27e892ad8d10766a3cc30df83020d03f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27e892ad8d10766a3cc30df83020d03f_JaffaCakes118
Size

82KB
MD5

27e892ad8d10766a3cc30df83020d03f
SHA1

6a98532824242fb83d9d193f2bfa70f66f79b4a0
SHA256

806f22c86708f21ea66090348c6095ccb2d1706fd8daf4562946b4c8d5cf5536
SHA512

63cd644a060074b30ae97f23edea87c1a5b76969424f312961fc16269829a47ab0b218b42ce26678f2f238d4e652bf3d3837a1eadb360a9716d8c0a493af60a7
SSDEEP

1536:VHVEOcl6sSCiIWIm+nqhbTcnWKTirq18Wpv0sbIN4RQdeU+T6sD379Sf79SLnT2I:VHVENJSCiIWltEWKTN1840sIA4dMHjE+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27e892ad8d10766a3cc30df83020d03f_JaffaCakes118

Files

27e892ad8d10766a3cc30df83020d03f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6dac707726d8165af4c66562e258821a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptDestroyHash
SetNamedSecurityInfoExA
QueryServiceLockStatusA
BackupEventLogA
RegLoadKeyA
GetPrivateObjectSecurity
LogonUserA
RegCreateKeyA
GetTokenInformation
ImpersonateNamedPipeClient
CreateServiceW
CloseServiceHandle
OpenEventLogW
LookupPrivilegeNameA
IsValidSid
RegReplaceKeyA
CryptSetProviderW
RegDeleteValueA
OpenServiceA
CryptGenKey
GetMultipleTrusteeW
QueryServiceLockStatusW
SetFileSecurityA
RegSetValueExA
GetSidLengthRequired
GetTrusteeTypeA
CreateServiceA
NotifyBootConfigStatus
SetThreadToken
LookupPrivilegeDisplayNameA
GetSecurityInfo
GetNamedSecurityInfoW
RegFlushKey
RegQueryMultipleValuesW
RegQueryValueA
GetCurrentHwProfileA
SetPrivateObjectSecurity
QueryServiceConfigW
UnlockServiceDatabase
CryptHashData
LookupPrivilegeDisplayNameW
GetAce
InitializeAcl
GetSidSubAuthorityCount
ChangeServiceConfigA
IsValidAcl
RegSetValueW
OpenSCManagerA
ObjectPrivilegeAuditAlarmA
RegGetKeySecurity
CryptSetProviderA
InitializeSecurityDescriptor
InitiateSystemShutdownW
ReadEventLogW
RegUnLoadKeyA
PrivilegeCheck
LookupAccountNameA
ObjectOpenAuditAlarmW
RegQueryMultipleValuesA
ImpersonateSelf
CryptEncrypt
CryptEnumProviderTypesA
SetEntriesInAuditListA
CryptVerifySignatureA
LookupAccountNameW
RegOpenKeyExA
RegSetValueExW
BuildTrusteeWithSidW
SetAclInformation
GetOverlappedAccessResults
GetTrusteeNameW
RegCreateKeyExW
GetAuditedPermissionsFromAclW
EqualPrefixSid
GetFileSecurityA
RegReplaceKeyW
CryptAcquireContextA
ReadEventLogA
GetSecurityInfoExW
QueryServiceStatus
SetNamedSecurityInfoW
SetNamedSecurityInfoExW
RegSetKeySecurity
CryptImportKey
RevertToSelf
LookupAccountSidA
OpenThreadToken
RegSetValueA
DuplicateToken
RegDeleteKeyW
FreeSid
ConvertSecurityDescriptorToAccessNamedW
ConvertSecurityDescriptorToAccessW
CryptSignHashW
BuildSecurityDescriptorW
AllocateLocallyUniqueId
LogonUserW
GetAccessPermissionsForObjectA
CryptSetProvParam

