16c41a4dd3ed14eb5b7ffb6333eacf88_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16c41a4dd3ed14eb5b7ffb6333eacf88_JaffaCakes118
Size

87KB
MD5

16c41a4dd3ed14eb5b7ffb6333eacf88
SHA1

4ff74625030f0cfcb17c7f8c0e26e26117438423
SHA256

c7a5363aae417a584856eb617fd0a564bc2e65823ff5af7737c8c003123a5cab
SHA512

9e15ec1ef3a31a8188810a1781e20a743ede7deec3926fdd90c743c1b1699f8c149684123e8e00148c093f11f3009c1306c060b934135fbc26243257e1d0e835
SSDEEP

1536:Oa9+u+mXGzlMsJDfgB/V75m+N2WLTHMMQhCMRznlGUMpz3iz33tj6X7V9t:Oa9WUBN75mp8hQHBnUpz3iz3dmrV9t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16c41a4dd3ed14eb5b7ffb6333eacf88_JaffaCakes118

Files

16c41a4dd3ed14eb5b7ffb6333eacf88_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8d95635acf924bbad279176a1d239477

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoRegisterClassObject
OleMetafilePictFromIconAndLabel
PropVariantCopy
CoGetCallContext
CoLockObjectExternal
ReadStringStream
CoFileTimeToDosDateTime
CoTreatAsClass
CoRevertToSelf
OleRegGetUserType
CoRegisterPSClsid
OleDuplicateData
OleRegEnumFormatEtc
StgOpenStorage
OleSetAutoConvert
OleCreateEmbeddingHelper
CreateStreamOnHGlobal
FreePropVariantArray
OleUninitialize
CoGetCurrentProcess
CoResumeClassObjects
CoUnmarshalInterface
OleDestroyMenuDescriptor
ReadOleStg
OleCreateEx
CoAddRefServerProcess
CoMarshalInterface
CoCreateFreeThreadedMarshaler
OleLockRunning
OpenOrCreateStream
CoBuildVersion
CoIsHandlerConnected
CreateOleAdviseHolder
StgOpenStorageOnILockBytes
CoTaskMemFree
CoQueryAuthenticationServices
OleCreate
GetConvertStg
OleGetClipboard
CoUninitialize
OleSaveToStream
RegisterDragDrop
ReleaseStgMedium
CreateObjrefMoniker
OleInitialize
CreateFileMoniker
OleCreateLinkFromDataEx
OleDraw
RevokeDragDrop
IIDFromString
CoGetCurrentLogicalThreadId
StringFromCLSID
WriteOleStg
MonikerRelativePathTo
StgGetIFillLockBytesOnILockBytes
CoReleaseMarshalData
CoIsOle1Class
CoRegisterSurrogate
CoSuspendClassObjects
CoGetPSClsid
CoTaskMemAlloc
OleNoteObjectVisible
CoMarshalHresult
CreateGenericComposite
OleLoad
UtConvertDvtd32toDvtd16
OleGetIconOfFile
OleGetIconOfClass
CoCreateInstance
CoSetProxyBlanket
OleRun
StringFromIID
CoRevokeMallocSpy
OleFlushClipboard
CoGetObject
CoQueryProxyBlanket
OleRegEnumVerbs
OleLoadFromStream
CoInitialize
WriteFmtUserTypeStg
OleIsCurrentClipboard
CoCreateGuid
OleGetAutoConvert
CoSwitchCallContext
OleConvertOLESTREAMToIStorage
CoRegisterMallocSpy
StgIsStorageFile
CLSIDFromString
CoGetClassObject
CoCopyProxy
OleRegGetMiscStatus
CoRegisterChannelHook
CoQueryReleaseObject
CreateClassMoniker
ReadClassStg
CoGetCallerTID
CoInitializeEx
DoDragDrop
SetDocumentBitStg
OleCreateMenuDescriptor

