15db4ff88ad31376d675582847aa07ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15db4ff88ad31376d675582847aa07ff_JaffaCakes118
Size

549KB
MD5

15db4ff88ad31376d675582847aa07ff
SHA1

ea942b99bd88cb25be6f689700d79991da0421ff
SHA256

dbeba5167ecdf0282505f35f8d1ea627c39738a07301d906bb2e85a16f53cb3a
SHA512

ec54d1628fa841565b258c959334c8227227d15ed95d0988b074e4963969ee7d7868d64160b4400e395bc5018b55d08cfa02a26c88589ba13accf37806977b56
SSDEEP

12288:fNapf0fv9bCvXZS9chG0TKofCKDuz4eJZeg:fNapfUv9+tIA6KpId

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15db4ff88ad31376d675582847aa07ff_JaffaCakes118

Files

15db4ff88ad31376d675582847aa07ff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a1cb2ae830b86fba7d599e7625fff089

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCanonicalizeW
StrFormatByteSize64A
UrlUnescapeW
PathSearchAndQualifyW
UrlIsOpaqueW
PathUnmakeSystemFolderW
PathIsLFNFileSpecW
PathIsSystemFolderW
StrRetToStrW
SHRegEnumUSValueA
AssocQueryStringW
StrNCatW
SHDeleteValueA
StrPBrkW
UrlHashW
SHRegDeleteEmptyUSKeyA
PathIsContentTypeA
PathIsSameRootA
PathFindSuffixArrayA
StrStrIW
SHSkipJunction
PathRemoveFileSpecA
SHRegSetUSValueW
PathUnquoteSpacesA
PathFindExtensionA
StrRChrIW
StrCSpnA
PathIsFileSpecW
PathRemoveArgsW
StrFromTimeIntervalA
PathCanonicalizeA
SHRegQueryUSValueA
StrFormatKBSizeA
PathFindNextComponentW
SHRegGetUSValueA
PathParseIconLocationA
PathFileExistsA
PathGetArgsA
StrRChrW
UrlIsNoHistoryW
PathSearchAndQualifyA
PathStripPathA
PathQuoteSpacesA
SHRegDeleteEmptyUSKeyW
PathRemoveExtensionA
PathSkipRootW
PathAppendW
SHEnumValueW
StrChrIA
AssocQueryKeyA
PathStripToRootA
SHRegGetUSValueW
PathFindSuffixArrayW
SHOpenRegStreamW
wvnsprintfA
StrCmpIW
PathFileExistsW
StrStrW
StrCpyNW
PathFindFileNameA
PathUnquoteSpacesW
SHDeleteKeyW
PathIsFileSpecA
PathSkipRootA
StrCSpnIW
UrlApplySchemeW
PathIsNetworkPathA
PathIsRelativeW
PathRenameExtensionA
PathGetDriveNumberW
AssocQueryStringByKeyA
SHRegDeleteUSValueW
StrToIntW
PathIsNetworkPathW
StrDupA
StrNCatA
PathMatchSpecA
StrCatW
PathRemoveExtensionW
SHRegEnumUSKeyA
SHEnumValueA
SHOpenRegStreamA
StrSpnA
PathAddExtensionW
PathIsURLW
PathGetDriveNumberA
PathRemoveBackslashW
SHRegGetBoolUSValueA
PathCommonPrefixW
SHRegWriteUSValueA
UrlIsNoHistoryA
UrlCompareW
UrlIsA
PathUndecorateW
SHCopyKeyA
HashData
StrCmpNA
SHCreateStreamOnFileW
UrlCreateFromPathA
PathGetCharTypeA
PathIsUNCServerA
SHDeleteKeyA
PathMakeSystemFolderW
StrFormatKBSizeW
StrTrimA
SHRegQueryInfoUSKeyA
PathQuoteSpacesW
PathCompactPathW
PathRemoveArgsA
SHRegGetBoolUSValueW
PathCombineW
StrStrIA
PathIsLFNFileSpecA
UrlApplySchemeA
PathCreateFromUrlW
SHRegDeleteUSValueA
StrCmpW
SHQueryValueExW
PathRelativePathToW
StrPBrkA
PathParseIconLocationW
PathMakePrettyA
PathIsContentTypeW
PathRemoveBlanksW

