3f74f529002363fa9a3a9c5c1103c3c7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3f74f529002363fa9a3a9c5c1103c3c7_JaffaCakes118
Size

196KB
MD5

3f74f529002363fa9a3a9c5c1103c3c7
SHA1

028296c4585fa8a789f538a27ba45db560a9bc1b
SHA256

8bb0235f49c3f56f31c740eaae138420dbe467d778aa95bae1543d340959f20d
SHA512

00314190f02aa6b7216b49971a7d9b5849d51c6e8291795f5fb9768257e4874db954d895750c245cbec85aa42a09cac6337827a8539cf1202cb1a202d18c04d7
SSDEEP

3072:HQIerxAAwNqN/Yijo5VgdXM54h+d/NrMoDj6bU/5bVO/fWIq450lTjz3tJGPbzwL:hkWmgik4d+40hN1DjCids/e5mAzv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f74f529002363fa9a3a9c5c1103c3c7_JaffaCakes118

Files

3f74f529002363fa9a3a9c5c1103c3c7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5e09b364732e0291871b8cd3b0cb94f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstVolumeMountPointA
FindFirstVolumeMountPointW
FlushFileBuffers
FlushInstructionCache
GetACP
GetAtomNameA
GetComputerNameA
GetComputerNameExW
GetConsoleAliasW
GetConsoleCursorInfo
GetConsoleFontSize
GetConsoleScreenBufferInfo
GetCurrencyFormatW
GetDriveTypeW
GetEnvironmentStrings
GetFileAttributesExW
GetFullPathNameA
GetLastError
GetLocalTime
GetLogicalDrives
GetModuleFileNameW
GetNumberOfConsoleInputEvents
GetPrivateProfileSectionNamesA
GetProcessPriorityBoost
GetStartupInfoA
GetStringTypeExA
GetTimeZoneInformation
GetUserDefaultLCID
GetVolumeNameForVolumeMountPointA
GlobalFree
GlobalMemoryStatus
GlobalUnlock
Heap32ListNext
Heap32Next
HeapAlloc
InterlockedExchangeAdd
InterlockedIncrement
IsBadReadPtr
EnumSystemCodePagesA
IsValidCodePage
IsValidLanguageGroup
LocalFileTimeToFileTime
MoveFileWithProgressA
MoveFileWithProgressW
MulDiv
OpenSemaphoreW
QueryDosDeviceA
RaiseException
ReadConsoleA
ReadConsoleOutputW
ResetEvent
RtlFillMemory
RtlMoveMemory
SetCalendarInfoA
SetConsoleCP
SetConsoleScreenBufferSize
SetConsoleTitleW
SetLocaleInfoW
SetProcessWorkingSetSize
SetThreadContext
SetThreadLocale
SetTimeZoneInformation
SleepEx
UpdateResourceW
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitNamedPipeA
WriteConsoleA
WriteConsoleOutputAttribute
WriteConsoleOutputCharacterW
WriteFileGather
WriteProfileSectionW
_hread
lstrcmp
lstrcpyA
EnumLanguageGroupLocalesA
EnumDateFormatsA
EnumCalendarInfoA
EnterCriticalSection
DosDateTimeToFileTime
DisableThreadLibraryCalls
DeleteVolumeMountPointA
DeleteCriticalSection
DefineDosDeviceA
CreateFileW
DebugActiveProcess
CreateNamedPipeA
CreateHardLinkW
CreateHardLinkA
CreateConsoleScreenBuffer
ClearCommError
ClearCommBreak
VirtualAlloc
GetWindowsDirectoryW
lstrlenW
lstrcpyW
IsBadStringPtrW