user32

ExitWindowsEx
ChangeMenuW
VkKeyScanExW
InsertMenuW
LoadCursorW
MessageBoxA
ClientToScreen
GetMenuContextHelpId
SetScrollPos
OemToCharBuffW
DestroyWindow
CreateWindowExA
SetCursorPos
GetClientRect
GetSysColorBrush
ValidateRect
SetSystemCursor
GetKBCodePage
PeekMessageA
GetSubMenu
LookupIconIdFromDirectoryEx
CharNextA
LoadStringA
CharLowerBuffA
SetCapture
GetScrollBarInfo
GetMenuCheckMarkDimensions
TranslateAcceleratorA
GetMenuItemID
CreateIconIndirect
MsgWaitForMultipleObjectsEx
SendNotifyMessageA
LoadCursorFromFileW
CreateWindowStationW
LoadMenuA
CharPrevW
CheckRadioButton
ExcludeUpdateRgn
IsCharUpperA
CharPrevA
SendIMEMessageExA
GetClipboardFormatNameA
SetScrollInfo
DdeGetData
EnumThreadWindows
BroadcastSystemMessageA
EndDialog
SwitchDesktop
SetClassLongW
LoadCursorA
CharNextExA
CloseWindowStation
SetWindowsHookExA
EnumChildWindows
CharLowerW
CallWindowProcW
CreateIconFromResource
GetSysColor
InvalidateRgn
GetPropW
ToUnicode
DdeCreateDataHandle
SetProcessWindowStation
DlgDirListW
DeferWindowPos
CharPrevExA
DlgDirListComboBoxW
GetWindowTextW
CopyAcceleratorTableA
GetClassNameW
SendDlgItemMessageW
UnhookWinEvent
DdeUninitialize
DdeQueryConvInfo
CharUpperBuffA
SetRectEmpty
CreateIcon
KillTimer
ScreenToClient
LoadIconA
CreateWindowExW
AdjustWindowRectEx
MessageBoxW
UpdateWindow
GetWindowModuleFileNameW
GetKeyboardLayout
InvalidateRect
EndTask
IsDialogMessageA
DdeDisconnectList
GetWindowContextHelpId
GetSystemMenu
FrameRect
InSendMessage
OpenIcon
EnableScrollBar
ChangeMenuA
DdeUnaccessData
MoveWindow
ModifyMenuW
GetMenuItemRect
GetAltTabInfo
GetClipboardFormatNameW
LoadCursorFromFileA
IntersectRect
GetCaretPos
CreateDialogParamW
GetMessageTime
GetProcessWindowStation
VkKeyScanW
PeekMessageW
GetWindowDC
IsWindowEnabled
SendMessageTimeoutW
GetMenuItemCount
ChangeDisplaySettingsA
OpenWindowStationA
CharNextW
RegisterClassW
IsDialogMessageW
TileChildWindows
SetMenu
GetNextDlgGroupItem
IsWindowVisible
SubtractRect
DrawMenuBar
EmptyClipboard
CreateWindowStationA
ToAscii
TranslateMessage
CharToOemBuffW
GetThreadDesktop
SendNotifyMessageW
IsIconic
LoadMenuIndirectA
GetCursor
RegisterHotKey

