159997a1c0b323cd0873e379f941c561_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

159997a1c0b323cd0873e379f941c561_JaffaCakes118
Size

124KB
MD5

159997a1c0b323cd0873e379f941c561
SHA1

7191f071180fc64a7891ccbc3ef24fa0d861d0a6
SHA256

1e41bf0f759a535613602a1b4e6d62ac9364adf709cfeb82f4612164eacbc443
SHA512

dd0f3d04d9be1059e64ece068ea59662e814c966a39bb635959fdb268c0cbdfc6fffb5f5e95790c74f84ed092ca5334abbd1ffbbaa2940a55a78b0473c7b6df4
SSDEEP

3072:fuANmZ5HLNYEna9IWHMhZqkpiC5VaoF7IQMQLnStor:fuAghpZqkpiCHaoFVMenS6r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
159997a1c0b323cd0873e379f941c561_JaffaCakes118

Files

159997a1c0b323cd0873e379f941c561_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f4f347fddf18c5ea5544ddd9a25484c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHOpenRegStreamA
PathMakeSystemFolderW
SHRegSetUSValueA
UrlGetPartA
PathIsNetworkPathA
PathIsNetworkPathW
PathCompactPathA
SHSkipJunction
IntlStrEqWorkerW
UrlIsW
StrTrimA
UrlCreateFromPathA
UrlGetLocationA
StrPBrkA
PathIsPrefixA
PathRemoveBackslashW
SHRegEnumUSKeyA
StrNCatW
PathFindExtensionA
HashData
StrChrIA
PathFindNextComponentA
UrlUnescapeW
StrCmpW
StrFromTimeIntervalA
SHRegDeleteEmptyUSKeyW
PathUnmakeSystemFolderW
PathCombineW
SHRegCloseUSKey
ChrCmpIA
StrIsIntlEqualW
SHOpenRegStream2W
StrCpyW
UrlIsNoHistoryA
StrIsIntlEqualA
UrlCombineW
PathFileExistsA
UrlCreateFromPathW
PathRenameExtensionW
SHRegCreateUSKeyA
PathIsUNCA
PathQuoteSpacesW
PathStripPathW
PathFindSuffixArrayW
UrlApplySchemeW
SHRegGetUSValueA
SHCreateStreamOnFileW
PathIsPrefixW
SHQueryValueExW
PathCommonPrefixA
PathIsSameRootW
PathRenameExtensionA
PathAddExtensionW
SHSetThreadRef
PathMatchSpecW
PathAppendA
PathGetDriveNumberA
PathIsFileSpecA
StrCatBuffA
StrFormatKBSizeA
PathSearchAndQualifyW
SHEnumValueA
PathFindFileNameW
PathIsRootW
PathRemoveFileSpecA
PathMakePrettyA
SHGetValueA
SHSetValueW
StrRetToStrW
StrFormatByteSize64A
PathSkipRootW
ColorAdjustLuma
UrlEscapeA
PathCommonPrefixW
PathIsUNCServerShareA
SHRegOpenUSKeyW
SHDeleteValueA
wnsprintfA
PathAddBackslashW
StrToIntExA
UrlIsA
PathQuoteSpacesA
SHDeleteKeyA
PathMatchSpecA
wvnsprintfW
StrToIntA
SHSetValueA
PathRemoveExtensionA
UrlCanonicalizeW
UrlHashA
StrChrW
SHCreateShellPalette
PathUnmakeSystemFolderA
PathCanonicalizeW
AssocQueryKeyA
UrlCanonicalizeA
PathIsSystemFolderW
SHRegEnumUSValueW
wnsprintfW
StrCmpIW
StrFormatByteSizeW
PathSetDlgItemPathA
PathSearchAndQualifyA
PathParseIconLocationW
PathIsContentTypeW
SHRegWriteUSValueA
SHOpenRegStream2A
SHDeleteEmptyKeyA
StrCmpNA
StrFromTimeIntervalW
SHRegOpenUSKeyA
PathFindOnPathA
UrlIsOpaqueW
SHRegEnumUSValueA
SHRegDuplicateHKey
PathIsURLA
SHOpenRegStreamW
PathCompactPathExA

