3d0804a39fef0fd1e05802fcaa68b091_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d0804a39fef0fd1e05802fcaa68b091_JaffaCakes118
Size

81KB
MD5

3d0804a39fef0fd1e05802fcaa68b091
SHA1

f45955456358fbe6803724422a5dfd0116966ae1
SHA256

cdff82ca47b20140d8de7d8dd82eb151c087551df3bc4fbf65db506510202f5d
SHA512

5483fdf49007265421bf0f58f51d67aa59c425b8840efa2a3c77013823a351db70e6b988d3e204d71df5bac26a3410ffd080afab2edb00d576191f460069e7ba
SSDEEP

1536:pOXvztwj2mliinI0d4DYvyVuJuXlqQ0PDKzs8oj1mVfYhiJ:wXvztePTnI0d+YvyCM/0PDBrjAVQh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d0804a39fef0fd1e05802fcaa68b091_JaffaCakes118

Files

3d0804a39fef0fd1e05802fcaa68b091_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5fd74150e0e67514bcc6f769ed51c0da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExW
CreateProcessA
GetDiskFreeSpaceExA
GetProcessAffinityMask
SetThreadAffinityMask
SetConsoleTitleA
LoadLibraryExA
WinExec
OpenMutexW
CreateFiber
VirtualFreeEx
MulDiv
ReadConsoleOutputCharacterW
FindCloseChangeNotification
DuplicateHandle
ContinueDebugEvent
CreateWaitableTimerW
UnlockFile
SetCommBreak
lstrcmpA
CreateMailslotW
GetPrivateProfileStructA
DisconnectNamedPipe
HeapLock
GetVersionExA
FindFirstFileExW
SetTimeZoneInformation
WriteTapemark
GetProcessPriorityBoost
IsBadWritePtr
GetDriveTypeW
MultiByteToWideChar
SetConsoleCtrlHandler
GlobalAddAtomW
VirtualProtect
GetModuleHandleW
GetSystemInfo
DeleteAtom
lstrcmpi
CommConfigDialogW
SetProcessAffinityMask
GetAtomNameA
CallNamedPipeW
ReleaseMutex
lstrcatW
SearchPathW
Thread32Next
VerLanguageNameW
WriteConsoleOutputCharacterW
InitializeCriticalSectionAndSpinCount
LockResource
CompareStringW
GetWindowsDirectoryW
GetModuleHandleA
GetConsoleTitleW
RtlFillMemory
lstrcmpiA
GetUserDefaultLCID
BackupWrite
GetLocalTime
SetCommConfig
GetTimeZoneInformation
GlobalReAlloc
WaitCommEvent
ResetEvent
PrepareTape
CreateDirectoryW
EscapeCommFunction
GetVolumeInformationW
GetPriorityClass
ReadConsoleOutputW
TlsSetValue
GetCurrentThreadId
WriteConsoleInputW
VirtualAlloc
WriteConsoleA
GetCompressedFileSizeW
GlobalLock
BuildCommDCBAndTimeoutsW
FreeResource
QueryDosDeviceW
FileTimeToSystemTime
VirtualQueryEx
DeleteFileW
CompareStringA
SetSystemTimeAdjustment
GetConsoleOutputCP
CreateFileA
GlobalUnlock
VirtualUnlock
GetProcessHeap
WriteConsoleOutputCharacterA
LCMapStringW
WaitNamedPipeW
MapViewOfFile
LocalCompact
DebugBreak
CreateDirectoryExW
GetDiskFreeSpaceExW
SuspendThread
GetEnvironmentStrings
SetThreadContext
ReadConsoleOutputA
SystemTimeToFileTime
GetCPInfo
lstrcmpiW
ClearCommBreak
WriteConsoleW
HeapWalk
SetConsoleTextAttribute
LoadLibraryA
GetPrivateProfileSectionNamesW
CreateIoCompletionPort
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntW
lstrcpyW
SetFileTime
FindResourceA
SwitchToThread
GetProcessHeaps
GetWindowsDirectoryA
SetCurrentDirectoryW
SetMailslotInfo
SetTapePosition
SetMessageWaitingIndicator
DisableThreadLibraryCalls
GlobalUnfix
SetLastError
GetLocaleInfoA
EnumSystemLocalesW