advapi32

GetTokenInformation
GetTrusteeNameW
OpenServiceA
BuildTrusteeWithNameA
RegOpenKeyA
LookupPrivilegeNameA
GetServiceDisplayNameW
IsValidSecurityDescriptor
CryptGetUserKey
InitializeAcl
CryptGetProvParam
QueryServiceLockStatusA
GetServiceKeyNameW
AddAce
CryptSetProviderA
BuildSecurityDescriptorA
AreAllAccessesGranted
NotifyChangeEventLog
MakeSelfRelativeSD
RegConnectRegistryA
CryptReleaseContext
GetAce
OpenBackupEventLogW
UnlockServiceDatabase
RegQueryValueExW
OpenEventLogW
BuildImpersonateExplicitAccessWithNameA
SetNamedSecurityInfoExA
DeleteService
AddAuditAccessAce
ReportEventW
QueryServiceObjectSecurity
CryptAcquireContextA
GetSidIdentifierAuthority
IsValidAcl
ReadEventLogA
GetExplicitEntriesFromAclA
CreateProcessAsUserW
RegNotifyChangeKeyValue
DeregisterEventSource
AccessCheck
LookupPrivilegeDisplayNameA
MakeAbsoluteSD
RegGetKeySecurity
RegSetValueExA
SetServiceStatus
CryptCreateHash
RegQueryValueExA
CryptDuplicateHash
AddAccessAllowedAce
GetSecurityDescriptorGroup
CryptGetDefaultProviderA
ClearEventLogW
InitializeSecurityDescriptor
RegSaveKeyA
ReadEventLogW
CryptEnumProvidersA
CryptHashData
RegisterEventSourceA
GetEffectiveRightsFromAclW
SetEntriesInAuditListW
LogonUserA
MapGenericMask
LockServiceDatabase
GetAuditedPermissionsFromAclW
FreeSid
CryptEncrypt
CryptAcquireContextW
LookupAccountSidW
GetFileSecurityW
ChangeServiceConfigW
RegReplaceKeyW
GetNamedSecurityInfoExW
CryptEnumProvidersW
RegLoadKeyA
CryptSetProviderExA
BuildImpersonateTrusteeA
QueryServiceLockStatusW
GetSecurityDescriptorControl
GetSidSubAuthorityCount
SetKernelObjectSecurity
BackupEventLogA
LookupAccountNameA
RegUnLoadKeyA
RegOpenKeyExW
RegDeleteValueA
FindFirstFreeAce
BackupEventLogW
ObjectPrivilegeAuditAlarmW
GetPrivateObjectSecurity
CryptSetHashParam
AdjustTokenPrivileges
RegEnumValueW
GetExplicitEntriesFromAclW
SetFileSecurityA
RegSetKeySecurity
GetSecurityDescriptorDacl
LookupPrivilegeDisplayNameW
GetAuditedPermissionsFromAclA
RegEnumKeyW
LookupPrivilegeValueW
GetAccessPermissionsForObjectW
CryptEnumProviderTypesW
AllocateAndInitializeSid
PrivilegedServiceAuditAlarmW
EnumDependentServicesA
BuildTrusteeWithNameW
CryptSetKeyParam
RegEnumKeyExA
SetSecurityInfoExA
RegOpenKeyExA
RegDeleteValueW
GetMultipleTrusteeOperationW
BuildImpersonateTrusteeW
DuplicateToken
GetServiceDisplayNameA
QueryServiceConfigA
SetSecurityInfoExW
SetEntriesInAclA
CryptHashSessionKey
AbortSystemShutdownA
CreateServiceW
StartServiceCtrlDispatcherA
RegSetValueExW
BuildImpersonateExplicitAccessWithNameW
GetEffectiveRightsFromAclA
CreateServiceA
CloseEventLog
GetSecurityInfoExA
CancelOverlappedAccess
RegUnLoadKeyW
QueryServiceStatus
QueryServiceConfigW
OpenBackupEventLogA

shlwapi

UrlIsA
StrToIntExW
GetMenuPosFromID
PathAddBackslashW
UrlGetPartW
PathAddExtensionW
PathRemoveArgsA
ColorAdjustLuma
PathIsURLW
SHRegEnumUSKeyA
StrRChrA
SHRegDeleteEmptyUSKeyW
wvnsprintfA
UrlCompareA
SHSetValueA
PathUnquoteSpacesA
HashData
StrFromTimeIntervalW
PathIsRelativeW
PathFileExistsA
UrlUnescapeA
PathCanonicalizeW
PathIsSystemFolderA
StrToIntW
StrCmpNIW
SHRegQueryUSValueW
PathRemoveExtensionA
SHGetValueW
StrDupA
PathSetDlgItemPathW
SHEnumKeyExW
PathIsUNCServerShareW
PathRelativePathToA
PathRemoveArgsW
SHDeleteEmptyKeyW
PathCompactPathExA
StrCSpnIW
PathUndecorateW
PathFindSuffixArrayW
PathSearchAndQualifyA
PathGetDriveNumberA
StrRChrIW
PathGetCharTypeW
PathGetDriveNumberW
StrNCatW
PathFindNextComponentW
PathGetArgsA
StrToIntExA
SHCreateStreamOnFileA
UrlGetLocationW
SHIsLowMemoryMachine
SHRegDeleteUSValueW
UrlApplySchemeA
PathStripPathA
PathMakeSystemFolderW
SHQueryValueExW
SHRegWriteUSValueA
PathMakePrettyW
UrlCreateFromPathW
SHRegOpenUSKeyW
PathSkipRootA
StrFormatByteSizeW
PathIsSameRootW
SHDeleteValueA
UrlGetPartA
PathIsRelativeA
PathStripToRootW
PathCompactPathA
AssocQueryStringA
StrIsIntlEqualW
PathCompactPathExW
PathIsUNCA
StrSpnA
ChrCmpIW
StrChrW
StrCSpnA
PathMakeSystemFolderA
StrRetToStrA
SHOpenRegStream2W
StrCatW
StrPBrkW
PathStripPathW
SHDeleteKeyW
SHRegEnumUSValueW
SHRegGetBoolUSValueW
PathIsFileSpecA
StrToIntA
SHRegGetUSValueW
PathSetDlgItemPathA
PathSearchAndQualifyW
StrStrIW
StrCmpIW
SHStrDupW
StrNCatA
PathIsUNCServerA
SHRegQueryInfoUSKeyW
SHRegQueryUSValueA
StrSpnW
PathBuildRootA
PathRemoveBlanksW
SHSetThreadRef
StrCmpNA
UrlEscapeW
PathRemoveFileSpecW
SHDeleteEmptyKeyA
StrCpyNW
SHOpenRegStreamW
SHSkipJunction
PathQuoteSpacesA
PathParseIconLocationA
StrRChrW
PathFindExtensionA
PathFindOnPathW