user32

TrackPopupMenuEx
TranslateAccelerator
UnionRect
UnloadKeyboardLayout
WaitMessage
WindowFromDC
WindowFromPoint
wvsprintfW
ToUnicodeEx
AnimateWindow
AppendMenuA
AttachThreadInput
ChangeDisplaySettingsExW
CharNextExA
CharPrevW
CharToOemW
CharUpperW
CheckDlgButton
ClipCursor
CopyRect
DdeAddData
DdeDisconnect
DdeEnableCallback
DdeUninitialize
DlgDirSelectExW
EmptyClipboard
EnableScrollBar
EnableWindow
EndDeferWindowPos
EnumClipboardFormats
EnumDesktopsA
FindWindowExW
GetClassInfoExA
GetClassLongA
GetClipboardOwner
GetCursorInfo
GetDlgItemTextW
GetGuiResources
GetInputState
GetKeyNameTextW
GetKeyState
GetKeyboardType
GetMenuItemInfoA
GetMenuState
GetMessagePos
GetParent
GetScrollInfo
GetScrollRange
GetSystemMetrics
GetTabbedTextExtentA
GetWindowContextHelpId
GrayStringA
IMPGetIMEW
IMPQueryIMEA
InsertMenuItemW
InsertMenuW
InvalidateRgn
IsCharLowerA
IsClipboardFormatAvailable
IsDialogMessageW
IsRectEmpty
LoadCursorA
LoadImageA
LoadKeyboardLayoutW
LoadMenuIndirectA
LookupIconIdFromDirectoryEx
MapWindowPoints
MessageBoxIndirectA
MessageBoxW
MonitorFromRect
NotifyWinEvent
OemToCharA
OpenClipboard
RealChildWindowFromPoint
ReleaseCapture
RemovePropA
ReplyMessage
ScrollWindow
SendDlgItemMessageW
SendIMEMessageExA
SendMessageA
SendNotifyMessageA
SetCaretPos
SetClassLongW
ToAsciiEx
SetWindowTextA
SetSysColors
SetRect
SetMessageExtraInfo
SetMenuDefaultItem
SetMenu
SetKeyboardState
SetForegroundWindow
SetCursor

comdlg32

ChooseFontA
ChooseFontW
CommDlgExtendedError
FindTextA
GetFileTitleA
GetFileTitleW
GetOpenFileNameA
GetOpenFileNameW
ChooseColorW
GetSaveFileNameW
PageSetupDlgA
PageSetupDlgW
PrintDlgA
PrintDlgExA
PrintDlgExW
ReplaceTextA
ReplaceTextW
GetSaveFileNameA
ChooseColorA

advapi32

RegOpenKeyExA

shell32

ExtractAssociatedIconW
ExtractAssociatedIconExW
ExtractAssociatedIconA
DragQueryFileW
DragFinish
DragAcceptFiles
DoEnvironmentSubstA
CheckEscapesW
ExtractIconA
WOWShellExecute
Shell_NotifyIconW
Shell_NotifyIconA
ShellExecuteExW
ShellAboutA
SHQueryRecycleBinW
SHQueryRecycleBinA
SHLoadNonloadedIconOverlayIdentifiers
SHIsFileAvailableOffline
SHInvokePrinterCommandA
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetSettings
SHGetPathFromIDList
SHGetMalloc
SHGetInstanceExplorer
SHGetIconOverlayIndexW
SHGetIconOverlayIndexA
SHGetFolderPathW
SHGetFolderPathA
SHGetFolderLocation
SHGetFileInfoA
SHGetFileInfo
SHGetDiskFreeSpaceExW
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceA
SHGetDataFromIDListW
SHFreeNameMappings
SHFormatDrive
SHFileOperationW
SHFileOperationA
SHFileOperation
SHEmptyRecycleBinA
SHCreateProcessAsUserW
SHCreateDirectoryExW
SHChangeNotify
SHBrowseForFolderA
SHBindToParent
SHAppBarMessage
SHAddToRecentDocs
FindExecutableW
FindExecutableA
ExtractIconExW
ExtractIconEx

