2a1d9d928c7a1883092b6c50a6e996a9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2a1d9d928c7a1883092b6c50a6e996a9_JaffaCakes118
Size

365KB
MD5

2a1d9d928c7a1883092b6c50a6e996a9
SHA1

334f089d430612318b04c163f95a66e28367d13d
SHA256

b09a2ed7d6c201d0f8223c0de1f64b81d6eff183f0102544da9382ce4d1ee4dc
SHA512

158928a2aa8695dc951c10d48cbe51977993af10b52d86bb8c21ab5e8ef4bf14ac496046f7e231b32517ff688e2fccda412adb1a2851b0c4ace46f26ba735e5e
SSDEEP

6144:PFo+hcKMXZqP1E/yfYJUTKuno+w1ANPHYUGAP848TJiZV61wtlvHIrSxNtmS5ae:PFogcK7y/yfv+uo7yPHYUX848TJiP61A

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a.exe
unpack001/explorer.exe

Files

2a1d9d928c7a1883092b6c50a6e996a9_JaffaCakes118
.cab
a.exe
.exe windows:5 windows x86 arch:x86

2e80c00d68efcf6d11ca6cbbc73bd947

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
explorer.exe
.exe windows:5 windows x86 arch:x86

c3eb9567e9430e65e703dca7bb8343fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

explorer.pdb

Imports

advapi32

RegSetValueW
RegEnumKeyExW
GetUserNameW
RegNotifyChangeKeyValue
RegEnumValueW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyW
RegCloseKey
RegCreateKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueW

browseui

ord118
ord135
ord107
ord106

gdi32

GetStockObject
CreatePatternBrush
OffsetViewportOrgEx
GetLayout
CombineRgn
CreateDIBSection
GetTextExtentPoint32W
StretchBlt
CreateRectRgnIndirect
CreateRectRgn
GetClipRgn
IntersectClipRect
GetViewportOrgEx
SetViewportOrgEx
SelectClipRgn
PatBlt
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
OffsetWindowOrgEx
DeleteDC
SetBkColor
BitBlt
ExtTextOutW
GetTextExtentPointW
GetClipBox
GetObjectW
SetTextColor
SetBkMode
CreateFontIndirectW
DeleteObject
GetTextMetricsW
SelectObject
GetDeviceCaps
TranslateCharsetInfo
SetStretchBltMode

kernel32

GetSystemDirectoryW
CreateThread
CreateJobObjectW
ExitProcess
SetProcessShutdownParameters
ReleaseMutex
CreateMutexW
SetPriorityClass
GetCurrentProcess
GetStartupInfoW
GetCommandLineW
SetErrorMode
LeaveCriticalSection
EnterCriticalSection
ResetEvent
LoadLibraryExA
CompareFileTime
GetSystemTimeAsFileTime
SetThreadPriority
GetCurrentThreadId
GetThreadPriority
GetCurrentThread
GetUserDefaultLangID
Sleep
GetBinaryTypeW
GetModuleHandleExW
SystemTimeToFileTime
GetLocalTime
GetCurrentProcessId
GetEnvironmentVariableW
UnregisterWait
GlobalGetAtomNameW
GetFileAttributesW
MoveFileW
lstrcmpW
LoadLibraryExW
FindClose
FindNextFileW
FindFirstFileW
lstrcmpiA
SetEvent
AssignProcessToJobObject
GetDateFormatW
GetTimeFormatW
FlushInstructionCache
lstrcpynW
GetSystemWindowsDirectoryW
SetLastError
GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
HeapAlloc
GetUserDefaultLCID
ReadProcessMemory
OpenProcess
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualFree
VirtualAlloc
ResumeThread
TerminateProcess
TerminateThread
GetSystemDefaultLCID
GetLocaleInfoW
CreateEventW
GetLastError
OpenEventW
DelayLoadFailureHook
WaitForSingleObject
GetTickCount
ExpandEnvironmentStringsW
GetModuleFileNameW
GetPrivateProfileStringW
lstrcmpiW
CreateProcessW
FreeLibrary
GetWindowsDirectoryW
LocalAlloc
CreateFileW
DeviceIoControl
LocalFree
GetQueuedCompletionStatus
CreateIoCompletionPort
SetInformationJobObject
CloseHandle
LoadLibraryW
GetModuleHandleW
ActivateActCtx
DeactivateActCtx
GetFileAttributesExW
GetProcAddress
DeleteCriticalSection
CreateEventA
HeapDestroy
InitializeCriticalSection
MulDiv
InitializeCriticalSectionAndSpinCount
lstrlenW
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
InterlockedExchange
GetModuleHandleA
GetVersionExA
GlobalFree
GetProcessTimes
lstrcpyW
GetLongPathNameW
RegisterWaitForSingleObject

