2aa7d5798b448bcda11b72a0038dcef2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2aa7d5798b448bcda11b72a0038dcef2_JaffaCakes118
Size

188KB
MD5

2aa7d5798b448bcda11b72a0038dcef2
SHA1

f83e92090e39a75e3a3c66af7bbcad7b0d28a9ad
SHA256

1a3f614ffec5c5524d48ead98f5c9cfe9a94342116685baa6cfaee1b83fcbdfa
SHA512

c19c529fddf7c68f24ef0f66d55b3d913c73b1da18506591106e1c7e0e0db6614c1914a77095b52367d92084495952d7f96e848f058e27731ddb2286f733ec84
SSDEEP

3072:SlJdur89JvxTzWVLuLI5OZ8NtDCwqMkiP8e3wJMJ3PQS4LxM7ZCv7EtMiLoeKRv:STYrQhaMI5OZ8v5P8e3wS4FeO76oeKv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2aa7d5798b448bcda11b72a0038dcef2_JaffaCakes118

Files

2aa7d5798b448bcda11b72a0038dcef2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8c2cd63ee8247389013eef18673debba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoGetMalloc
CoGetInstanceFromIStorage
CoIsHandlerConnected
CoSwitchCallContext
ReadClassStg
OleUninitialize
CoTaskMemFree
OleDestroyMenuDescriptor
StgGetIFillLockBytesOnFile
OleSetMenuDescriptor
OleSetAutoConvert
CoCopyProxy
OleCreateFromData
IsEqualGUID
PropVariantClear
OleSetContainedObject
CoLockObjectExternal
OleDuplicateData
CoReleaseServerProcess
CoIsOle1Class
CoGetObject
CoCreateFreeThreadedMarshaler
CreateILockBytesOnHGlobal
OleCreate
CoSetProxyBlanket
CoFileTimeToDosDateTime
StgOpenStorageOnILockBytes
OleInitialize
RevokeDragDrop
ReleaseStgMedium
CoUninitialize
StringFromGUID2
ReadClassStm
GetRunningObjectTable
CoMarshalInterface
CoCreateGuid
CoQueryClientBlanket
CoResumeClassObjects
GetHGlobalFromILockBytes
CoGetInterfaceAndReleaseStream
OleBuildVersion
StgIsStorageFile
PropVariantCopy
CoDisconnectObject
CreatePointerMoniker
OleCreateStaticFromData
OleQueryLinkFromData
OleRun
OleCreateLinkFromData
BindMoniker
CoRegisterMessageFilter
CoGetMarshalSizeMax
DllDebugObjectRPCHook
CoRegisterMallocSpy
OleSaveToStream
CoRevokeClassObject
CoMarshalInterThreadInterfaceInStream
StgCreateDocfile
OleCreateFromFileEx
OleRegEnumVerbs
OleRegEnumFormatEtc
UpdateDCOMSettings
OleTranslateAccelerator
CoDosDateTimeToFileTime
CoCreateInstance
CoRegisterChannelHook
OpenOrCreateStream
CreateClassMoniker
StgOpenStorage
CreateObjrefMoniker
CoTreatAsClass
CoTaskMemRealloc
OleCreateLinkEx
OleCreateFromDataEx
CoFreeAllLibraries
IIDFromString
CoGetCurrentLogicalThreadId
OleNoteObjectVisible
WriteStringStream
MkParseDisplayName
EnableHookObject
UtConvertDvtd16toDvtd32
OleIsCurrentClipboard
OleLoadFromStream
CoGetStandardMarshal
StgGetIFillLockBytesOnILockBytes
GetHookInterface
CreateDataCache
OleRegGetUserType
CoQueryProxyBlanket
OleCreateLink
OleGetIconOfClass
CoGetPSClsid
GetClassFile
WriteClassStm
ProgIDFromCLSID
GetDocumentBitStg
CoRevokeMallocSpy
CreateBindCtx
CreateDataAdviseHolder
CoTaskMemAlloc
OleQueryCreateFromData
MonikerRelativePathTo
StgSetTimes
OleGetIconOfFile
CoGetCallContext
UtConvertDvtd32toDvtd16
CoRevertToSelf
CoGetCurrentProcess
OleGetAutoConvert