shlwapi

PathFindNextComponentA
UrlApplySchemeA
wnsprintfA
SHSetThreadRef
PathAddExtensionW
AssocQueryStringW
UrlGetPartW
PathAddBackslashA
SHIsLowMemoryMachine
UrlIsOpaqueW
PathRemoveExtensionA
StrCatBuffA
PathIsNetworkPathW
PathStripToRootA
SHRegWriteUSValueW
IntlStrEqWorkerW
PathIsDirectoryA
PathCreateFromUrlA
StrCmpW
PathFindSuffixArrayW
PathRemoveExtensionW
PathUnquoteSpacesW
StrStrA
PathStripPathA
GetMenuPosFromID
SHRegQueryInfoUSKeyA
PathAppendA
SHEnumValueW
ColorRGBToHLS
SHRegCreateUSKeyA
ChrCmpIW
SHCreateStreamOnFileA
StrFormatKBSizeW
UrlCanonicalizeW
PathRenameExtensionW
wvnsprintfW
SHOpenRegStreamW
SHRegEnumUSKeyA
PathQuoteSpacesA
SHSetValueA
PathFileExistsA
PathFileExistsW
UrlCreateFromPathA
SHDeleteEmptyKeyA
AssocQueryStringByKeyW
AssocQueryKeyW
StrFormatByteSize64A
UrlCompareW
UrlIsNoHistoryA
StrCSpnIA
StrFormatByteSizeW
ChrCmpIA
StrToIntA
PathQuoteSpacesW
PathMatchSpecA
PathGetDriveNumberA
PathFindExtensionA
PathUnmakeSystemFolderW
StrIsIntlEqualA
SHAutoComplete
SHGetValueA
PathIsRootA
SHQueryValueExW
SHCopyKeyA
SHDeleteKeyA
UrlCombineW
PathSkipRootW
StrStrIA
SHEnumKeyExA
PathIsUNCA
PathMakePrettyA
SHCreateStreamOnFileW
PathRelativePathToW
PathGetCharTypeW
HashData
UrlUnescapeA
StrChrA
StrPBrkW
PathSearchAndQualifyA
SHCopyKeyW
UrlCompareA
SHGetInverseCMAP
PathIsPrefixW
PathIsRelativeW
PathCommonPrefixW
PathGetDriveNumberW
UrlGetLocationW
PathGetCharTypeA
SHRegDeleteEmptyUSKeyA
PathRenameExtensionA
SHRegEnumUSValueA
SHOpenRegStream2A
PathCompactPathExW
StrDupW
PathAddExtensionA
AssocQueryStringByKeyA
StrSpnA
PathIsPrefixA
PathRemoveBackslashW
SHRegGetBoolUSValueW
StrRStrIW
PathCanonicalizeA
StrDupA
PathIsFileSpecA
SHOpenRegStreamA
PathFindExtensionW
SHRegDuplicateHKey
PathRelativePathToA
StrNCatW
StrChrIW
StrRChrIW
StrRChrW
StrCmpNW
SHQueryInfoKeyW
StrCatBuffW
SHGetValueW
PathBuildRootA
SHRegDeleteUSValueA
SHRegCreateUSKeyW
StrCSpnIW
UrlApplySchemeW
PathIsURLW
StrRetToStrA

