3a5bd03f5114897334a55b441a353399_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a5bd03f5114897334a55b441a353399_JaffaCakes118
Size

87KB
MD5

3a5bd03f5114897334a55b441a353399
SHA1

84e852abfbb02b7576d0ee2605aa9f1adc729c45
SHA256

a54f7e36d9ece8fb2f302c3c42a3aeea00cf956f395355f44538cfa1b5b57d64
SHA512

9ae0764b49295f79a6956a39e96d2a4653917b56bd4ccb0126f4ef6b649beb463876ec988a16dd6e8802a6f95c6b42e9920caa8f5fbd674daf4292b383d3a7e8
SSDEEP

1536:iENR2TUJVlIErGPiuKyS1ojkuwHqSFG19FF4Jzw1HZLBNf9aZcs7DQoFQoCYoVhw:/6o3GPiuUpalWJG5FPsYVPtVh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a5bd03f5114897334a55b441a353399_JaffaCakes118

Files

3a5bd03f5114897334a55b441a353399_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e24582e7709faa959e5ae26a2f9d3ed2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptEnumProvidersW
AddAccessAllowedAce
RegCreateKeyExA
RegOpenKeyW
SetEntriesInAclW
RegCreateKeyW
CopySid
GetMultipleTrusteeOperationW
SetSecurityDescriptorSacl
EqualSid
GetEffectiveRightsFromAclA
RegDeleteKeyA
CryptReleaseContext
RegFlushKey
SetKernelObjectSecurity
SetSecurityDescriptorGroup
AddAce
ObjectPrivilegeAuditAlarmW
ImpersonateSelf
SetSecurityInfo
CancelOverlappedAccess
LookupPrivilegeValueW
RegCreateKeyExW
SetEntriesInAccessListW
ReadEventLogA
GetAccessPermissionsForObjectW
ConvertSecurityDescriptorToAccessW
OpenServiceW
CreateServiceW
GetSecurityInfoExA
RegNotifyChangeKeyValue
GetAce
BuildImpersonateExplicitAccessWithNameW
RegEnumKeyA
QueryServiceLockStatusW
RegisterServiceCtrlHandlerA
CryptSignHashW
RegDeleteValueA
OpenBackupEventLogA
BackupEventLogW
BuildSecurityDescriptorA
CryptVerifySignatureA
LookupAccountSidW
CryptSetHashParam
CryptExportKey
ControlService
CryptSetProviderA
InitiateSystemShutdownA
GetAuditedPermissionsFromAclW
GetTrusteeTypeA
RegSaveKeyA
ImpersonateLoggedOnUser
GetSecurityDescriptorControl
EnumServicesStatusW
IsValidAcl
CloseServiceHandle
AbortSystemShutdownA
GetNamedSecurityInfoA
SetServiceBits
StartServiceCtrlDispatcherA
LockServiceDatabase
ClearEventLogW
RegOpenKeyA
OpenEventLogA
SetSecurityDescriptorDacl
GetSecurityInfoExW
GetUserNameW
RegQueryValueExA
AllocateLocallyUniqueId
GetTokenInformation
GetSidSubAuthority
MapGenericMask
GetKernelObjectSecurity
LogonUserW
GetNamedSecurityInfoW
ConvertAccessToSecurityDescriptorW
DeleteService
GetCurrentHwProfileA
EnumDependentServicesW
OpenSCManagerA
RegisterEventSourceW
ConvertSecurityDescriptorToAccessA
RegRestoreKeyW
CryptHashSessionKey
UnlockServiceDatabase
CryptHashData
GetTrusteeNameW
GetOldestEventLogRecord
GetAuditedPermissionsFromAclA
MakeSelfRelativeSD
IsValidSecurityDescriptor
GetPrivateObjectSecurity
CryptSetProviderExA
RegSetValueExA
GetFileSecurityW
RegReplaceKeyA
SetTokenInformation
GetTrusteeTypeW
ChangeServiceConfigA
RegSetKeySecurity
CryptGetKeyParam
RegUnLoadKeyW
RegUnLoadKeyA
TrusteeAccessToObjectW
CreatePrivateObjectSecurity
GetNamedSecurityInfoExA
SetSecurityDescriptorOwner
CryptSetProviderW