user32

SendMessageW
GetClassNameA
CreateDialogIndirectParamW
IsCharUpperW
MessageBoxExA
SwitchDesktop
CharToOemA
GetWindowRect
DlgDirListW
GetClipboardFormatNameA
GetMenuState
OffsetRect
GetIconInfo
DispatchMessageA
GetPropA
GetAncestor
DrawEdge
GetMenuItemID
DrawTextW
LoadMenuW
InvertRect
ToAscii
IsClipboardFormatAvailable
GetMenuBarInfo
HiliteMenuItem
DdeUninitialize
SetDlgItemInt
CreateCursor
ShowCaret
FrameRect
MapVirtualKeyExA
AdjustWindowRect
VkKeyScanW
GetClassInfoA
EndMenu
LookupIconIdFromDirectoryEx
OpenWindowStationA
GetWindowRgn
IsMenu
EndDialog
DeleteMenu
MapVirtualKeyExW
EnumDisplayDevicesW
GetClassInfoExA
DdeNameService
HideCaret
LoadImageA
EnumWindows
MessageBoxA
SetUserObjectInformationA
OemToCharBuffW
RegisterClassW
GetUserObjectInformationA
IsCharAlphaNumericW
DdeCmpStringHandles
TranslateAccelerator
CreateIcon
LockWindowUpdate
OpenWindowStationW
SetClassLongW
BroadcastSystemMessageA
DdePostAdvise
MenuItemFromPoint
CheckMenuRadioItem
DialogBoxIndirectParamW
ReuseDDElParam
LoadAcceleratorsA
OpenDesktopA
DdeSetQualityOfService
DdeFreeDataHandle
LoadAcceleratorsW
UnhookWinEvent
GetClipboardFormatNameW
CreateIconFromResourceEx
EnumWindowStationsA
PeekMessageA
SetCapture
GetKeyboardLayout
GetMenuItemCount
GetClipboardOwner
GetClipboardSequenceNumber
DefWindowProcA
SetWindowPos
UnregisterDeviceNotification
SetClipboardViewer
ScrollWindow
ValidateRgn
WaitForInputIdle
CreateDesktopA
OpenClipboard
CountClipboardFormats
GetMessageA
SetClassWord
DispatchMessageW
IsWindowUnicode
SetScrollPos
RealChildWindowFromPoint
GetDlgItemTextW
DdeQueryStringA
SetPropA
GetCapture
DestroyWindow
DragDetect
CheckDlgButton
SendMessageTimeoutW
SetDoubleClickTime
IsCharLowerW
DdeQueryNextServer
DdeCreateStringHandleW
IsDlgButtonChecked
UnhookWindowsHook
ChangeDisplaySettingsW
EndDeferWindowPos
PostMessageW
ExitWindowsEx
CreateMenu
MessageBoxExW
DdeAbandonTransaction
CreateWindowStationA
AppendMenuW
GetKeyNameTextA
GetCursorPos
ReleaseCapture
SetMessageQueue
GetDlgItemInt
DdeSetUserHandle
SetWindowsHookA
RemovePropW
CreateDialogParamW
GetMessageExtraInfo
IsRectEmpty