user32

ScrollWindow
BroadcastSystemMessageA
CopyAcceleratorTableA
EnumWindows
CreatePopupMenu
LoadCursorW
DefWindowProcA
GetSystemMenu
TabbedTextOutA
GetDCEx
OemToCharBuffW
SendIMEMessageExW
SendIMEMessageExA
MonitorFromPoint
GetMonitorInfoA
SetPropW
GetListBoxInfo
WINNLSGetIMEHotkey
GetWindowWord
SetParent
IsCharLowerW
SetScrollPos
CreateCaret
ReleaseDC
DestroyAcceleratorTable
CharLowerW
WinHelpA
EndMenu
IsWindowEnabled
DrawFrame
TranslateAcceleratorA
DispatchMessageW
SystemParametersInfoA
SetFocus
DrawAnimatedRects
GetMenu
CharPrevA
FlashWindowEx
BlockInput
DdeEnableCallback
SetSysColors
GetDlgItemTextA
DdeSetQualityOfService
EnumWindowStationsA
GetClassLongW
SetDlgItemTextA
RegisterClassA
CopyRect
FindWindowA
CreateWindowExW
UnhookWinEvent
GetWindowRgn
DdePostAdvise
GetLastActivePopup
SetCaretBlinkTime
CallMsgFilterA
GetActiveWindow
GetWindowLongW
GetWindowTextA
SetShellWindow
CheckRadioButton
CreateDesktopA
LoadStringW
SetMenuItemBitmaps
AdjustWindowRect
GetMenuStringW
CloseClipboard
GetWindowRect
SendMessageCallbackW
ReuseDDElParam
RemoveMenu
DdeGetData
ExitWindowsEx
CharLowerBuffW
SetProcessDefaultLayout
LoadCursorA
IsDlgButtonChecked
SendMessageTimeoutA
SetDoubleClickTime
ScrollDC
TranslateMDISysAccel
SetLastErrorEx
PostMessageW
IsRectEmpty
DdeUnaccessData
SetWindowLongW
AnyPopup
GrayStringW
GetUserObjectSecurity
GetKeyboardType
CreateWindowExA
CharNextExA
SetMessageQueue
DragObject
DdeQueryStringA
GetSysColor
CallMsgFilterW
ModifyMenuW
IsIconic
GetWindowDC
GetWindowLongA
UnregisterDeviceNotification
EnumDisplayDevicesW
CreateIconIndirect
PostThreadMessageA
FreeDDElParam
UnregisterHotKey
SetWindowTextA
EnumDisplaySettingsA
DrawCaption
GetNextDlgGroupItem
CloseWindowStation
GetGuiResources
LoadMenuA
GetCapture
SendInput
ArrangeIconicWindows
SetMenuItemInfoW
ChangeMenuW
GetKeyboardLayoutNameA
FrameRect
MonitorFromRect
UnhookWindowsHook
GetIconInfo
ScrollWindowEx
DdeQueryStringW
DdeDisconnect
VkKeyScanExA
EditWndProc
ChildWindowFromPointEx
GetScrollPos
DrawTextA
GetWindowThreadProcessId
OemToCharA
GetPriorityClipboardFormat
TrackPopupMenuEx
OpenDesktopA
CountClipboardFormats
ShowCaret
LookupIconIdFromDirectoryEx
SetTimer
EnumClipboardFormats
UnregisterClassA
GetClientRect
PaintDesktop
InvalidateRgn
GetCaretBlinkTime

