2b2ac8aab2db2ea31f476d392525f939_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b2ac8aab2db2ea31f476d392525f939_JaffaCakes118
Size

86KB
MD5

2b2ac8aab2db2ea31f476d392525f939
SHA1

18853fd5d718eda5b755a311450e64d16b703630
SHA256

562dcbb0b5df61ededcf1418024173f1e9dc9ed8e73d84b0cd60b5cddcf125ac
SHA512

836f2335c7bbcd4e63b51349821b12b82e580c1aa1d010bea1ae94489087bd88745e9f34c9bcab2631b391353d749ff39c214affbae043bd8c344d9710887184
SSDEEP

1536:T1v+MKsfAAguDorU83Fl/oMG2wuC4rfUSZnBWXjr9ezczLEkImWB28ZMJF4bKP:Jv+MK953FlRo4rfUS3WTrY4zIkIvB8zz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b2ac8aab2db2ea31f476d392525f939_JaffaCakes118

Files

2b2ac8aab2db2ea31f476d392525f939_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a19531944b72cf3496e78352993ab083

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
RegQueryValueW
ImpersonateNamedPipeClient
CryptGetProvParam
GetAuditedPermissionsFromAclA
GetSidSubAuthorityCount
DuplicateToken
OpenEventLogA
RegCreateKeyA
SetSecurityInfoExA
CryptSetKeyParam
BuildTrusteeWithSidA
RegDeleteKeyA
OpenBackupEventLogA
OpenEventLogW
GetAccessPermissionsForObjectA
QueryServiceLockStatusA
StartServiceA
RegUnLoadKeyA
RegFlushKey
RegEnumKeyExW
SetEntriesInAccessListA
IsValidSid
ObjectCloseAuditAlarmW
CryptHashData
GetMultipleTrusteeOperationA
GetMultipleTrusteeW
DeregisterEventSource
SetServiceBits
RegEnumKeyA
LookupPrivilegeNameW
SetThreadToken
LookupSecurityDescriptorPartsA
CryptSignHashW
BuildTrusteeWithSidW
BuildSecurityDescriptorA
LogonUserA
GetLengthSid
CryptEnumProvidersA
QueryServiceObjectSecurity
CryptDestroyHash
CryptGetKeyParam
DestroyPrivateObjectSecurity
OpenSCManagerW
CryptGetHashParam
AbortSystemShutdownW
RegQueryInfoKeyW
GetAuditedPermissionsFromAclW
GetFileSecurityA
RegOpenKeyW
LookupAccountNameW
RegSaveKeyA
SetEntriesInAuditListA
GetCurrentHwProfileW
UnlockServiceDatabase
SetKernelObjectSecurity
GetNumberOfEventLogRecords
ConvertSecurityDescriptorToAccessNamedA
ReportEventA
GetExplicitEntriesFromAclA
DuplicateTokenEx
LookupPrivilegeDisplayNameA
GetPrivateObjectSecurity
CryptEncrypt
RegSetValueExW
AddAccessDeniedAce
SetSecurityInfo
GetNamedSecurityInfoA
GetServiceDisplayNameW
FreeSid
RegCloseKey
RegLoadKeyW
OpenServiceA
InitiateSystemShutdownW
ObjectCloseAuditAlarmA
InitiateSystemShutdownA
GetNamedSecurityInfoW
RegLoadKeyA
EqualSid
BackupEventLogW
RegNotifyChangeKeyValue
OpenThreadToken
AccessCheckAndAuditAlarmA
QueryServiceLockStatusW
GetSidLengthRequired
TrusteeAccessToObjectA
GetSecurityInfoExW
RegQueryMultipleValuesW
LookupAccountNameA
LookupPrivilegeValueW
RegRestoreKeyA
GetTrusteeTypeA
CryptVerifySignatureW
SetServiceStatus
ConvertAccessToSecurityDescriptorW
ClearEventLogW
CryptDestroyKey
SetEntriesInAccessListW
GetTrusteeNameA
IsTextUnicode
MakeAbsoluteSD
BuildImpersonateTrusteeA
CancelOverlappedAccess
IsValidAcl
RegCreateKeyExA
RegSetKeySecurity
ConvertAccessToSecurityDescriptorA
MakeSelfRelativeSD
LogonUserW
GetSecurityInfo
SetSecurityDescriptorOwner
RegQueryValueExA
SetNamedSecurityInfoW
GetAclInformation
AccessCheckAndAuditAlarmW
CloseServiceHandle
GetSecurityDescriptorLength
RegDeleteValueA
CloseEventLog
GetMultipleTrusteeOperationW

