKey
RegSetValueW
AddAce
QueryServiceLockStatusW
SetSecurityInfoExW
QueryServiceObjectSecurity
BuildTrusteeWithSidW
CloseEventLog
PrivilegedServiceAuditAlarmA
OpenSCManagerW
ObjectCloseAuditAlarmA
GetSecurityDescriptorSacl
EnumDependentServicesW
AccessCheck
LookupPrivilegeDisplayNameA
CryptSetProviderExW
CryptImportKey
DuplicateToken
BackupEventLogW
SetAclInformation
CryptDuplicateKey
AllocateLocallyUniqueId
AdjustTokenGroups
CryptEnumProvidersW

ole32

RevokeDragDrop
ReleaseStgMedium
UtGetDvtd16Info
SetDocumentBitStg
CreateItemMoniker
CoRegisterPSClsid
CoIsOle1Class
CoSuspendClassObjects
CreateDataAdviseHolder
StringFromIID
StringFromGUID2
GetHookInterface
OleRegEnumVerbs
OleUninitialize
MonikerRelativePathTo
OleCreateLink
OleConvertOLESTREAMToIStorage
CoLoadLibrary
CoReleaseServerProcess
StgSetTimes
StgOpenStorage
StgCreateDocfile
CoResumeClassObjects
OleCreateStaticFromData
DoDragDrop
CoGetCurrentProcess
CoFreeAllLibraries
CoFreeUnusedLibraries
CoTreatAsClass
CoCopyProxy
DllDebugObjectRPCHook
WriteFmtUserTypeStg
OleCreateEx
WriteOleStg
OleCreateDefaultHandler
CoQueryReleaseObject
StgGetIFillLockBytesOnFile
CoTaskMemAlloc
CoQueryProxyBlanket
CoCreateInstance
CoGetObject
OleLoad
GetClassFile
RegisterDragDrop
CoReleaseMarshalData
CoInitializeSecurity
MkParseDisplayName
OleCreateFromFile
CoRevokeClassObject
SetConvertStg
CoCreateInstanceEx
GetDocumentBitStg
OleConvertOLESTREAMToIStorageEx
CoFreeLibrary
CreateDataCache
CoIsHandlerConnected
OleSave
OleSetClipboard
OleQueryLinkFromData
CreateGenericComposite
CoGetMarshalSizeMax
CoGetPSClsid
OleCreateMenuDescriptor
CoGetInterfaceAndReleaseStream
CoGetInstanceFromIStorage
CoMarshalInterThreadInterfaceInStream
OleCreate
CoUnmarshalInterface
OleCreateLinkToFile
OleCreateLinkFromDataEx
OleCreateFromDataEx
OleConvertIStorageToOLESTREAMEx
ReadFmtUserTypeStg
PropVariantClear
IIDFromString
OleRun
ReadClassStm
OleGetIconOfClass
OpenOrCreateStream
CoGetCurrentLogicalThreadId
OleNoteObjectVisible
OleRegEnumFormatEtc
OleDestroyMenuDescriptor
StgOpenStorageEx
WriteClassStm
CoInitializeEx
CoRevertToSelf
CoMarshalInterface
OleCreateLinkFromData
OleIsCurrentClipboard
MonikerCommonPrefixWith
OleDraw
OleMetafilePictFromIconAndLabel
CoRegisterMallocSpy
OleCreateFromFileEx
UtConvertDvtd32toDvtd16
WriteClassStg
CLSIDFromString
UtGetDvtd32Info
CreatePointerMoniker
OleDoAutoConvert
GetRunningObjectTable
CoUninitialize
OleFlushClipboard
CreateOleAdviseHolder
CreateClassMoniker
OleBuildVersion
CoGetTreatAsClass
CreateObjrefMoniker

kernel32

QueryDosDeviceA
GetLargestConsoleWindowSize
OpenFileMappingW
EnumSystemCodePagesW
FlushInstructionCache
SetUnhandledExceptionFilter
GetEnvironmentStringsW
OpenProcess
GetProfileStringW
GetWindowsDirectoryA
GetCurrentThreadId
lstrcpyA
SetCalendarInfoA
SetCommMask
HeapCompact
IsBadWritePtr
OpenEventA
SetThreadContext
SetNamedPipeHandleState
VirtualAlloc
GetNumberOfConsoleInputEvents
CreateFileMappingW
WriteConsoleOutputAttribute
Beep
DosDateTimeToFileTime
SignalObjectAndWait
DeleteAtom
GetModuleFileNameA
LocalHandle
WaitNamedPipeA
ExpandEnvironmentStringsA
CreateFileMappingA
SetCommTimeouts
SetLocaleInfoA
TlsAlloc
ConvertThreadToFiber
FindAtomW
GetLongPathNameW
CallNamedPipeW
SetVolumeLabelA
LoadModule
GetPrivateProfileIntW
HeapUnlock
CreateMailslotA
GetTimeFormatA
GetDriveTypeA
RtlFillMemory
GetTempFileNameA
WaitForMultipleObjects
lstrcpynW
WriteConsoleOutputW
MoveFileW
SetLocalTime
CommConfigDialogA
LoadResource
EnumResourceLanguagesA
FindFirstFileA
SetTimeZoneInformation
TlsGetValue
GetCPInfoExA
FreeLibraryAndExitThread
QueryDosDeviceW
HeapDestroy
TerminateThread
FindResourceW
SetThreadPriorityBoost
DeleteFileA
GetFullPathNameW
GetUserDefaultLCID
LockFile
SetConsoleActiveScreenBuffer
GetSystemDirectoryW
SetThreadPriority
GetFileInformationByHandle
GetProcessVersion
SetConsoleCtrlHandler
GetThreadTimes
CreateNamedPipeA
ClearCommBreak
GetProcessWorkingSetSize
GlobalFix
GetNamedPipeHandleStateA
QueueUserAPC
GetConsoleScreenBufferInfo
GetNumberFormatA
SystemTimeToTzSpecificLocalTime
FindNextChangeNotification
GetThreadSelectorEntry
LocalFlags
GetTapeParameters
GetVersion
GetPrivateProfileStringW
WriteConsoleOutputCharacterA
FindFirstChangeNotificationA
GlobalUnfix
GetTempPathW
SetThreadIdealProcessor
UpdateResourceW
OpenSemaphoreA
MoveFileExW
FindAtomA
ReadProcessMemory
ScrollConsoleScreenBufferW
FindResourceA
GetConsoleTitleW
SystemTimeToFileTime
CopyFileA
ReadConsoleOutputAttribute
AddAtomW
WriteFileGather
ExitProcess
GlobalDeleteAtom
IsProcessorFeaturePresent
GetConsoleMode
GetTickCount
GetComputerNameW
EnumSystemLocalesA
DeleteFiber
IsSystemResumeAutomatic
CancelIo
SetFileAttributesA
GetProfileSectionA
SetComputerNameA
GetProfileIntW
GlobalGetAtomNameW
GetProcessPriorityBoost
CreateConsoleScreenBuffer
SetConsoleWindowInfo
WaitForDebugEvent
FreeResource
SetLastError
GetVersionExA
SetTapeParameters
CancelWaitableTimer
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
VirtualProtect

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

39fbf88b291f17fd152deb637f5e05dd

Headers

DLL Characteristics

File Characteristics

Imports

user32

shlwapi

advapi32

ole32

kernel32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 4KB