advapi32

BuildImpersonateExplicitAccessWithNameW
GetSecurityInfo
RegDeleteKeyA
GetKernelObjectSecurity
SetNamedSecurityInfoExA
RegSetKeySecurity
CryptAcquireContextA
RegEnumKeyA
SetSecurityDescriptorDacl
GetFileSecurityW
RegisterEventSourceW
SetThreadToken
CryptVerifySignatureW
BuildTrusteeWithNameA
DestroyPrivateObjectSecurity
GetAclInformation
CryptEncrypt
CryptHashSessionKey
RegRestoreKeyW
ConvertSecurityDescriptorToAccessW
RegSetValueA
StartServiceW
LookupAccountNameW
AllocateAndInitializeSid
BuildExplicitAccessWithNameA
CryptGetUserKey
CryptImportKey
GetServiceDisplayNameW
SetServiceObjectSecurity
GetSecurityDescriptorControl
GetServiceKeyNameW
OpenProcessToken
MapGenericMask
SetTokenInformation
CancelOverlappedAccess
AdjustTokenGroups
RegDeleteValueA
QueryServiceObjectSecurity
GetAccessPermissionsForObjectW
TrusteeAccessToObjectA
SetSecurityInfoExA
GetTrusteeTypeW
IsValidAcl
RegCreateKeyExW
SetEntriesInAccessListW
CryptHashData
CryptDestroyHash
EnumDependentServicesW
CryptGetKeyParam
BuildImpersonateExplicitAccessWithNameA
GetSecurityInfoExW
ConvertAccessToSecurityDescriptorA
ObjectCloseAuditAlarmA
GetAccessPermissionsForObjectA
PrivilegedServiceAuditAlarmW
GetOldestEventLogRecord
RegCloseKey
GetAuditedPermissionsFromAclW
EqualSid
ObjectDeleteAuditAlarmW
RegLoadKeyA
ImpersonateNamedPipeClient
ReadEventLogA
ObjectOpenAuditAlarmW
CryptSignHashW
CryptGenKey
AddAccessAllowedAce
RegOpenKeyExA
SetNamedSecurityInfoExW
GetNumberOfEventLogRecords
CryptSetProvParam
CryptAcquireContextW
EnumDependentServicesA
GetMultipleTrusteeW
MakeAbsoluteSD
AreAnyAccessesGranted
CryptGenRandom
EqualPrefixSid
MakeSelfRelativeSD
RegQueryMultipleValuesA
RegLoadKeyW
SetEntriesInAclW
RegFlushKey
GetAce
ConvertSecurityDescriptorToAccessA
EnumServicesStatusW
SetFileSecurityW
LookupSecurityDescriptorPartsW
GetNamedSecurityInfoW
OpenEventLogA
ImpersonateSelf
CryptSetProviderA
CryptSetProviderExW
CryptVerifySignatureA
QueryServiceLockStatusA
ObjectPrivilegeAuditAlarmW
LookupPrivilegeValueA
RegCreateKeyA
GetCurrentHwProfileA
RegUnLoadKeyA

shlwapi

PathFindFileNameA
wvnsprintfA
StrCmpNIW
PathStripToRootW
SHRegQueryInfoUSKeyA
SHRegGetBoolUSValueA
StrNCatW
UrlApplySchemeW
PathBuildRootA
PathRemoveFileSpecA
ColorHLSToRGB
PathAddBackslashA
StrFormatByteSizeW
PathFindExtensionW
StrRetToStrW
UrlUnescapeW
PathIsRootA
PathSearchAndQualifyA
PathUnquoteSpacesW
SHDeleteKeyA
PathIsContentTypeW
PathCreateFromUrlW
PathCompactPathA
UrlCombineA
PathCanonicalizeA
StrSpnW
PathMakePrettyW
StrCmpNIA
StrCmpIW
PathMakePrettyA
UrlGetLocationW
SHGetValueW
PathFindSuffixArrayW
StrCmpW
UrlGetLocationA
PathGetArgsA
UrlEscapeA
PathIsNetworkPathW
UrlEscapeW
StrDupA
SHEnumValueW
StrRetToBufA
PathIsFileSpecA
PathSkipRootW
SHQueryInfoKeyA
PathIsDirectoryEmptyW
PathStripPathW
PathFileExistsA
PathQuoteSpacesW
StrStrIW
PathFindSuffixArrayA
SHSkipJunction
StrChrIW
SHDeleteEmptyKeyA
PathUndecorateW
PathIsSameRootA
PathCompactPathExA
PathCanonicalizeW
SHGetThreadRef
StrFromTimeIntervalA
StrCmpNA
UrlCombineW
PathAppendA
PathGetArgsW
PathRemoveBlanksW
SHRegOpenUSKeyW
wvnsprintfW
SHRegDeleteEmptyUSKeyW
PathRemoveExtensionA
StrRChrA
PathIsUNCServerShareW
StrFormatByteSizeA
StrCSpnA
PathFindOnPathW
UrlCanonicalizeA
SHDeleteEmptyKeyW
PathStripPathA
SHRegWriteUSValueA
AssocQueryKeyW
SHIsLowMemoryMachine
SHEnumKeyExW
PathCreateFromUrlA
UrlApplySchemeA
PathGetDriveNumberA
PathMakeSystemFolderW
wnsprintfA
PathMakeSystemFolderA
PathFindExtensionA
PathSearchAndQualifyW
StrNCatA
PathAddBackslashW
PathIsSystemFolderW
StrCSpnIA
UrlCreateFromPathW
PathGetCharTypeW
PathRenameExtensionA
wnsprintfW
PathIsDirectoryW
PathFileExistsW
SHRegEnumUSValueW
PathIsLFNFileSpecA
PathIsPrefixA
UrlIsOpaqueA
StrFormatKBSizeW
PathIsUNCServerW

