40564b8c00c3582317ed032b5d3c584d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40564b8c00c3582317ed032b5d3c584d_JaffaCakes118
Size

189KB
MD5

40564b8c00c3582317ed032b5d3c584d
SHA1

202d1df2bf216b1c6f7254de0f714f16d2018640
SHA256

eeba4e0929277fadd3efb43a49b63cc7b089ced8236362e8204a3944178ff237
SHA512

c8053a7e83593c38796a825e406f6e925b1ec4d07acdb07b08382c95ea2ee0cca058d3504aeb49c651f1bc1b5e7d47b749ea82e02de996e6ed45cf31b3f504ab
SSDEEP

3072:8zrdrrALQJIl+nqX2kME52vxPVxapoC5u7e4sNMZ/wOOiK8V5yWH96OQR8dBpDk7:URrM2gZX2kMypoC54sNMtRK8V5hHQRLJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40564b8c00c3582317ed032b5d3c584d_JaffaCakes118

Files

40564b8c00c3582317ed032b5d3c584d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

da54437dc72ed8f43c2632c81f14563e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcBindingFromStringBindingW
RpcRaiseException
RpcStringBindingComposeW
NdrDllRegisterProxy
CStdStubBuffer_Disconnect
RpcEpResolveBinding
NdrCStdStubBuffer_Release
NdrServerCall2
UuidFromStringW
NdrStubCall2
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
NdrStubForwardingFunction
RpcStringFreeA
CStdStubBuffer_DebugServerRelease
NdrDllCanUnloadNow
RpcServerInqBindings
RpcImpersonateClient
CStdStubBuffer_CountRefs
RpcRevertToSelf
RpcStringBindingParseW
RpcServerRegisterAuthInfoW
RpcServerUseProtseqEpW
CStdStubBuffer_Connect
UuidToStringA
RpcBindingSetAuthInfoW
RpcBindingFree

user32

GetSysColor
DispatchMessageA
PostMessageW
SetForegroundWindow
GetDlgItem
CreateWindowExW
GetMessageA
TrackPopupMenu
EqualRect
EndPaint
GetParent
LoadCursorA
CheckRadioButton
DialogBoxParamW
GetAsyncKeyState
CharUpperW
GetDesktopWindow
GetWindowPlacement
IsRectEmpty
IsWindowEnabled
ReleaseDC
SystemParametersInfoW
ExitWindowsEx
IsDlgButtonChecked
LoadCursorW
EndDialog
FillRect
DispatchMessageW
EnableMenuItem
DestroyWindow
LoadStringA
GetKeyState
GetWindow
MoveWindow
GetSystemMetrics
PeekMessageW
CreatePopupMenu
CharNextA
DialogBoxParamA
GetWindowLongA
RegisterClassExW
FindWindowA
PtInRect
CallWindowProcW
wsprintfW
PostQuitMessage
IsChild
GetClientRect
RegisterClassExA
GetCursorPos
GetSystemMenu
RegisterClassW
RegisterWindowMessageW
DrawIcon
RegisterClipboardFormatW
LoadImageW
LoadStringW
CallWindowProcA
UnregisterClassA
UnhookWindowsHookEx
SetDlgItemTextA

comdlg32

PrintDlgA
PageSetupDlgA
GetSaveFileNameA
ChooseFontW
ChooseColorA
GetFileTitleA
FindTextW
PrintDlgExW
ChooseColorW
CommDlgExtendedError
PrintDlgW
GetOpenFileNameA
GetSaveFileNameW
GetFileTitleW
ChooseFontA
GetOpenFileNameW
PageSetupDlgW
FindTextA