ole32

WdtpInterfacePointer_UserFree
UtConvertDvtd32toDvtd16
UpdateDCOMSettings
StringFromIID
StringFromGUID2
StringFromCLSID
StgSetTimes
StgPropertyLengthAsVariant
StgOpenStorageOnILockBytes
StgOpenStorage
StgCreateStorageEx
SetConvertStg
STGMEDIUM_UserSize
SNB_UserSize
ReleaseStgMedium
RegisterDragDrop
ReadOleStg
ProgIDFromCLSID
OleUninitialize
OleRegEnumVerbs
OleRegEnumFormatEtc
OleQueryLinkFromData
OleMetafilePictFromIconAndLabel
OleInitialize
OleCreateLinkFromDataEx
OleCreateLinkEx
OleCreateLink
OleCreateFromFileEx
OleCreateFromDataEx
OleCreateFromData
MkParseDisplayName
IsEqualGUID
HkOleRegisterObject
HWND_UserSize
HWND_UserFree
HPALETTE_UserFree
HMENU_UserFree
HICON_UserSize
HGLOBAL_UserMarshal
HBRUSH_UserSize
HBITMAP_UserMarshal
HACCEL_UserFree
GetHGlobalFromStream
GetHGlobalFromILockBytes
GetClassFile
DoDragDrop
DllGetClassObjectWOW
CreateStreamOnHGlobal
CreateOleAdviseHolder
CreateILockBytesOnHGlobal
CreateGenericComposite
CreateDataAdviseHolder
CreateAntiMoniker
CoWaitForMultipleHandles
CoUnmarshalHresult
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoSuspendClassObjects
CoSetProxyBlanket
CoRevokeMallocSpy
CoRevokeClassObject
CoRevertToSelf
CoResumeClassObjects
CoReleaseMarshalData
CoRegisterMallocSpy
CoMarshalHresult
CoLoadLibrary
CoIsOle1Class
CoIsHandlerConnected
CoInstall
CoGetObjectContext
CoGetClassVersion
CoGetCallContext
CoFreeAllLibraries
CoDosDateTimeToFileTime
CoDisconnectObject
CoDisableCallCancellation
CoCopyProxy
CoAddRefServerProcess
CLSIDFromString
CLSIDFromProgID
CLIPFORMAT_UserFree
BindMoniker

oleaut32

VarI2FromBool
VarI1FromUI4
VarI1FromUI2
VarI1FromI4
VarI1FromDec
VarI1FromCy
VarFix
VarDecFromUI2
VarDecFromStr
VarDecFromCy
VarDecFromBool
VarDecFix
VarDateFromUI4
VarDateFromUI2
VarDateFromR4
VarDateFromI2
VarDateFromDisp
VarDateFromDec
VarCySu
VarCyRound
VarCyFromUI2
VarCyFromStr
VarCyFromR4
VarCyFromI4
VarCyFromDisp
VarCyFromDec
VarCyFromDate
VarCyFromBool
VarCyFix
VarCmp
VarBstrFromUI4
VarBstrFromUI2
VarBstrFromUI1
VarBstrFromI1
VarBoolFromUI1
VarBoolFromI4
VarBoolFromDec
VarBoolFromDate
VarAnd
VARIANT_UserSize
VARIANT_UserMarshal
SysStringLen
SysAllocStringByteLen
SafeArrayUnlock
SafeArrayGetIID
SafeArrayGetElemsize
SafeArrayDestroy
SafeArrayCreateVectorEx
SafeArrayCreateVector
SafeArrayCreateEx
SafeArrayCopyData
OleLoadPictureFileEx
OleLoadPictureFile
OleCreatePropertyFrameIndirect
OleCreatePropertyFrame
OleCreateFontIndirect
LoadTypeLibEx
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_Unmarshal
LPSAFEARRAY_Size
DispInvoke
DispCallFunc
ClearCustData
VariantTimeToSystemTime
VariantCopy
VarUI4FromR4
VarUI2FromI4
VarUI2FromDisp
VarUI2FromDate
VarUI2FromCy
VarUI1FromStr
VarUI1FromCy
VarI2FromDisp
VarI2FromR4
VarI2FromR8
VarI4FromUI4
VarIdiv
VarR4FromI1
VarR4FromI4
VarR8FromCy
VarR8FromDate
VarR8FromDec
VarR8Round
VarUI1FromDisp

shlwapi

StrChrIW
StrCmpNIA
StrCmpNIW
StrRChrA
StrRChrIA
StrRStrIA
StrRStrIW
StrStrIW
StrStrW
StrChrA

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e09b364732e0291871b8cd3b0cb94f5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 184KB - Virtual size: 184KB

.data Size: 512B - Virtual size: 188B

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 184KB - Virtual size: 184KB

.data
Size: 512B - Virtual size: 188B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 3KB - Virtual size: 2KB