ole32

GetConvertStg
CreateILockBytesOnHGlobal
GetClassFile
CoCreateInstanceEx
DoDragDrop
CoCreateFreeThreadedMarshaler
OleRegEnumFormatEtc
OleRegEnumVerbs
OleRegGetMiscStatus
WriteStringStream
CoResumeClassObjects
OleQueryLinkFromData
CreatePointerMoniker
CoImpersonateClient
CoRegisterSurrogate
OleTranslateAccelerator
OleNoteObjectVisible
OleSetClipboard
OleRun
StgCreateDocfile
CoTreatAsClass
OleCreateFromFileEx
OleSaveToStream
CoInitializeSecurity
OleConvertIStorageToOLESTREAM
SetDocumentBitStg
CoGetStandardMarshal
PropVariantCopy
IsEqualGUID
OleRegGetUserType
CoGetInstanceFromFile
StgOpenStorageOnILockBytes
MkParseDisplayName
OleGetIconOfClass
CoMarshalHresult
CreateBindCtx
WriteClassStm
CoGetClassObject
WriteFmtUserTypeStg
CoFreeUnusedLibraries
OleCreateFromData
CoTaskMemRealloc
CoUninitialize
UtConvertDvtd32toDvtd16
StgSetTimes
StgCreateStorageEx
CoQueryAuthenticationServices
CoLockObjectExternal
PropVariantClear
UtGetDvtd32Info
OleCreateFromDataEx
ReleaseStgMedium
OleCreate
CoGetCurrentLogicalThreadId
CoReleaseServerProcess
StgGetIFillLockBytesOnFile
ProgIDFromCLSID
CoDisconnectObject
CoSetProxyBlanket
CoIsHandlerConnected
OleCreateLink
CoRegisterClassObject
CLSIDFromString
CoTaskMemFree
CoUnmarshalHresult
StgOpenStorage
OleLockRunning
CoMarshalInterface
CoReleaseMarshalData
CreateFileMoniker
GetDocumentBitStg
CoGetMarshalSizeMax
OleConvertOLESTREAMToIStorage
StgIsStorageFile
UtGetDvtd16Info
RegisterDragDrop
CreateObjrefMoniker
MonikerCommonPrefixWith
StgCreateDocfileOnILockBytes
CoGetCurrentProcess
CreateAntiMoniker
OleCreateLinkFromData
CoTaskMemAlloc
ReadFmtUserTypeStg
IIDFromString
UtConvertDvtd16toDvtd32
CoAddRefServerProcess
CoGetInterfaceAndReleaseStream
OleUninitialize
GetHGlobalFromStream
CoGetInstanceFromIStorage
OleConvertOLESTREAMToIStorageEx
OleLoad
CoInitialize
CoFileTimeNow
ReadOleStg
OleCreateMenuDescriptor
CreateItemMoniker
CreateOleAdviseHolder
OleLoadFromStream
OleCreateStaticFromData
StgOpenAsyncDocfileOnIFillLockBytes

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 257B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5fd74150e0e67514bcc6f769ed51c0da

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

ole32

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 257B

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 257B