shlwapi

PathIsRootW
UrlGetLocationA
PathSearchAndQualifyW
StrChrIW
PathIsURLA
SHSkipJunction
PathUnquoteSpacesA
SHRegEnumUSValueA
PathIsContentTypeW
StrStrIA
StrFormatKBSizeA
StrStrIW
PathIsNetworkPathA
PathCommonPrefixW
PathParseIconLocationA
PathMatchSpecA
PathFileExistsW
StrPBrkA
UrlEscapeA
SHRegGetUSValueW
ChrCmpIA
PathGetArgsW
UrlIsA
SHQueryValueExW
PathFindExtensionA
SHRegQueryUSValueA
SHEnumKeyExW
SHGetInverseCMAP
wvnsprintfW
IntlStrEqWorkerW
StrToIntExW
PathIsSameRootW
SHDeleteValueA
PathIsFileSpecW
PathSkipRootA
SHDeleteKeyA
PathFileExistsA
UrlIsNoHistoryA
PathUndecorateW
PathMakeSystemFolderW
StrFormatKBSizeW
SHCreateStreamOnFileA
StrRChrIW
SHStrDupA
PathIsUNCServerShareA
SHCreateShellPalette
PathCreateFromUrlW
SHCreateStreamOnFileW
SHRegQueryInfoUSKeyA
PathGetCharTypeA
SHRegGetBoolUSValueW
UrlGetPartA
StrChrIA
SHRegDeleteUSValueA
SHRegSetUSValueA
PathRemoveBackslashA
SHCopyKeyA
SHRegOpenUSKeyW
StrRChrW
StrSpnA
StrRChrIA
SHDeleteValueW
PathIsDirectoryEmptyA
StrFromTimeIntervalA
PathBuildRootA
PathMakePrettyW
PathBuildRootW
StrRStrIW
SHSetValueW
StrCmpW
StrNCatW
StrFormatByteSizeW
SHEnumKeyExA
StrStrA
wvnsprintfA
ColorAdjustLuma
PathAppendW
SHRegDeleteUSValueW
PathIsUNCA
UrlIsOpaqueW
PathParseIconLocationW
PathRemoveArgsW
SHEnumValueW
AssocQueryStringByKeyA
PathSetDlgItemPathW
UrlHashW
StrFromTimeIntervalW
SHRegCreateUSKeyA
SHRegQueryUSValueW
PathRenameExtensionA
PathStripPathW
SHRegEnumUSKeyW
UrlCanonicalizeA
AssocQueryStringByKeyW
PathIsRelativeW
StrNCatA
PathMakeSystemFolderA
PathGetArgsA
StrCmpNIW
SHOpenRegStream2A
PathFindFileNameW
StrChrW
SHRegWriteUSValueW
PathIsDirectoryA
UrlCompareA
StrRetToBufA
StrRetToStrA
SHOpenRegStreamW
PathSearchAndQualifyA
HashData
PathAddBackslashA
GetMenuPosFromID
StrRChrA

