25436a47d502dfca1b8c14241dc681a5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25436a47d502dfca1b8c14241dc681a5_JaffaCakes118
Size

58KB
MD5

25436a47d502dfca1b8c14241dc681a5
SHA1

dda56102fed69d82e533917e739b550ad2031b77
SHA256

ce67cbac32debbb58816c8a33b9d9c130e482ff22840a43a00f4e878a76b03b9
SHA512

0e173ed0ff804563e610f546db91a5f87f31e18ae5c237e61d7ffadd99a2a1d1ae036325da951766a2596909d92e648fc007e02024abd05ec33016cdd1036713
SSDEEP

1536:RSEaa9L6AEvTMx03e7Ew47HShPMIbN1ee0dy:RRaa9L6AEQx+eww4gPM8is

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25436a47d502dfca1b8c14241dc681a5_JaffaCakes118

Files

25436a47d502dfca1b8c14241dc681a5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

74c2451e8bb494ba5cbc4e2ca9b435fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
WSAGetLastError
accept
WSACleanup
connect
socket
recv

oleaut32

GetErrorInfo
RegisterTypeLib
SafeArrayCreate
SafeArrayUnaccessData
SysFreeString
VariantCopy
VariantChangeTypeEx
SysReAllocStringLen
SafeArrayPtrOfIndex
VariantClear
SafeArrayGetElement
SysStringLen
LoadTypeLib
SetErrorInfo
VariantInit
OleLoadPicture
VariantChangeType
CreateErrorInfo
GetActiveObject
VariantCopyInd
SafeArrayPutElement
SafeArrayAccessData
SafeArrayGetLBound
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen

version

VerQueryValueW
GetFileVersionInfoSizeA

oleacc

CreateStdAccessibleProxyA
AccessibleObjectFromPoint
CreateStdAccessibleObject
DllCanUnloadNow
GetStateTextA
AccessibleChildren
CreateStdAccessibleProxyW
GetStateTextW
AccessibleObjectFromWindow
GetOleaccVersionInfo
AccessibleObjectFromEvent
IID_IAccessibleHandler
WindowFromAccessibleObject
LIBID_Accessibility
DllUnregisterServer
GetRoleTextA
DllGetClassObject
GetRoleTextW
IID_IAccessible
LresultFromObject
ObjectFromLresult

user32

GetClientRect
LoadStringW
MessageBoxA
EnableWindow
GetDlgItem
TranslateMessage
ReleaseDC
ShowWindow
EndDialog
GetSystemMetrics
GetDC
GetWindowRect

gdi32

CreateCompatibleDC
GetSystemPaletteEntries
RealizePalette
SelectPalette
CreatePalette
CreatePen
RestoreDC
SelectClipRgn
LineTo
GetTextExtentPointA
CreateFontIndirectA
GetDeviceCaps
DeleteObject
SelectObject
CreateDIBitmap
MoveToEx
GetObjectA
CreateSolidBrush
ExtTextOutA
UnrealizeObject
BitBlt
GetTextMetricsA
GetStockObject
SetTextColor
CreateRectRgn
SaveDC

olecli32

OleEqual
OleSetBounds
OleQueryCreateFromClip
OleCopyFromLink
OleLoadFromStream
OleCopyToClipboard
OleSetTargetDevice
OleSetHostNames
OleDelete
OleCreateFromClip
OleClone
OleCreateLinkFromClip
OleSaveToStream
OleQueryLinkFromClip
OleQueryType

rpcrt4

DllGetClassObject
CreateStubFromTypeInfo
NDRSContextMarshallEx
NDRSContextMarshall
NDRcopy
NDRCContextBinding
DceErrorInqTextW
MesInqProcEncodingId
MesDecodeIncrementalHandleCreate
NdrByteCountPointerUnmarshall
NdrAllocate
CStdStubBuffer_CountRefs
MesIncrementalHandleReset
NDRCContextMarshall
NdrClientInitialize
NdrAsyncClientCall
MesHandleFree

ole32

CoDeactivateObject
CLSIDFromProgIDEx
CLSIDFromOle1Class
CoCreateInstanceEx
OleGetClipboard
CoAddRefServerProcess
OleInitialize
CoDisableCallCancellation
CLSIDFromString
CLIPFORMAT_UserUnmarshal
CoCreateGuid
CoCreateInstance
CoAllowSetForegroundWindow
CoCreateFreeThreadedMarshaler
CoBuildVersion
CoCreateObjectInContext
WriteFmtUserTypeStg
CoCopyProxy
CLIPFORMAT_UserMarshal
CoCancelCall