msvcrt

_itow
free
memmove
realloc
_except_handler3
malloc
_ftol
_vsnwprintf

ntdll

RtlNtStatusToDosError
NtQueryInformationProcess

ole32

CoFreeUnusedLibraries
RegisterDragDrop
CreateBindCtx
RevokeDragDrop
CoInitializeEx
CoUninitialize
OleInitialize
CoRevokeClassObject
CoRegisterClassObject
CoMarshalInterThreadInterfaceInStream
CoCreateInstance
OleUninitialize
DoDragDrop

oleaut32

SysAllocString
VariantClear

shdocvw

ord110
ord125
ord111

shell32

ord182
ord162
SHGetFolderPathW
ord67
ord72
ord90
ord181
ord727
ExtractIconExW
ord137
ord645
ord644
ord2
ord236
ord149
ord147
ord188
ord660
ord201
ord245
ord68
ord723
ord200
SHGetSpecialFolderLocation
ShellExecuteExW
ord100
ord85
ord653
SHGetSpecialFolderPathW
ord196
ord25
ord152
SHBindToParent
ord719
ord732
ord148
SHParseDisplayName
ord154
ord77
ord6
ord193
ord747
ord71
ord17
ord23
ord132
ord680
ord233
ord195
ord155
ord89
ord241
ord134
ord22
SHChangeNotify
SHGetDesktopFolder
SHAddToRecentDocs
ord127
ord21
ord102
DuplicateIcon
ord202
ord82
ord244
ord54
ord161
ord91
ord254
ord60
SHUpdateRecycleBinIcon
SHGetFolderLocation
SHGetPathFromIDListA
ord711
ord731
ord4
ord733
ord190
ord64
ord61
SHGetPathFromIDListW
ord753
ord16
ord18

shlwapi

StrCpyNW
ord215
ord217
ord476
ord157
StrRetToBufW
StrRetToStrW
ord176
ord154
ord439
ord156
SHQueryValueExW
PathIsNetworkPathW
ord513
AssocCreate
ord512
ord171
ord178
ord177
ord193
StrCatW
StrCpyW
ord225
ord413
ord219
ord175
ord164
ord172
SHGetValueW
ord437
StrCmpNIW
PathRemoveBlanksW
PathRemoveArgsW
PathFindFileNameW
StrStrIW
PathGetArgsW
ord563
StrToIntW
SHRegGetBoolUSValueW
SHRegWriteUSValueW
SHRegCloseUSKey
SHRegCreateUSKeyW
SHRegGetUSValueW
SHSetValueW
ord433
PathAppendW
PathUnquoteSpacesW
ord460
ord194
PathQuoteSpacesW
ord244
SHSetThreadRef
SHCreateThreadRef
ord241
ord236
ord279
PathCombineW
ord192
ord204
ord509
SHStrDupW
PathIsPrefixW
PathParseIconLocationW
AssocQueryKeyW
ord16
AssocQueryStringW
StrCmpW
ord174
ord548
ord165
ord240
ord163
ord479
ord9
ord8
SHRegQueryUSValueW
SHRegOpenUSKeyW
SHRegSetUSValueW
PathIsDirectoryW
PathFileExistsW
PathGetDriveNumberW
ord10
StrChrW
PathFindExtensionW
ord260
ord292
PathRemoveFileSpecW
PathStripToRootW
ord250
ord478
ord184
SHOpenRegStream2W
ord212
ord213
ord158
StrDupW
SHDeleteValueW
StrCatBuffW
SHDeleteKeyW
StrCmpIW
ord467
ord346
wnsprintfW
ord197
ord278
StrCmpNW
ord237
ord199