user32

ToUnicodeEx
GetWindowPlacement
SwitchDesktop
DdeReconnect
ScreenToClient
DrawMenuBar
TrackMouseEvent
ChangeMenuA
ChangeMenuW
GetMenuItemID
EnumWindowStationsW
LoadMenuIndirectW
SetWindowTextA
GetAltTabInfo
TileChildWindows
GetWindowLongA
ToAsciiEx
PostQuitMessage
GetClipboardFormatNameW
SetCaretPos
GetDC
GetMessageA
TranslateMessage
DdeQueryNextServer
BeginDeferWindowPos
OpenDesktopW
GetWindow
CloseWindow
MenuItemFromPoint
DdeCreateStringHandleA
GetKeyboardLayoutNameW
InflateRect
TrackPopupMenu
GetSystemMetrics
CopyAcceleratorTableA
EmptyClipboard
OemToCharW
MessageBoxIndirectA
IsCharAlphaW
MapVirtualKeyA
KillTimer
EnumPropsExW
IsIconic
GetCursor
SetActiveWindow
FindWindowW
CreateIconIndirect
GetDialogBaseUnits
GetMonitorInfoA
CallWindowProcW
LoadMenuA
SendMessageTimeoutA
IsChild
ImpersonateDdeClientWindow
PostMessageA
GetClassNameW
CharPrevA
VkKeyScanExA
AdjustWindowRect
ModifyMenuA
FlashWindow
OemKeyScan
CreateMenu
SendDlgItemMessageW
PackDDElParam
GetWindowContextHelpId
FreeDDElParam
InvalidateRgn
IsDlgButtonChecked
UnregisterClassA
ScrollWindowEx
DrawTextExA
GetMenuItemInfoW
DdeGetLastError
SubtractRect
SetClipboardViewer
GetOpenClipboardWindow
GetClipboardData
ReleaseDC
LoadKeyboardLayoutW
PostThreadMessageA
SetClassLongA
DdeUnaccessData
RealChildWindowFromPoint
DdeFreeStringHandle
EnumDisplaySettingsA
LoadAcceleratorsA
PostThreadMessageW
DestroyAcceleratorTable
GetTitleBarInfo
PtInRect
GetMenuContextHelpId
FindWindowA
IntersectRect
WINNLSGetIMEHotkey
GetNextDlgGroupItem
SetLastErrorEx
DefWindowProcW
VkKeyScanExW
GetKBCodePage
GetScrollBarInfo
LoadBitmapA
DialogBoxIndirectParamW
CharUpperA
GetNextDlgTabItem
DdePostAdvise
CreateIcon
SetMenuItemInfoA
ToAscii
GetQueueStatus
DlgDirSelectExA
TrackPopupMenuEx
SetMenuItemBitmaps
DdeConnect
ShowWindow
WINNLSEnableIME
CopyAcceleratorTableW
SendMessageCallbackA
DrawTextExW
DefWindowProcA
LoadCursorA
HiliteMenuItem
CharUpperBuffA

kernel32

VirtualAlloc
GetTimeZoneInformation
SetCurrentDirectoryA
BuildCommDCBAndTimeoutsW
GetEnvironmentStrings
PeekConsoleInputA
GetSystemTime
GlobalLock
SetPriorityClass
FindFirstChangeNotificationW
SetConsoleCP
VirtualQueryEx
WriteFile
DefineDosDeviceW
GetConsoleMode
UnmapViewOfFile
FindResourceExW
FreeEnvironmentStringsA
RemoveDirectoryA
ReadFileScatter
GetCommandLineW
CancelIo
GetCalendarInfoW
DeleteFiber
ExitProcess
GetCommTimeouts
VirtualUnlock
PostQueuedCompletionStatus
GetNumberOfConsoleMouseButtons
GetFileTime
GetThreadPriorityBoost
SetEnvironmentVariableA
EnumSystemCodePagesA
SetCurrentDirectoryW
ReadConsoleOutputA
CreateDirectoryExW
TerminateProcess
SetEndOfFile
GlobalHandle
SetHandleInformation
WriteProfileSectionW
GetNamedPipeHandleStateW
SetConsoleMode
GetProfileStringW
GetTempFileNameA
SetLocaleInfoA
HeapCompact
RequestWakeupLatency
HeapFree
GetLogicalDriveStringsW
GetProcAddress
EnumDateFormatsExW
lstrcatW
lstrcatA
GetPrivateProfileIntW
FindAtomA
ReadConsoleW
FillConsoleOutputCharacterA
InitAtomTable
VirtualProtect
SetConsoleCtrlHandler
CallNamedPipeW
GetModuleFileNameA
GlobalFindAtomA
ClearCommBreak
BackupRead
FreeResource
GetSystemPowerStatus
QueryPerformanceCounter
FindResourceA
FreeEnvironmentStringsW
GetFileType
OpenMutexW
GetStringTypeW
GetComputerNameA
VerLanguageNameA
GetProcessPriorityBoost
SetConsoleTitleW
FlushViewOfFile
SetSystemTime
ReleaseMutex
GetTapeParameters
SetHandleCount
GlobalAddAtomA
GetExitCodeProcess
GetPrivateProfileStructA
IsSystemResumeAutomatic
lstrcmpW
ReadFileEx
WriteConsoleOutputAttribute
GetSystemTimeAsFileTime
FindFirstFileExA
GetCurrencyFormatA
GlobalMemoryStatus
GetWriteWatch
GlobalFree
HeapWalk
lstrlenA
DebugBreak
GlobalReAlloc
HeapLock
GetConsoleOutputCP
GetDateFormatW
CreateRemoteThread
ReadConsoleOutputAttribute
GetPrivateProfileStructW
GetWindowsDirectoryA
GetCommConfig
GetProcessShutdownParameters
HeapValidate
DuplicateHandle
GetHandleInformation
lstrcpynW
GetPrivateProfileSectionNamesA
GetShortPathNameA
CreateEventW
FileTimeToSystemTime
GetProfileIntW
GetCurrentDirectoryA
GetDiskFreeSpaceExA
EnumCalendarInfoW
CreateProcessW
GlobalAddAtomW
GetTapeStatus
CreateToolhelp32Snapshot
LocalLock
GetTempFileNameW
GetConsoleCP
CompareStringW
CreateThread
FindFirstChangeNotificationA
CreateConsoleScreenBuffer
IsBadStringPtrW
OpenSemaphoreW
PeekNamedPipe
LocalFlags
DeleteFileA
GetSystemDefaultLangID