kernel32

EnumCalendarInfoExA
GetDateFormatW
GetSystemDefaultLCID
GetExitCodeThread
SetVolumeLabelA
FindFirstFileExW
CreateIoCompletionPort
CreateMailslotW
CallNamedPipeA
Sleep
VirtualProtect
WriteFileEx
QueryPerformanceCounter
LocalFree
ReadFile
WritePrivateProfileSectionA
LoadModule
SetProcessWorkingSetSize
SetMailslotInfo
FindNextChangeNotification
GetSystemDirectoryA
VirtualAlloc
CancelDeviceWakeupRequest
GetThreadSelectorEntry
VirtualQuery
Heap32First
GetVersionExW
SetNamedPipeHandleState
Toolhelp32ReadProcessMemory
CreateFileMappingA
WriteConsoleOutputAttribute
RequestWakeupLatency
GetConsoleTitleA
QueryDosDeviceA
CompareStringA
GetCommMask
WideCharToMultiByte
OpenEventW
GetCurrentDirectoryW
LocalSize
SetErrorMode
EnumTimeFormatsW
GetCalendarInfoW
GetCurrencyFormatW
GetSystemTimeAdjustment
WritePrivateProfileStructW
EnumTimeFormatsA
GetConsoleScreenBufferInfo
FormatMessageW
LCMapStringA
GetSystemDirectoryW
lstrcat
ReadConsoleOutputCharacterW
GetConsoleCP
ConnectNamedPipe
GetDiskFreeSpaceExA
GetBinaryType
WaitNamedPipeW
CommConfigDialogW
PeekConsoleInputW
GetLogicalDriveStringsW
OpenSemaphoreW
GetStartupInfoW
GetHandleInformation
OutputDebugStringA
GetVolumeInformationA
SetConsoleOutputCP
lstrcpynA
FindResourceA
GetComputerNameA
GetPrivateProfileStructW
GetProcessHeap
GetStringTypeExW
CreateDirectoryExW
GetCommModemStatus
ExitProcess
WritePrivateProfileStringA
GetCommandLineA
lstrcmpiW
lstrcmpA
InitializeCriticalSectionAndSpinCount
SetConsoleMode
DeleteFileA
GetShortPathNameW
SetTapePosition
WaitForSingleObject
CreateWaitableTimerW
GetCompressedFileSizeA
SetConsoleCP
lstrcpyW
DeleteFileW
VerLanguageNameA
Heap32Next
ReadDirectoryChangesW
SetConsoleTitleA
CreateEventA
UnmapViewOfFile
GetPrivateProfileIntW
UpdateResourceA
GlobalGetAtomNameA
DebugActiveProcess
GetMailslotInfo
IsBadCodePtr
VirtualProtectEx
GetPrivateProfileIntA
PostQueuedCompletionStatus
CreateToolhelp32Snapshot
GetStdHandle
LocalUnlock
AddAtomA
DisableThreadLibraryCalls
GetNamedPipeHandleStateA
WriteConsoleOutputW
SetConsoleActiveScreenBuffer
FindFirstFileW
FlushViewOfFile
LocalCompact
GetCPInfo
ExpandEnvironmentStringsA
GetCurrentProcess
DefineDosDeviceA
GetSystemTime
CreateDirectoryExA
ExpandEnvironmentStringsW
lstrcpynW
FindFirstFileExA
SetEndOfFile
GetProfileIntW
GetUserDefaultLangID
EnumResourceTypesA
WritePrivateProfileStringW
FindResourceW
GetDevicePowerState
GetThreadPriority
GetFileAttributesA