ole32

CoUnmarshalInterface
ProgIDFromCLSID
OleGetIconOfFile
CoCreateGuid
CoGetInstanceFromIStorage
CoMarshalInterThreadInterfaceInStream
OleSave
UtGetDvtd16Info
MonikerRelativePathTo
ReadClassStg
CoBuildVersion
RegisterDragDrop
OleCreate
MkParseDisplayName
OleCreateMenuDescriptor
CoMarshalInterface
WriteClassStg
CoMarshalHresult
WriteClassStm
PropVariantClear
CoGetCallerTID
StgOpenStorage
OleIsCurrentClipboard
PropVariantCopy
CoSwitchCallContext
CoCreateInstance
UtConvertDvtd32toDvtd16
OleMetafilePictFromIconAndLabel
OleCreateLinkEx
StgCreateStorageEx
CoUninitialize
CoDisconnectObject
OleDestroyMenuDescriptor
CreateObjrefMoniker
CoRegisterMessageFilter
CoGetMarshalSizeMax
CreateDataAdviseHolder
CreateGenericComposite
OleCreateStaticFromData
CoResumeClassObjects
GetConvertStg
OleGetClipboard
OleCreateLinkToFile
BindMoniker
StgOpenStorageEx
CoIsOle1Class
OleTranslateAccelerator
CoRevertToSelf
StgSetTimes
CoSetProxyBlanket
CreateILockBytesOnHGlobal
StringFromCLSID
CoTaskMemRealloc
OleUninitialize
OleInitialize
WriteOleStg
CoSuspendClassObjects
CoFreeAllLibraries
StgIsStorageILockBytes
CLSIDFromProgID
CoLoadLibrary
OleGetAutoConvert
OleSetClipboard
CoRegisterMallocSpy
OleBuildVersion
OleRegGetUserType
GetDocumentBitStg
EnableHookObject
OleCreateFromData
CoGetCallContext
CoRegisterPSClsid
CoCreateInstanceEx
CoImpersonateClient
CreateClassMoniker
CoFileTimeNow
CoInitializeSecurity
StgOpenAsyncDocfileOnIFillLockBytes
OleCreateLinkFromData
OleConvertOLESTREAMToIStorageEx
OleGetIconOfClass
CoQueryProxyBlanket
MonikerCommonPrefixWith
GetHGlobalFromStream
CoIsHandlerConnected
CoRegisterChannelHook
OleRegEnumVerbs
FreePropVariantArray
CoUnmarshalHresult
UpdateDCOMSettings
StringFromIID
CoCreateFreeThreadedMarshaler
CreateBindCtx
OleCreateFromDataEx
CoGetInstanceFromFile
CoReleaseServerProcess
OleDuplicateData
CoRevokeMallocSpy
WriteStringStream
GetHookInterface

user32

ChangeMenuW
FindWindowExA
IsCharAlphaA
SetWindowWord
SetScrollRange
GetNextDlgGroupItem
LockWindowUpdate
MessageBoxW
SetScrollPos
GetCapture
KillTimer
CharToOemW
InsertMenuW
ToAsciiEx
IsWindowEnabled
LoadStringW
ChildWindowFromPointEx
DdeKeepStringHandle
CopyIcon
PtInRect
GetComboBoxInfo
LoadMenuA
RegisterDeviceNotificationW
GetKeyNameTextW
FreeDDElParam
GetSubMenu
GetSysColor
DlgDirSelectExW
InvalidateRect
EnumPropsA
UnloadKeyboardLayout
UnregisterClassA
CreateMDIWindowW
DdeCreateStringHandleA
DdeCmpStringHandles
BroadcastSystemMessage
CharLowerBuffA
GetDlgCtrlID
ChangeDisplaySettingsExA
GetForegroundWindow
LoadKeyboardLayoutW
DestroyWindow
GetUpdateRgn
SetWindowsHookW
SetKeyboardState
GetUserObjectInformationA
GetDesktopWindow
DragObject
CharLowerW
GetGUIThreadInfo
SetMessageQueue
IsCharUpperW
FindWindowExW
SetClassWord
DrawStateW
LoadMenuIndirectA
GetClientRect
InsertMenuA
ExitWindowsEx
RegisterDeviceNotificationA
ArrangeIconicWindows
ChangeDisplaySettingsA
CreateWindowStationA
ChildWindowFromPoint
DragDetect
DrawAnimatedRects
WaitForInputIdle
EndTask
GetWindowTextLengthW
CreateDialogParamA
ToUnicodeEx
TileWindows
SetSystemCursor
GetKeyNameTextA
AnimateWindow
CharToOemBuffW
IsIconic
DdeSetUserHandle
GetMessageA
RedrawWindow
GetWindowInfo
DdeAddData
FlashWindow
RegisterClassA
WindowFromDC
GetDC
GetClassLongW
GetWindowThreadProcessId
GetCursor
DdeReconnect
EnumDisplayDevicesA
GrayStringA
GetThreadDesktop
FillRect
SetMenuItemInfoW
ModifyMenuW
ReuseDDElParam
SwitchToThisWindow
CloseDesktop
SwitchDesktop
EditWndProc
CascadeWindows
RealChildWindowFromPoint
CloseWindow
GetClassWord
IsZoomed
CreateCaret
PaintDesktop
OemToCharW
SendDlgItemMessageA
GetClipboardData
GetWindowTextA
LoadMenuIndirectW
GetWindowRgn
MapWindowPoints
GetMenuItemRect
IsDialogMessageW
WindowFromPoint
TabbedTextOutW
SystemParametersInfoW
CallNextHookEx
CharPrevExA
MsgWaitForMultipleObjectsEx
LoadIconW
SetWindowTextA
ChangeMenuA
CreateIconFromResourceEx
RegisterClassExW
SetDlgItemTextW
MessageBoxA
TabbedTextOutA
SetMenu
CharPrevW
DefDlgProcA
CallWindowProcW
DestroyMenu
GetScrollPos
CreateWindowExA