shlwapi

PathCanonicalizeW
PathRemoveBackslashA
UrlEscapeA
UrlIsOpaqueW
PathMakeSystemFolderW
UrlUnescapeA
PathCreateFromUrlW
HashData
StrCmpNIA
SHRegWriteUSValueW
PathFindSuffixArrayA
PathIsRelativeW
StrRChrIA
UrlCompareA
StrSpnA
PathIsDirectoryEmptyW
PathCombineA
StrPBrkA
PathIsDirectoryA
StrNCatW
PathIsLFNFileSpecW
PathUndecorateA
PathBuildRootW
SHCopyKeyA
StrTrimW
SHGetValueA
UrlHashW
SHCopyKeyW
SHRegEnumUSKeyA
StrCatBuffA
PathIsPrefixW
AssocQueryStringByKeyA
SHRegQueryInfoUSKeyA
StrFromTimeIntervalA
StrFormatByteSizeA
PathRelativePathToW
SHEnumKeyExA
StrToIntW
PathFindFileNameA
PathAddBackslashW
PathIsSystemFolderW
StrStrW
PathGetArgsW
PathFindOnPathW
PathGetDriveNumberW
PathCombineW
ChrCmpIW
SHRegGetUSValueA
SHDeleteEmptyKeyW
StrToIntExA
SHRegGetBoolUSValueW
StrChrW
PathIsSameRootW
PathAddBackslashA
PathIsURLA
StrRStrIW
PathIsFileSpecW
StrCmpNA
UrlUnescapeW
SHRegCreateUSKeyA
PathIsDirectoryEmptyA
PathRelativePathToA
PathCompactPathA
PathCommonPrefixW
StrToIntExW
StrRChrA
PathRemoveFileSpecA
SHEnumKeyExW
SHGetThreadRef
StrChrA
SHDeleteKeyA
PathIsContentTypeA
PathIsNetworkPathA
SHRegSetUSValueA
AssocQueryKeyA
PathIsUNCW
PathIsRootA
SHRegDeleteUSValueA
StrStrIW
StrRetToStrW
wnsprintfW
StrCSpnW
ChrCmpIA
PathSkipRootW
PathFindFileNameW
StrStrIA
wnsprintfA
UrlCanonicalizeA
PathCompactPathExA
PathParseIconLocationA
UrlIsOpaqueA
GetMenuPosFromID
IntlStrEqWorkerW
StrCSpnIW
SHAutoComplete
UrlHashA
AssocQueryStringA
StrFormatByteSize64A
PathRenameExtensionA
SHSetThreadRef
SHDeleteValueA
PathMakePrettyW
PathMatchSpecW
SHGetInverseCMAP
SHRegDeleteEmptyUSKeyA
PathCompactPathW
SHRegOpenUSKeyW
PathCompactPathExW
wvnsprintfW
PathCanonicalizeA
UrlGetPartA
SHCreateStreamOnFileA
PathIsLFNFileSpecA
StrRetToBufA
SHRegWriteUSValueA
PathBuildRootA
SHRegDeleteUSValueW
SHQueryValueExA