kernel32

ContinueDebugEvent
SetFileAttributesA
MapViewOfFile
CreateFileMappingW
LocalShrink
SetSystemPowerState
VirtualAlloc
GetCompressedFileSizeA
QueryPerformanceFrequency
GetSystemDefaultLCID
GetTickCount
SetConsoleCtrlHandler
QueryDosDeviceA
GetCommModemStatus
GetLogicalDriveStringsW
EnumDateFormatsA
GetPrivateProfileIntW
GetModuleFileNameW
SetStdHandle
SetHandleInformation
GetLogicalDrives
WaitForMultipleObjects
MulDiv
Process32Next
GetShortPathNameW
CreateFileW
BackupWrite
GetBinaryTypeW
MoveFileA
GlobalFix
IsBadReadPtr
ClearCommBreak
WriteProfileSectionW
FindAtomW
WaitCommEvent
SetFileApisToOEM
GlobalCompact
GetDevicePowerState
BuildCommDCBAndTimeoutsA
EnumResourceTypesA
GetCommState
SetCommBreak
FindResourceExW
GetFullPathNameW
GetProfileIntA
CreateMailslotW
DeleteFileW
SetLocaleInfoA
GlobalAlloc
GetLastError
FreeConsole
HeapCreate
GetProcessWorkingSetSize
FreeLibraryAndExitThread
GetPrivateProfileStringW
LocalFileTimeToFileTime
GetPrivateProfileStructA
GetFileAttributesExW
Thread32Next
GetSystemTimeAdjustment
GetProcessTimes
ReadFile
GetCurrentThreadId
GlobalUnlock
FreeEnvironmentStringsW
UnlockFileEx
CreateSemaphoreA
WriteProcessMemory
FreeEnvironmentStringsA
CreateFileA
CreateEventW
SetTapePosition
TlsAlloc
EnumResourceTypesW
ResumeThread
WinExec
lstrcpynA
WritePrivateProfileStringW
UpdateResourceW
SetNamedPipeHandleState
VirtualProtect
CopyFileA
SetLocaleInfoW
GlobalLock
UnhandledExceptionFilter
CreateNamedPipeA
GlobalWire
GetCommandLineA
OpenWaitableTimerA
CopyFileExA
ReadDirectoryChangesW
GetNumberFormatW
SetConsoleCP
SetThreadPriority
GetMailslotInfo
LockFileEx
FindResourceA
SetEndOfFile
GetProcessAffinityMask
SetConsoleTitleW
GetLargestConsoleWindowSize
FillConsoleOutputCharacterW
VirtualUnlock
lstrcpy
SetFilePointer
CreateDirectoryExW
GetWindowsDirectoryW
RtlFillMemory
LocalSize
GetPriorityClass
VirtualQuery
CreateDirectoryW
GetSystemDirectoryW
WritePrivateProfileSectionW
GetSystemInfo
Module32Next
FindNextFileA
GetCurrentProcess
WritePrivateProfileStructW

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 303B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8d95635acf924bbad279176a1d239477

Headers

DLL Characteristics

File Characteristics

Imports

ole32

user32

advapi32

shlwapi

kernel32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 303B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 303B