kernel32

SetLocaleInfoW
GetPrivateProfileStringW
SetCommState
SuspendThread
ReadConsoleOutputAttribute
GetProcessVersion
EnumTimeFormatsW
SetCommMask
UnlockFileEx
LocalFree
IsBadWritePtr
VirtualProtectEx
SetMailslotInfo
EnumResourceTypesW
WriteFileGather
GetExitCodeProcess
GetTimeFormatW
CancelIo
SetFileAttributesA
LocalLock
CreateSemaphoreA
FlushConsoleInputBuffer
WriteConsoleOutputCharacterW
GetCurrentThreadId
IsValidLocale
LoadModule
SetVolumeLabelW
SetConsoleCtrlHandler
EraseTape
GetHandleInformation
GetTickCount
GetProfileIntW
QueryDosDeviceW
SetEnvironmentVariableA
VirtualAlloc
ReadConsoleOutputW
GetDevicePowerState
CreateMailslotW
OpenMutexW
lstrcpynA
GetStringTypeExW
VirtualQuery
DeviceIoControl
GetEnvironmentVariableA
IsDebuggerPresent
GetFileType
EnumSystemLocalesW
EnumResourceLanguagesA
WritePrivateProfileSectionA
WriteProfileSectionA
GetLargestConsoleWindowSize
DeleteFiber
ExpandEnvironmentStringsW
lstrlenA
CreateIoCompletionPort
GetProcessWorkingSetSize
CreateProcessA
CreateDirectoryW
CreateFileA
GetPrivateProfileIntW
GlobalDeleteAtom
DebugBreak
GetLastError
TerminateProcess
TerminateThread
GlobalReAlloc
ReadFileScatter
GetProcessHeap
AreFileApisANSI
RemoveDirectoryA
IsBadCodePtr
LockFile
CreateNamedPipeA
GetPriorityClass
AllocConsole
EnumCalendarInfoExW
FindAtomA
DebugActiveProcess
VirtualAllocEx
SetConsoleCursorPosition
IsBadStringPtrW
Toolhelp32ReadProcessMemory
WritePrivateProfileStringW
OpenFileMappingA
CreateRemoteThread
LocalSize
FindFirstFileExW
GetACP
GetCommTimeouts
EnumResourceLanguagesW
WritePrivateProfileStructA
GetFullPathNameW
TlsSetValue
FillConsoleOutputCharacterA
EnumDateFormatsExW
FindResourceW
TlsGetValue
GlobalFindAtomA
VirtualProtect
RequestWakeupLatency
MultiByteToWideChar
SizeofResource
SetThreadPriority
WaitNamedPipeW
GenerateConsoleCtrlEvent
GetThreadTimes
SetProcessAffinityMask
SetProcessWorkingSetSize
GetLocaleInfoW
LocalFlags
FileTimeToDosDateTime
GlobalAddAtomW
SystemTimeToFileTime
GetVolumeInformationA
ExpandEnvironmentStringsA
FreeConsole
GetPrivateProfileIntA
GlobalGetAtomNameA
IsDBCSLeadByteEx
MulDiv
SetNamedPipeHandleState
ScrollConsoleScreenBufferW
ResumeThread
WriteConsoleOutputA
GetNumberOfConsoleMouseButtons
ReadConsoleInputA
EnumDateFormatsW
SetConsoleTitleA
GetWindowsDirectoryW
SetFilePointer
LocalUnlock
EndUpdateResourceA
CopyFileA
GetSystemDirectoryW
SetConsoleMode
FormatMessageA

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 297B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6dac707726d8165af4c66562e258821a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

ole32

user32

kernel32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 297B

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 297B