kernel32

LockResource
CreateEventW
EnumCalendarInfoExW
GetPrivateProfileIntW
GetPrivateProfileStringW
SetConsoleActiveScreenBuffer
UnhandledExceptionFilter
CreateRemoteThread
VirtualProtect
VerLanguageNameW
ReadProcessMemory
RequestWakeupLatency
CommConfigDialogW
GetWindowsDirectoryA
GlobalFree
GlobalMemoryStatus
lstrcat
lstrcpy
lstrlenA
GetProcessHeap
lstrlenW
FindFirstFileW
LocalReAlloc
IsValidCodePage
VirtualAlloc
Thread32First
WriteConsoleOutputCharacterW
lstrcmp
FindResourceW
WinExec
EnumCalendarInfoExA
IsDebuggerPresent
LoadLibraryExW
MoveFileExW
lstrlen
GetMailslotInfo
MultiByteToWideChar
FillConsoleOutputCharacterW
SearchPathA
GetFileSize
AddAtomW
ReadDirectoryChangesW
GetProcAddress
GetProfileIntW
GetPrivateProfileStructA
GetCommTimeouts
EnumCalendarInfoA
GetCurrentThread
ConvertThreadToFiber
LCMapStringA
CreateDirectoryExA
WriteFileEx
OutputDebugStringA
lstrcmpi
OpenSemaphoreW
EnumResourceLanguagesW
SetTimeZoneInformation
GetProfileStringW
VirtualAllocEx
OpenFileMappingW
IsBadWritePtr
lstrcpyW
GetTempFileNameW
TransactNamedPipe
GetCommandLineW
GlobalWire
lstrcmpiA
GetEnvironmentStrings
FindClose
CreateSemaphoreW
WriteTapemark
Thread32Next
GetACP
GlobalSize
GetTapePosition
GetModuleFileNameA
PeekConsoleInputW
EraseTape
QueryDosDeviceA
ResumeThread
GetLargestConsoleWindowSize
GetDefaultCommConfigA
CreateIoCompletionPort
GetCurrencyFormatA
GetStringTypeA
GetTapeStatus
ReadConsoleOutputA
CreateTapePartition
SetCurrentDirectoryA
GetShortPathNameA
CancelIo
Module32Next
CommConfigDialogA
CancelWaitableTimer
FindFirstChangeNotificationW
TlsSetValue
FoldStringW
GetFullPathNameA
SetCommTimeouts
OpenEventA
EnumDateFormatsExW
GetLocaleInfoW
OpenEventW
OpenWaitableTimerW
GetPriorityClass
GetCommandLineA
MoveFileW
BackupRead
VerLanguageNameA
Process32First
GetComputerNameW
WritePrivateProfileSectionW
GetCommConfig
IsBadStringPtrA
RequestDeviceWakeup
GetTickCount
HeapCreate
FlushInstructionCache
GetDiskFreeSpaceA
VirtualProtectEx
UnlockFile
AllocConsole
SetFileAttributesA
GetFileAttributesA

user32

RegisterWindowMessageW
GetKeyboardType
ScrollDC
ScrollWindow
GetClassLongW
SetMenuContextHelpId
SetMessageQueue
OemToCharBuffW
OpenDesktopA
SetWindowsHookExW
MonitorFromRect
DrawFrameControl
SetClipboardViewer
DdeUninitialize
GetClipboardFormatNameW
GetPropA
DdeFreeStringHandle
CloseWindowStation
FrameRect
GetMenuItemID
DlgDirListComboBoxA
SetPropA
TranslateMDISysAccel
DdeAddData
GetCursorPos
GetWindowPlacement
SendIMEMessageExW
GetSysColor
SetWindowTextA
GetMessageExtraInfo
TrackPopupMenuEx
LoadBitmapW
GetMenuItemCount
DlgDirListW
GetActiveWindow
GetDesktopWindow
DdeQueryStringA
TranslateMessage
GetDlgItemTextA
OpenClipboard
CloseDesktop
GetWindowTextLengthA
CharNextExA
DdeCreateStringHandleW
TranslateAccelerator
GetMenuStringA
InflateRect
GetMenuStringW
CascadeChildWindows
ChangeMenuW
SwitchDesktop
SetPropW
ToAscii
GetTabbedTextExtentW
SwitchToThisWindow
GetNextDlgTabItem
DispatchMessageW
CreateWindowExA
CreateDialogParamA
SetProcessDefaultLayout
ArrangeIconicWindows
GetAsyncKeyState
SetShellWindow
CreateDialogIndirectParamA
OemToCharA
GetKeyboardLayout
CharPrevExA
FindWindowA
MenuItemFromPoint
SetWindowPlacement
TabbedTextOutW
CloseClipboard
SendMessageCallbackW
CallWindowProcA
GetMenuContextHelpId
RegisterClassExA
OpenWindowStationA
IsCharLowerW
LoadMenuA
GetDoubleClickTime
EndDialog
GetCapture
ShowWindowAsync
WinHelpW
CreateWindowExW
MapDialogRect
InvalidateRect
DdeInitializeW
OpenWindowStationW
LoadStringW
DestroyCursor
DestroyWindow
GetParent
CopyIcon
GetClipboardOwner
SetDlgItemTextW
GetMessageTime
EnumDesktopsA
DrawFrame
ReleaseDC
IsMenu
GetKBCodePage
EnumPropsA
EnableMenuItem
SetCursor
LoadKeyboardLayoutA
LoadAcceleratorsW
CallMsgFilter
UnloadKeyboardLayout
ShowOwnedPopups
GetMenuCheckMarkDimensions
DdeConnect
DrawAnimatedRects
AppendMenuW
GetDlgItemTextW
LoadIconA
ShowWindow
CreateAcceleratorTableA
GetScrollPos
InsertMenuA
DrawMenuBar
ShowCursor