user32

TileWindows
GetDoubleClickTime
GetSystemMetrics
GetSysColorBrush
AllowSetForegroundWindow
LoadMenuW
GetSubMenu
RemoveMenu
SetParent
GetMessagePos
CheckDlgButton
EnableWindow
GetDlgItemInt
SetDlgItemInt
CopyIcon
AdjustWindowRectEx
DrawFocusRect
DrawEdge
ExitWindowsEx
WindowFromPoint
SetRect
AppendMenuW
LoadAcceleratorsW
LoadBitmapW
SendNotifyMessageW
SetWindowPlacement
CheckMenuItem
EndDialog
SendDlgItemMessageW
MessageBeep
GetActiveWindow
PostQuitMessage
MoveWindow
GetDlgItem
RemovePropW
GetClassNameW
GetDCEx
SetCursorPos
ChildWindowFromPoint
ChangeDisplaySettingsW
RegisterHotKey
UnregisterHotKey
SetCursor
SendMessageTimeoutW
GetWindowPlacement
LoadImageW
SetWindowRgn
IntersectRect
OffsetRect
EnumDisplayMonitors
RedrawWindow
SubtractRect
TranslateAcceleratorW
WaitMessage
InflateRect
CallWindowProcW
GetDlgCtrlID
SetCapture
LockSetForegroundWindow
SystemParametersInfoW
FindWindowW
CreatePopupMenu
GetMenuDefaultItem
DestroyMenu
GetShellWindow
EnumChildWindows
GetWindowLongW
SendMessageW
RegisterWindowMessageW
GetKeyState
CopyRect
MonitorFromRect
MonitorFromPoint
RegisterClassW
SetPropW
GetWindowLongA
SetWindowLongW
FillRect
GetCursorPos
MessageBoxW
LoadStringW
ReleaseDC
GetDC
EnumDisplaySettingsExW
EnumDisplayDevicesW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
PtInRect
BeginPaint
EndPaint
SetWindowTextW
GetAsyncKeyState
InvalidateRect
GetWindow
ShowWindowAsync
TrackPopupMenuEx
UpdateWindow
DestroyIcon
IsRectEmpty
SetActiveWindow
GetSysColor
DrawTextW
IsHungAppWindow
SetTimer
GetMenuItemID
TrackPopupMenu
EndTask
SendMessageCallbackW
GetClassLongW
LoadIconW
OpenInputDesktop
CloseDesktop
SetScrollPos
ShowWindow
BringWindowToTop
GetDesktopWindow
CascadeWindows
CharUpperBuffW
SwitchToThisWindow
InternalGetWindowText
GetScrollInfo
GetMenuItemCount
CreateWindowExW
DialogBoxParamW
MsgWaitForMultipleObjects
CharNextA
RegisterClipboardFormatW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
PrintWindow
SetClassLongW
GetPropW
GetNextDlgGroupItem
GetNextDlgTabItem
ChildWindowFromPointEx
IsChild
NotifyWinEvent
TrackMouseEvent
GetCapture
GetAncestor
CharUpperW
SetWindowLongA
DrawCaption
ModifyMenuW
InsertMenuW
IsWindowEnabled
GetMenuState
LoadCursorW
GetParent
IsDlgButtonChecked
DestroyWindow
EnumWindows
IsWindowVisible
GetClientRect
UnionRect
EqualRect
GetWindowThreadProcessId
GetForegroundWindow
KillTimer
GetClassInfoExW
DefWindowProcW
RegisterClassExW
GetIconInfo
SetScrollInfo
GetLastActivePopup
SetForegroundWindow
IsWindow
GetSystemMenu
IsIconic
IsZoomed
EnableMenuItem
SetMenuDefaultItem
MonitorFromWindow
GetMonitorInfoW
GetWindowInfo
GetFocus
SetFocus
MapWindowPoints
ScreenToClient
ClientToScreen
GetWindowRect
SetWindowPos
DeleteMenu
GetMenuItemInfoW
SetMenuItemInfoW
CharNextW

uxtheme

GetThemeBackgroundContentRect
GetThemeBool
GetThemePartSize
DrawThemeParentBackground
OpenThemeData
DrawThemeBackground
GetThemeTextExtent
DrawThemeText
CloseThemeData
SetWindowTheme
GetThemeBackgroundRegion
ord47
GetThemeMargins
GetThemeColor
GetThemeFont
GetThemeRect
IsAppThemed

Sections

.text
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 713KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e80c00d68efcf6d11ca6cbbc73bd947

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 436B

c3eb9567e9430e65e703dca7bb8343fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

browseui

gdi32

kernel32

msvcrt

ntdll

ole32

oleaut32

shdocvw

shell32

shlwapi

user32

uxtheme

Sections

.text Size: 275KB - Virtual size: 275KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 713KB - Virtual size: 712KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 436B

.text
Size: 275KB - Virtual size: 275KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 713KB - Virtual size: 712KB

.reloc
Size: 14KB - Virtual size: 13KB