ole32

WriteClassStm
StgSetTimes
CoGetClassObject
ReadClassStg
OleQueryLinkFromData
CreateAntiMoniker
ReadStringStream
CoTaskMemRealloc
CoTaskMemAlloc
CoFileTimeNow
CoRegisterMessageFilter
CoReleaseServerProcess
OleCreate
OleUninitialize
IIDFromString
CoInitializeEx
StgGetIFillLockBytesOnFile
OleConvertOLESTREAMToIStorage
CoGetInstanceFromFile
CreateDataCache
CoIsOle1Class
OleSetClipboard
OleIsRunning
CoUnmarshalHresult
OleGetIconOfFile
OleFlushClipboard
OleCreateLinkToFileEx
CreateStreamOnHGlobal
WriteFmtUserTypeStg
CoRegisterClassObject
OleRun
CoRevokeClassObject
CreateGenericComposite
StgCreateDocfile
CoDosDateTimeToFileTime
GetHGlobalFromStream
UtGetDvtd16Info
GetClassFile
BindMoniker
RevokeDragDrop
CoTreatAsClass
CoQueryReleaseObject
StgCreateDocfileOnILockBytes
OleDuplicateData
StgOpenAsyncDocfileOnIFillLockBytes
CoLockObjectExternal
OleSaveToStream
OleGetClipboard
OleNoteObjectVisible
CoImpersonateClient
StgOpenStorageEx
DoDragDrop
OleCreateStaticFromData
OleSetMenuDescriptor
ReleaseStgMedium
OleLockRunning
GetRunningObjectTable
OleConvertOLESTREAMToIStorageEx
CoFileTimeToDosDateTime
PropVariantClear
ProgIDFromCLSID
OleConvertIStorageToOLESTREAMEx
OleDraw
OleCreateEx
CreatePointerMoniker
CoRegisterMallocSpy
CoSuspendClassObjects
CoQueryProxyBlanket
CoGetStandardMarshal
WriteOleStg
OleCreateLinkFromDataEx
IsAccelerator
CoGetMalloc
OpenOrCreateStream
OleIsCurrentClipboard
OleGetAutoConvert
CoCreateGuid
OleQueryCreateFromData
CoGetInstanceFromIStorage
OleRegGetMiscStatus
CoGetCallerTID
ReadFmtUserTypeStg
OleRegGetUserType
CoRegisterSurrogate
CoReleaseMarshalData
StringFromGUID2
CoInitializeSecurity
CoMarshalInterface
OleSetContainedObject
CoUninitialize
OleLoadFromStream
OleCreateEmbeddingHelper
CoRevokeMallocSpy
CoFreeAllLibraries
CoDisconnectObject
CoQueryClientBlanket
CoCreateInstance
CoTaskMemFree
OleLoad
CreateOleAdviseHolder
CLSIDFromProgID
CoMarshalHresult
OleCreateDefaultHandler
DllDebugObjectRPCHook

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e24582e7709faa959e5ae26a2f9d3ed2

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

user32

kernel32

ole32

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 304B

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 304B