ole32

OleSetMenuDescriptor
CoGetMarshalSizeMax
OleTranslateAccelerator
RegisterDragDrop
CoUnmarshalHresult
CoRevokeClassObject
CoInitializeSecurity
UpdateDCOMSettings
CoGetCallContext
CoRegisterClassObject
OleLoad
OpenOrCreateStream
OleDraw
CoGetObject
CreateDataAdviseHolder
OleGetClipboard
OleCreateLinkToFile
CoGetCallerTID
CoCopyProxy
PropVariantCopy
CoGetPSClsid
CoMarshalHresult
CoImpersonateClient
WriteStringStream
CoQueryProxyBlanket
FreePropVariantArray
StgIsStorageILockBytes
RevokeDragDrop
StgOpenAsyncDocfileOnIFillLockBytes
OleRun
CoIsHandlerConnected
UtConvertDvtd16toDvtd32
CreateClassMoniker
CoBuildVersion
WriteFmtUserTypeStg
CoGetInstanceFromIStorage
ProgIDFromCLSID
CoCreateFreeThreadedMarshaler
MonikerRelativePathTo
CoReleaseMarshalData
GetHookInterface
OleSetClipboard
OleCreateLinkEx
CreateDataCache
OleCreateMenuDescriptor
CoQueryClientBlanket
StgGetIFillLockBytesOnILockBytes
CoTaskMemAlloc
OleIsRunning
OleConvertIStorageToOLESTREAM
StgSetTimes
OleCreateFromFile
CoDisconnectObject
CoGetTreatAsClass
CreateStreamOnHGlobal
WriteClassStm
CoResumeClassObjects
CoLoadLibrary
DoDragDrop
CreateObjrefMoniker
MonikerCommonPrefixWith
OleCreateStaticFromData
OleConvertOLESTREAMToIStorageEx
CoUnmarshalInterface
CreateAntiMoniker
CoQueryAuthenticationServices
CoRegisterChannelHook
CoMarshalInterface
StgCreateDocfileOnILockBytes
UtGetDvtd32Info
CoRevokeMallocSpy
StringFromIID
CoGetStandardMarshal
OleUninitialize
OleGetIconOfClass
StgOpenStorage
CoTreatAsClass
OleConvertOLESTREAMToIStorage
ReleaseStgMedium
CoRegisterMessageFilter
CoSuspendClassObjects
CoGetCurrentProcess
CoLockObjectExternal
CoRegisterPSClsid
SetConvertStg
CoSwitchCallContext
StringFromCLSID
GetHGlobalFromILockBytes
OleCreateLinkToFileEx
CoRegisterSurrogate
CLSIDFromString
CoSetProxyBlanket
CoTaskMemRealloc
WriteClassStg
CoCreateInstanceEx
CoGetInstanceFromFile

advapi32

GetAccessPermissionsForObjectA
PrivilegeCheck
RegOpenKeyA
ObjectDeleteAuditAlarmA
CryptHashSessionKey
EnumDependentServicesA
CancelOverlappedAccess
CryptEnumProvidersW
RegCreateKeyW
SetEntriesInAccessListA
GetServiceKeyNameA
BuildTrusteeWithSidW
AccessCheck
QueryServiceConfigA
GetNamedSecurityInfoExA
GetAuditedPermissionsFromAclW
RegSetValueExA
GetFileSecurityW
SetAclInformation
CryptGenKey
FreeSid
DuplicateTokenEx
InitializeSecurityDescriptor
RegQueryInfoKeyW
SetEntriesInAuditListW
GetSidIdentifierAuthority
SetTokenInformation
SetSecurityInfoExA
LookupAccountSidW
ObjectOpenAuditAlarmA
CryptVerifySignatureA
OpenProcessToken
QueryServiceLockStatusW
IsValidAcl
RegSetValueA
SetServiceBits
SetServiceStatus
RegSetValueW
TrusteeAccessToObjectA
SetNamedSecurityInfoExA
CryptAcquireContextW
AddAuditAccessAce
RegOpenKeyExW
ConvertSecurityDescriptorToAccessNamedW
LookupPrivilegeDisplayNameA
RegLoadKeyA
GetKernelObjectSecurity
CryptGetKeyParam
AccessCheckAndAuditAlarmW
AddAccessAllowedAce
GetAuditedPermissionsFromAclA
ImpersonateLoggedOnUser
ReportEventA
ObjectCloseAuditAlarmW
SetSecurityInfo
GetLengthSid
CloseServiceHandle
BuildImpersonateTrusteeW
RegFlushKey
ControlService
CryptDestroyKey
RegSaveKeyW
RegDeleteValueA
RegisterEventSourceW
LogonUserA
CryptDuplicateHash
GetOverlappedAccessResults
ImpersonateNamedPipeClient
LockServiceDatabase
RegisterServiceCtrlHandlerW
PrivilegedServiceAuditAlarmA
DeleteService
LookupSecurityDescriptorPartsW
ImpersonateSelf
AbortSystemShutdownW
RevertToSelf
RegLoadKeyW
GetFileSecurityA
GetNamedSecurityInfoExW
GetTrusteeTypeW
BuildSecurityDescriptorA
InitiateSystemShutdownA
CryptGetDefaultProviderW
StartServiceCtrlDispatcherW
CryptEncrypt
RegUnLoadKeyW
BuildTrusteeWithSidA
CryptSetProviderA
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameA
GetTrusteeNameA
BuildTrusteeWithNameA
QueryServiceObjectSecurity
AccessCheckAndAuditAlarmA
GetSecurityDescriptorControl
CryptDuplicateKey
GetOldestEventLogRecord
QueryServiceConfigW
GetNamedSecurityInfoA
PrivilegedServiceAuditAlarmW
CryptDestroyHash
EnumDependentServicesW
SetEntriesInAclW
GetCurrentHwProfileA
GetSecurityDescriptorLength
GetMultipleTrusteeOperationA
RegSaveKeyA
GetTokenInformation
BuildImpersonateTrusteeA
BackupEventLogW
GetSecurityDescriptorSacl
IsTextUnicode
RegCloseKey