user32

SetLastErrorEx
ReleaseCapture
EnumWindowStationsA
ShowWindow
EnumDisplaySettingsExW
LoadMenuW
BeginPaint
GetKeyNameTextA
IsCharUpperA
GetCaretBlinkTime
PackDDElParam
UnregisterClassW
RegisterClassExW
GetScrollInfo
IsCharAlphaA
TileWindows
UnhookWinEvent
DialogBoxParamA
EditWndProc
CallMsgFilter
SendDlgItemMessageA
VkKeyScanExW
PeekMessageW
HideCaret
CallWindowProcW
DdeQueryNextServer
CreateMDIWindowW
GetQueueStatus
MonitorFromPoint
CallWindowProcA
GetScrollBarInfo
FillRect
GetLastActivePopup
SwitchDesktop
IsWindowUnicode
SetWindowTextA
IsDialogMessageA
ToUnicodeEx
TabbedTextOutA
GetKeyboardLayout
DrawTextExA
MapVirtualKeyA
ShowWindowAsync
GetDlgItemTextA
FlashWindowEx
GetWindowTextA
DdeClientTransaction
GetOpenClipboardWindow
CharPrevA
SetProcessWindowStation
EnumDesktopsA
SetMenuDefaultItem
SetMessageQueue
DrawEdge
OpenWindowStationA
DrawTextW
DestroyWindow
GetWindowLongW
DdeCmpStringHandles
SetDlgItemInt
UnregisterHotKey
GetAltTabInfo
SetUserObjectInformationW
ChangeDisplaySettingsA
DestroyCaret
AnyPopup
GetCursorPos
IsClipboardFormatAvailable
IsChild
GetSystemMenu
LoadImageW
TrackPopupMenuEx
SendMessageTimeoutA
SetPropW
GetMessageTime
GetScrollRange
CreateWindowStationA
ChildWindowFromPoint
DdeCreateDataHandle
GetMessageW
ShowCursor
ChangeDisplaySettingsExW
GetMenuItemID
DrawAnimatedRects
OffsetRect
GetSysColor
ScrollDC
GetCursor
SetShellWindow
GetProcessDefaultLayout
SetSystemCursor
LoadIconA
SetClassLongA
ValidateRect
SetWindowLongA
AnimateWindow
CreateCaret
DefMDIChildProcA
UnregisterClassA
IsWindow
GetDlgItemInt
CloseWindow
NotifyWinEvent
ClientToScreen
IsZoomed
GetIconInfo
LoadMenuA
SetWindowLongW
UnloadKeyboardLayout
GetMenuItemRect
SetCursorPos
DialogBoxIndirectParamA
GetWindowModuleFileNameA
SetForegroundWindow
EnumChildWindows
CheckMenuItem
ImpersonateDdeClientWindow
AdjustWindowRect