advapi32

LookupAccountNameW
OpenEventLogW
ObjectPrivilegeAuditAlarmW
GetNamedSecurityInfoExW
GetTrusteeNameA
OpenServiceA
RegCloseKey
ObjectOpenAuditAlarmW
GetNumberOfEventLogRecords
GetServiceKeyNameA
RegEnumValueW
GetUserNameW
LookupPrivilegeDisplayNameW
InitializeSid
GetOldestEventLogRecord
TrusteeAccessToObjectW
EqualSid
GetExplicitEntriesFromAclA
RegUnLoadKeyW
ObjectCloseAuditAlarmA
CryptEnumProviderTypesW
SetNamedSecurityInfoW
SetAclInformation
GetFileSecurityW
CryptAcquireContextA
CryptSignHashA
RegDeleteKeyW
OpenSCManagerW
CryptSetProviderA
GetFileSecurityA
RegCreateKeyExA
RegQueryValueExA
SetEntriesInAccessListW
OpenProcessToken
LogonUserW
ObjectCloseAuditAlarmW
ConvertSecurityDescriptorToAccessNamedA
ConvertAccessToSecurityDescriptorA
GetMultipleTrusteeA
GetCurrentHwProfileW
QueryServiceLockStatusW
GetPrivateObjectSecurity
AllocateLocallyUniqueId
GetSidSubAuthorityCount
GetAclInformation
OpenServiceW
AbortSystemShutdownA
CreateProcessAsUserA
MapGenericMask
ControlService
ChangeServiceConfigA
CryptVerifySignatureA
ImpersonateNamedPipeClient
CryptSetProvParam
IsValidSid
ReportEventA
AddAce
RegOpenKeyA
SetFileSecurityW
InitiateSystemShutdownW
SetNamedSecurityInfoExA
SetThreadToken
GetNamedSecurityInfoA
CryptHashData
AbortSystemShutdownW
ObjectOpenAuditAlarmA
RegLoadKeyA
CreateServiceW
LookupPrivilegeNameA
SetFileSecurityA
QueryServiceLockStatusA
AreAnyAccessesGranted
RegConnectRegistryA
SetSecurityDescriptorSacl
LogonUserA
CryptDeriveKey
BuildTrusteeWithNameA
SetServiceStatus
ConvertSecurityDescriptorToAccessA
GetAccessPermissionsForObjectA
LookupPrivilegeValueW
CryptEnumProvidersA
GetSecurityDescriptorDacl
RegConnectRegistryW
BuildImpersonateTrusteeA
GetMultipleTrusteeOperationA
ClearEventLogW
GetLengthSid
FreeSid
LookupPrivilegeNameW
GetSecurityDescriptorGroup
SetSecurityDescriptorOwner
RegOpenKeyExW
OpenThreadToken
GetSecurityInfoExA
SetServiceBits
QueryServiceConfigA
GetAuditedPermissionsFromAclA
StartServiceA
RegSetValueW
RegDeleteValueW
PrivilegedServiceAuditAlarmA
FindFirstFreeAce
RegCreateKeyA
EnumDependentServicesA
LookupSecurityDescriptorPartsA
CryptGenRandom
RegSetValueExW
MakeSelfRelativeSD
AllocateAndInitializeSid
GetServiceDisplayNameA
EqualPrefixSid
CryptGetKeyParam

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 186B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8c2cd63ee8247389013eef18673debba

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shlwapi

kernel32

user32

advapi32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: - Virtual size: 186B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: - Virtual size: 186B