ole32

CoTaskMemRealloc
ProgIDFromCLSID
PropVariantCopy
CoFileTimeToDosDateTime
OleSetClipboard
CoRegisterChannelHook
StgIsStorageFile
OleCreateFromDataEx
GetHGlobalFromILockBytes
CoQueryReleaseObject
CoGetStandardMarshal
UpdateDCOMSettings
CoRevokeClassObject
OleSetContainedObject
CoQueryClientBlanket
StgOpenStorageEx
CoReleaseMarshalData
OleRegGetUserType
CoUnmarshalInterface
OleCreateEx
OleQueryLinkFromData
CreateBindCtx
OleDestroyMenuDescriptor
IIDFromString
CreateILockBytesOnHGlobal
StgSetTimes
CoGetPSClsid
StgIsStorageILockBytes
SetDocumentBitStg
UtGetDvtd32Info
CoCreateFreeThreadedMarshaler
OleRegEnumVerbs
ReadFmtUserTypeStg
UtGetDvtd16Info
DoDragDrop
OleConvertIStorageToOLESTREAMEx
OleQueryCreateFromData
CreateStreamOnHGlobal
CoLoadLibrary
SetConvertStg
CoLockObjectExternal
CoRevokeMallocSpy
OleRegGetMiscStatus
CoInitialize
CoIsOle1Class
StgCreateDocfileOnILockBytes
CreateItemMoniker
OleGetIconOfClass
OleCreateLinkEx
CoDisconnectObject
IsAccelerator
CoCreateGuid
CoRegisterClassObject
OleCreateLinkFromData
GetHGlobalFromStream
CoCreateInstanceEx
OleSaveToStream
StgOpenStorageOnILockBytes
OleCreateLinkToFileEx
CreateOleAdviseHolder
CoMarshalHresult
CreateFileMoniker
OleConvertIStorageToOLESTREAM
OleMetafilePictFromIconAndLabel
OleDuplicateData
UtConvertDvtd32toDvtd16
OleLoad
CoGetObject
OleTranslateAccelerator
CoMarshalInterface
OleCreateStaticFromData
CoInitializeSecurity
OleDraw
PropVariantClear
OleGetIconOfFile
GetConvertStg
UtConvertDvtd16toDvtd32
OleCreateFromFile
CoFileTimeNow
StgCreateStorageEx
CoIsHandlerConnected
CoGetInstanceFromIStorage
IsEqualGUID
CoRegisterSurrogate
RegisterDragDrop
CoRegisterMessageFilter
OleSave
CoCreateInstance
CoBuildVersion
OleUninitialize
OpenOrCreateStream
CoDosDateTimeToFileTime
CreateObjrefMoniker
OleCreateFromFileEx
OleSetAutoConvert
CoGetCallerTID
OleLoadFromStream
StgGetIFillLockBytesOnFile
WriteClassStg
WriteFmtUserTypeStg
CoInitializeEx
CoCopyProxy
CoResumeClassObjects
CoAddRefServerProcess

user32

GetTabbedTextExtentW
GetMenuItemInfoW
InsertMenuW
GetClipboardSequenceNumber
GetKBCodePage
ReleaseDC
GetThreadDesktop
OpenInputDesktop
DdeSetQualityOfService
DdeAccessData
SystemParametersInfoW
IsCharAlphaA
GetAltTabInfo
SetMenuDefaultItem
MenuItemFromPoint
CreateWindowStationA
SwapMouseButton
CallMsgFilter
TranslateAccelerator
BroadcastSystemMessageW
GetKeyboardType
GetMessageExtraInfo
DrawAnimatedRects
SendNotifyMessageA
MonitorFromPoint
CallWindowProcA
EnumDisplaySettingsExW
DdeQueryNextServer
FillRect
FlashWindowEx
IsClipboardFormatAvailable
DispatchMessageA
SetMenuItemInfoA
VkKeyScanExA
DefDlgProcW
SetParent
DlgDirSelectComboBoxExW
GetMonitorInfoA
IsWindowVisible
GetDC
SetClassLongA
InternalGetWindowText
CharToOemW
EndTask
GetMenuDefaultItem
AppendMenuW
GetMessagePos
GetMenuItemID
CallNextHookEx
SetWindowsHookExW
GrayStringA
DdeFreeDataHandle
IsChild
TileWindows
DeferWindowPos
SetDebugErrorLevel
MapVirtualKeyW
TrackPopupMenu
IsCharUpperA
ValidateRect
GetMessageW
DestroyCursor
DdeClientTransaction
SetClassWord
RemovePropW
OemToCharA
GetUpdateRgn
OemKeyScan
DrawFocusRect
DdeFreeStringHandle
GetScrollRange
GetGuiResources
DdeQueryStringW
GetWindowLongW
CheckMenuItem
InSendMessageEx
DdePostAdvise
DlgDirListA
SetWindowsHookExA
CallMsgFilterA
GetKeyNameTextW
DestroyMenu
LockWindowUpdate
BroadcastSystemMessageA
GetCursor
GetWindowRgn
ShowCursor
DrawMenuBar
SetDlgItemTextA
MessageBoxA
GetCaretPos
RealGetWindowClass
GetWindowPlacement
CharNextA
IsCharAlphaNumericW
GetClientRect
ClipCursor
EndDialog
ShowWindow
GetScrollInfo
InflateRect
GetUserObjectSecurity
DlgDirListComboBoxW
BlockInput
SetPropW
GetAsyncKeyState
EnumDesktopWindows
SetActiveWindow
MessageBoxIndirectW
DdeDisconnectList
EndPaint