ole32

IsAccelerator
StgIsStorageFile
OleCreateDefaultHandler
OleRegGetMiscStatus
WriteFmtUserTypeStg
CoUnmarshalInterface
OleRegEnumVerbs
GetClassFile
OleSetMenuDescriptor
ReadClassStm
CoLockObjectExternal
OleIsCurrentClipboard
OpenOrCreateStream
OleDestroyMenuDescriptor
ReleaseStgMedium
CoCopyProxy
OleCreateEmbeddingHelper
CoDisconnectObject
CoReleaseMarshalData
ReadClassStg
OleIsRunning
WriteOleStg
CreateStreamOnHGlobal
StringFromCLSID
StgOpenStorageEx
GetConvertStg
CoRegisterPSClsid
StringFromIID
OleConvertIStorageToOLESTREAMEx
CoGetInstanceFromFile
OleSaveToStream
OleRegEnumFormatEtc
StgOpenStorage
CoInitializeSecurity
OleTranslateAccelerator
CoCreateGuid
CoFreeLibrary
CoIsOle1Class
OleDoAutoConvert
CreateFileMoniker
CoRegisterMallocSpy
CoGetCurrentProcess
StgCreateDocfileOnILockBytes
DllDebugObjectRPCHook
OleInitialize
CoGetClassObject
OleCreateEx
CoSuspendClassObjects
OleRun
OleCreateLinkFromDataEx
StgCreateStorageEx
CoFileTimeNow
CoMarshalInterThreadInterfaceInStream
CoGetCallContext
PropVariantClear
StgGetIFillLockBytesOnFile
CreateDataAdviseHolder
CreateBindCtx
MonikerCommonPrefixWith
CoGetMarshalSizeMax
CoGetMalloc
IIDFromString
CoRevokeClassObject
UpdateDCOMSettings
OleGetIconOfClass
CoRegisterChannelHook
DoDragDrop
OleFlushClipboard
OleCreateFromData
OleCreateMenuDescriptor
CreateItemMoniker
MkParseDisplayName
OleDuplicateData
GetHGlobalFromILockBytes
StgOpenAsyncDocfileOnIFillLockBytes
CoUnmarshalHresult
CreateOleAdviseHolder
ProgIDFromCLSID
CreateILockBytesOnHGlobal
StgGetIFillLockBytesOnILockBytes
CoFreeUnusedLibraries
ReadOleStg
RevokeDragDrop
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
OleCreateLinkEx
GetDocumentBitStg
OleGetIconOfFile
CoGetPSClsid
CLSIDFromProgID
WriteClassStm
FreePropVariantArray
OleCreateLinkToFile
ReadStringStream
StgSetTimes
OleSave
CoQueryAuthenticationServices
CoDosDateTimeToFileTime
UtGetDvtd16Info
OleCreate
ReadFmtUserTypeStg

kernel32

GlobalReAlloc
OpenMutexW
GetFullPathNameA
SetConsoleMode
ConvertDefaultLocale
RemoveDirectoryW
SetConsoleActiveScreenBuffer
LockResource
SearchPathA
CreateMailslotA
GetEnvironmentVariableW
FindFirstFileExW
CreateThread
WritePrivateProfileStructA
ReadConsoleOutputCharacterW
GetPrivateProfileIntW
OpenWaitableTimerW
GetDevicePowerState
Thread32First
VirtualProtect
FillConsoleOutputAttribute
GetCurrentThread
CreateWaitableTimerW
GetWindowsDirectoryA
SetFilePointer
SetVolumeLabelA
GetProcessPriorityBoost
DeleteFileW
VerLanguageNameA
SetCommBreak
TlsSetValue
SetThreadExecutionState
GetFileType
FormatMessageA
GetDiskFreeSpaceW
GetCommandLineA
GetCompressedFileSizeW
DeleteFiber
GetTapeStatus
LoadLibraryExA
EnumDateFormatsExW
GlobalHandle
lstrcpynA
CommConfigDialogW
WaitForSingleObject
GetModuleFileNameA
SetStdHandle
GetModuleFileNameW
GlobalFlags
SetMessageWaitingIndicator
lstrcatW
RequestWakeupLatency
CreateSemaphoreW
QueryPerformanceCounter
ReadProcessMemory
CreateIoCompletionPort
OpenProcess
LocalShrink
GetStdHandle
WaitNamedPipeW
CommConfigDialogA
WriteConsoleOutputCharacterA
HeapWalk
RaiseException
RequestDeviceWakeup
CreateFileMappingA
Process32First
GetProcessTimes
QueryDosDeviceA
GetVersionExW
SetDefaultCommConfigW
ConvertThreadToFiber
SetConsoleCursorPosition
LocalHandle
FindAtomA
SetComputerNameW
IsValidLocale
OpenEventW
GetCurrentDirectoryA
DisconnectNamedPipe
ExpandEnvironmentStringsW
QueryPerformanceFrequency
GetSystemPowerStatus
SetMailslotInfo
GetVolumeInformationA
FoldStringA
CallNamedPipeW
VirtualAlloc
GetEnvironmentStringsW
LoadLibraryA
GetFullPathNameW
WritePrivateProfileSectionA
HeapCreate
GetACP
PeekConsoleInputA
GetShortPathNameW
GlobalDeleteAtom
SetCommConfig
GenerateConsoleCtrlEvent
CopyFileExA
GetProcessAffinityMask
WriteConsoleOutputW
GetConsoleCursorInfo
TransactNamedPipe
GetPrivateProfileSectionW
GlobalFree
GlobalFindAtomA
EnumSystemCodePagesA
FindCloseChangeNotification
FindClose
IsDBCSLeadByteEx
SetPriorityClass
GetConsoleMode
FormatMessageW
GetPriorityClass
GetExitCodeThread
WriteConsoleW
FindResourceW
OpenFileMappingA
lstrlenA
WriteProfileSectionW
GetTempPathA
GetFileInformationByHandle
WriteFileGather
SetThreadPriorityBoost
SearchPathW
GetProfileStringW
GetSystemTimeAsFileTime
lstrcmpiW
GetConsoleOutputCP
GlobalUnlock
GetSystemTimeAdjustment
ClearCommBreak
SetConsoleTitleA
GetLogicalDrives
GlobalCompact
CreateProcessA
GetWindowsDirectoryW
QueueUserAPC
lstrlen
OpenMutexA
MoveFileExA
SetCalendarInfoW
CreateFileMappingW
GetCPInfoExW
FindFirstFileA
QueryDosDeviceW