kernel32

CreateMutexA
GetLocalTime
SetFileApisToANSI
QueryPerformanceCounter
ReadConsoleW
IsBadCodePtr
SetConsoleWindowInfo
CreateFileA
GetStringTypeW
GetFileSize
FileTimeToLocalFileTime
GetCPInfo
UnhandledExceptionFilter
GetStringTypeA
FindClose
MultiByteToWideChar
WriteConsoleA
LocalFileTimeToFileTime
HeapReAlloc
WriteConsoleInputW
GetConsoleTitleA
HeapFree
MoveFileA
CreateFileW
RtlUnwind
GlobalAlloc
SetLastError
CompareStringW
GlobalLock
IsBadWritePtr
ReadConsoleOutputA
SetConsoleOutputCP
LCMapStringW
SetConsoleCP
DefineDosDeviceA
GetLocaleInfoA
HeapSize
GetThreadPriority
Sleep
InterlockedDecrement
FlushFileBuffers
HeapCreate
GetDriveTypeA
ReadFile
WaitForSingleObject
GetTempPathA
TlsGetValue
FileTimeToSystemTime
SetFileAttributesA
GetCurrentThreadId
SetHandleCount
GetConsoleCP
FreeEnvironmentStringsW
ReadConsoleInputW
GetSystemTime
GetLargestConsoleWindowSize
SetErrorMode
IsDebuggerPresent
GetTickCount
GetCurrentThread
GetLastError
SystemTimeToFileTime
TlsAlloc
SetConsoleTitleA
GetFileType
GetProcessHeap
BackupWrite
TlsFree
GetFullPathNameA
FindFirstChangeNotificationA
SetCurrentDirectoryA
CompareFileTime
GetEnvironmentStringsW
VirtualQuery
RemoveDirectoryA
ReadConsoleInputA
SetEnvironmentVariableA
GetModuleHandleW
VirtualFree
IsBadReadPtr
SetFilePointer
GetStdHandle
TerminateProcess
FileTimeToDosDateTime
ExitThread
GetCurrentProcess
SetConsoleMode
SetConsoleActiveScreenBuffer
LoadLibraryExA
MapViewOfFile
FindNextFileA
DeviceIoControl
GetFileInformationByHandle
GetFileAttributesA
SetConsoleCursorPosition
GetStartupInfoA
LCMapStringA
SetConsoleCursorInfo
LoadLibraryA
GetCurrentProcessId
GetShortPathNameA
ReleaseMutex
lstrlenA
VirtualAlloc
GetVolumeInformationA
GetProcAddress
RaiseException
WriteProcessMemory
AllocConsole
GetConsoleScreenBufferInfo
SetEndOfFile
InterlockedIncrement
GlobalUnlock
DeleteCriticalSection
GetConsoleCursorInfo
GlobalMemoryStatus
lstrlenW
FindFirstFileA
GetTimeZoneInformation
GetEnvironmentVariableA
WriteConsoleOutputA
ExpandEnvironmentStringsA
GetConsoleOutputCP
FreeLibrary
ReadConsoleA
CreateFileMappingA
SearchPathA
WriteFile
CloseHandle
UnmapViewOfFile
GetCommandLineA
WriteConsoleOutputW
ExitProcess
SetUnhandledExceptionFilter
SetThreadPriority
HeapDestroy
ResumeThread
EnterCriticalSection
CopyFileA
GetComputerNameA
GetVersionExA
GetConsoleMode
IsValidCodePage
LeaveCriticalSection
WaitForMultipleObjects
CompareStringA
OpenProcess
GetOEMCP
CreateProcessA
lstrcmpiA
DeleteFileA
FlushConsoleInputBuffer
GetModuleFileNameA
ReadConsoleOutputW
InitializeCriticalSection
SetConsoleScreenBufferSize
VirtualProtect
GetCurrentDirectoryA
GetDiskFreeSpaceA
PeekConsoleInputA
SetStdHandle
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
WideCharToMultiByte
SetFileApisToOEM
GetCompressedFileSizeA
GetFileTime
MoveFileExA
TlsSetValue
CreateThread
FreeConsole
PeekConsoleInputW
FindCloseChangeNotification
SetFileTime
WriteConsoleInputA
SetConsoleTextAttribute
FreeEnvironmentStringsA
GlobalFree
HeapAlloc
GetACP
FormatMessageA
GetLogicalDrives
GetNumberFormatA
GetModuleHandleA
WriteConsoleW
GetEnvironmentStrings
QueryDosDeviceA
CreateDirectoryA

crypt32

CertAddCTLLinkToStore

shell32

SHStartNetConnectionDialogW
DAD_DragEnterEx
Shell_GetCachedImageIndex
SHCoCreateInstance
SHILCreateFromPath
DAD_DragLeave
PathResolve
PathQualify
IsLFNDrive
Shell_GetImageLists
IsNetDrive
DllInstall
SHChangeNotifyRegister
GetFileNameFromBrowse
DragFinish
SHDefExtractIconW
DllGetVersion
Shell_MergeMenus
PifMgr_OpenProperties
DllCanUnloadNow
PickIconDlg
DllGetClassObject
DragAcceptFiles
DriveType
RestartDialog
DllRegisterServer
DAD_DragMove

advapi32

RegCloseKey
GetTokenInformation
CloseServiceHandle
RegDeleteValueA
RegDeleteKeyW
FreeSid
RegSetValueExA
RegOpenKeyExW
RegEnumKeyExW
InitializeSecurityDescriptor
OpenThreadToken
RegCreateKeyExA
OpenProcessToken
RegDeleteKeyA
RegEnumValueW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExA
AllocateAndInitializeSid
RegOpenKeyExA

Sections

.text
Size: 1024B - Virtual size: 953B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

74c2451e8bb494ba5cbc4e2ca9b435fa

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

oleaut32

version

oleacc

user32

gdi32

olecli32

rpcrt4

ole32

kernel32

crypt32

shell32

advapi32

Sections

.text Size: 1024B - Virtual size: 953B

.rdata Size: 12KB - Virtual size: 11KB

.rsrc Size: 20KB - Virtual size: 19KB

.data Size: 22KB - Virtual size: 56KB

.text
Size: 1024B - Virtual size: 953B

.rdata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 20KB - Virtual size: 19KB

.data
Size: 22KB - Virtual size: 56KB