advapi32

SetPrivateObjectSecurity
CryptEnumProvidersA
PrivilegedServiceAuditAlarmW
StartServiceCtrlDispatcherW
ObjectPrivilegeAuditAlarmA
GetTrusteeTypeA
QueryServiceConfigA
RegRestoreKeyA
EnumServicesStatusW
GetSecurityDescriptorGroup
RegDeleteKeyW
GetOverlappedAccessResults
SetNamedSecurityInfoExA
CryptVerifySignatureA
RegCreateKeyExA
RegConnectRegistryA
InitializeAcl
CryptDeriveKey
RegSetKeySecurity
GetUserNameW
LookupAccountNameW
EnumDependentServicesA
GetAclInformation
CryptSignHashW
CryptSetKeyParam
RegQueryValueA
LookupPrivilegeDisplayNameA
TrusteeAccessToObjectA
ConvertSecurityDescriptorToAccessNamedA
BackupEventLogW
BuildSecurityDescriptorW
CryptVerifySignatureW
DeleteService
RegQueryValueExA
AbortSystemShutdownW
SetSecurityInfo
RegUnLoadKeyW
CryptGetKeyParam
FindFirstFreeAce
RegEnumValueW
ObjectOpenAuditAlarmW
QueryServiceLockStatusW
SetNamedSecurityInfoExW
DeregisterEventSource
GetMultipleTrusteeW
GetTrusteeNameW
GetAuditedPermissionsFromAclW
RegSetValueExA
GetSecurityDescriptorDacl
PrivilegedServiceAuditAlarmA
LookupSecurityDescriptorPartsA
AdjustTokenPrivileges
SetEntriesInAclA
SetSecurityInfoExA
RegLoadKeyA
RegQueryValueW
ReportEventW
ConvertAccessToSecurityDescriptorA
AddAccessDeniedAce
RegGetKeySecurity
ObjectDeleteAuditAlarmW
LookupPrivilegeValueA
CryptHashSessionKey
GetEffectiveRightsFromAclW
GetEffectiveRightsFromAclA
CryptDuplicateKey
CreatePrivateObjectSecurity
AllocateLocallyUniqueId
CryptSignHashA
ImpersonateLoggedOnUser
BuildTrusteeWithNameW
OpenSCManagerA
RegQueryInfoKeyW
RegisterEventSourceA
RegQueryInfoKeyA
IsTextUnicode
FreeSid
ImpersonateSelf
RegCreateKeyA
CryptEnumProviderTypesW
AccessCheckAndAuditAlarmW
IsValidAcl
GetServiceDisplayNameW
OpenEventLogA
CloseServiceHandle
SetSecurityInfoExW
GetServiceKeyNameA
ChangeServiceConfigW
BuildImpersonateExplicitAccessWithNameW
EqualSid
RegLoadKeyW
UnlockServiceDatabase
ConvertSecurityDescriptorToAccessNamedW
BuildImpersonateTrusteeA
GetMultipleTrusteeOperationW
RegRestoreKeyW
SetEntriesInAccessListW
GetUserNameA
CryptGetDefaultProviderW
InitiateSystemShutdownW
CryptEnumProvidersW
SetServiceObjectSecurity
AdjustTokenGroups
SetEntriesInAccessListA
CryptContextAddRef
ControlService
IsValidSecurityDescriptor
GetSecurityDescriptorLength
ConvertSecurityDescriptorToAccessA

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a1cb2ae830b86fba7d599e7625fff089

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

ole32

user32

advapi32

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 8KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 8KB