kernel32

TlsFree
Process32First
GetVolumeInformationA
GetProcessWorkingSetSize
GetFileInformationByHandle
FreeResource
SetProcessWorkingSetSize
VirtualAlloc
CreateTapePartition
GetACP
VirtualFree
GlobalCompact
PrepareTape
SetComputerNameA
GetThreadPriority
lstrcmpA
HeapCreate
LockFile
VirtualLock
GetEnvironmentVariableA
LocalFree
GetBinaryType
GetExitCodeProcess
WaitForMultipleObjects
GetPrivateProfileIntW
GetComputerNameA
GetPrivateProfileStructW
CompareStringW
GetLogicalDrives
GetLogicalDriveStringsW
GetSystemTimeAsFileTime
FillConsoleOutputCharacterA
GetTickCount
ReleaseSemaphore
SetFileApisToOEM
CreateProcessW
GetFullPathNameA
SetCurrentDirectoryA
WriteProfileStringA
LocalAlloc
SetNamedPipeHandleState
CreateIoCompletionPort
EnumDateFormatsA
OutputDebugStringA
SearchPathW
GetCurrentThreadId
CreatePipe
GlobalFindAtomW
SetUnhandledExceptionFilter
GetStartupInfoW
SignalObjectAndWait
SetCalendarInfoW
GetCPInfoExA
SetLocaleInfoW
GetTapePosition
SetFileApisToANSI
GetCurrentDirectoryA
GetProcessHeap
UpdateResourceW
WriteConsoleOutputCharacterA
GlobalUnWire
GetBinaryTypeA
WaitForSingleObjectEx
FindAtomW
ScrollConsoleScreenBufferW
LCMapStringW
Heap32ListFirst
GetThreadPriorityBoost
BeginUpdateResourceW
FreeEnvironmentStringsW
FindFirstChangeNotificationA
GlobalGetAtomNameW
VirtualProtect
LocalFileTimeToFileTime
SetThreadContext
GetEnvironmentStringsA
FindResourceW
WriteConsoleOutputW
IsBadWritePtr
ReadConsoleOutputAttribute
BeginUpdateResourceA
SetSystemPowerState
MapViewOfFileEx
SetConsoleWindowInfo
WriteProcessMemory
EnumResourceNamesA
lstrlenW
GetFileAttributesExA
SetProcessPriorityBoost
OpenSemaphoreW
GetDefaultCommConfigW
GetDefaultCommConfigA
GetFileSize
GetLongPathNameA
VirtualProtectEx
LocalUnlock
GetPrivateProfileStringA
IsBadCodePtr
ClearCommBreak
WaitNamedPipeW
GetProcAddress
Heap32First
EnumResourceTypesW
GetThreadSelectorEntry
MapViewOfFile
GetThreadLocale
WriteConsoleW
GetConsoleTitleW
GetProfileIntW
GetStartupInfoA
GetSystemInfo
SetErrorMode
QueryDosDeviceA
ExpandEnvironmentStringsA
GetCurrentProcessId
SetFileAttributesW
GetCalendarInfoW
IsBadHugeWritePtr
GetProcessTimes
SetCommTimeouts
lstrcmp
WritePrivateProfileStructA
MoveFileA
GetConsoleCP
LoadResource
FindResourceA
GetModuleFileNameW

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 386B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f4f347fddf18c5ea5544ddd9a25484c4

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

ole32

advapi32

kernel32

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 386B

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 386B