shlwapi

StrDupA
PathSkipRootW
UrlGetLocationA
SHQueryValueExW
UrlApplySchemeA
PathFileExistsA
UrlCanonicalizeA
SHRegDeleteUSValueA
PathMakePrettyA
PathIsRootA
PathCommonPrefixA
PathAddExtensionA
StrRetToBufA
StrRetToStrW
StrCSpnIA
StrIsIntlEqualW
PathBuildRootW
IntlStrEqWorkerW
UrlApplySchemeW
PathStripPathA
StrChrIA
PathMatchSpecW
SHOpenRegStream2W
PathIsUNCA
SHQueryInfoKeyA
SHSkipJunction
wvnsprintfW
SHStrDupA
SHSetValueA
StrFormatKBSizeA
SHCreateStreamOnFileW
StrToIntExA
SHRegQueryInfoUSKeyW
PathFindSuffixArrayW
UrlEscapeA
SHRegEnumUSValueW
PathStripToRootW
SHOpenRegStreamA
PathRemoveBackslashW
SHDeleteKeyA
PathUndecorateW
StrPBrkW
SHIsLowMemoryMachine
StrChrW
PathSkipRootA
PathRemoveBlanksA
StrSpnA
StrCpyNW
PathGetCharTypeW
PathAddBackslashA
SHRegEnumUSKeyW
UrlEscapeW
PathUndecorateA
StrFromTimeIntervalW
PathRemoveArgsA
ColorHLSToRGB
wnsprintfA
IntlStrEqWorkerA
PathParseIconLocationA
SHDeleteEmptyKeyW
SHRegQueryUSValueA
SHGetInverseCMAP
PathIsUNCServerA
SHRegEnumUSKeyA
PathFindExtensionA
StrChrA
PathIsDirectoryW
StrRStrIA
PathQuoteSpacesW
StrRChrIW
StrRChrW
PathIsUNCServerShareA
StrTrimA
UrlIsA
PathUnquoteSpacesW
SHDeleteValueW
PathRelativePathToW
AssocQueryKeyW
UrlHashW
PathCompactPathExW
PathStripToRootA
PathRemoveFileSpecA
StrRStrIW
UrlGetLocationW
SHDeleteEmptyKeyA
SHRegDuplicateHKey
PathIsContentTypeA
AssocQueryStringByKeyW
StrStrW
PathCommonPrefixW
PathIsFileSpecA
StrStrA
SHCopyKeyW
PathFindSuffixArrayA
AssocQueryStringW
PathRemoveArgsW
PathFindExtensionW
PathRemoveExtensionA
PathStripPathW
PathIsUNCW
PathIsDirectoryEmptyA
StrCmpNIA
StrTrimW

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a19531944b72cf3496e78352993ab083

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

ole32

kernel32

shlwapi

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 4KB