advapi32

RegDeleteKeyW
IsValidSid
RegQueryInfoKeyW
RegisterTraceGuidsW
AdjustTokenPrivileges
UnlockServiceDatabase
RegQueryValueExA
LsaFreeMemory
SetSecurityDescriptorOwner
RegOpenKeyW
RegEnumKeyA
CheckTokenMembership
RegDeleteValueA
RevertToSelf
SetSecurityDescriptorGroup
CopySid
RegQueryValueA
FreeSid
RegQueryValueW
OpenSCManagerA
GetTraceLoggerHandle
GetAce
RegSetValueExA
CryptCreateHash
InitializeAcl
GetTraceEnableLevel
GetUserNameA
ChangeServiceConfigW
LookupAccountNameW
GetSecurityDescriptorDacl
RegOpenKeyA
CryptHashData
SetFileSecurityW
GetAclInformation
LookupPrivilegeValueW
RegEnumKeyW
RegOpenKeyExW
RegEnumKeyExA
ReportEventW
SetSecurityDescriptorDacl
SetThreadToken
OpenSCManagerW
RegCloseKey
LsaClose
RegDeleteValueW
QueryServiceStatus
CryptGenRandom
RegEnumValueW
AllocateAndInitializeSid
RegDeleteKeyA
CryptAcquireContextA
CryptDestroyKey
LsaOpenPolicy
SetEntriesInAclW
AddAccessAllowedAce
RegCreateKeyExW
RegisterEventSourceW
RegOpenKeyExA
EqualSid

gdi32

LPtoDP
CreateSolidBrush
SetBrushOrgEx
GetTextExtentPoint32A
Polyline
GetTextMetricsW
IntersectClipRect
EndPage
CreateFontIndirectA
GetPixel
SetViewportOrgEx
GetObjectA
GetTextExtentPointA
GetStockObject
RealizePalette
CreateFontA
TextOutA
StretchBlt
GetGlyphOutlineA
DeleteMetaFile
GetBkMode
GetTextMetricsA
GetTextColor
SetPixel
SetMapMode
RestoreDC
Escape
SetBkMode
CreateCompatibleBitmap
SetStretchBltMode
GetClipBox
SetWindowOrgEx
CreateMetaFileW
Rectangle
LineTo
GetTextExtentPoint32W
DPtoLP
Ellipse
ExtTextOutA
OffsetRgn
GetBitmapBits
ExtSelectClipRgn
SetROP2
CreateRectRgnIndirect
GetMapMode
DeleteObject
ExtTextOutW
CreateDCW
GetCurrentObject
SetViewportExtEx
ScaleWindowExtEx
CreateHalftonePalette
CombineRgn
GetClipRgn
CreatePalette
SetTextColor
CreateCompatibleDC
CreateBrushIndirect
SelectClipRgn
DeleteDC

shell32

SHBindToParent
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHBrowseForFolderA
ShellExecuteExW
SHFileOperationW
SHGetMalloc
SHGetDesktopFolder
CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetFolderPathW
ShellExecuteA
DragQueryFileW
SHGetPathFromIDListA
SHBrowseForFolderW
SHGetFileInfoW
DragQueryFileA
ShellExecuteW

shlwapi

PathRemoveFileSpecA
PathIsUNCW
SHDeleteValueA
StrRetToBufW
StrCatBuffW
SHGetValueW
PathIsRootW
PathFindExtensionA
SHDeleteValueW
PathCreateFromUrlW
PathSkipRootW
StrRChrW
SHStrDupW
PathAppendA
SHRegGetBoolUSValueW
StrCmpNIW
StrStrW
PathRemoveBackslashW
PathFindExtensionW
StrCmpNW
StrStrIA
PathAppendW
StrCpyW
UrlCanonicalizeW
StrCpyNW
StrCmpNIA
PathStripToRootA
StrCmpIW
StrToIntW
StrToIntExW
StrDupW
SHDeleteKeyW
PathRemoveFileSpecW
AssocQueryStringW
PathFindFileNameW
PathGetDriveNumberW
PathIsURLW
StrCatW
wnsprintfW
PathCombineW
SHSetValueW
StrStrIW
PathRemoveBlanksW
PathIsDirectoryW
PathFileExistsW
UrlUnescapeW
StrChrIW
UrlIsW
StrChrW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
CreatePropertySheetPageW
PropertySheetA
InitCommonControlsEx
PropertySheetW
InitCommonControls
ImageList_Create
ImageList_Draw

ole32

CoMarshalInterface
ReleaseStgMedium
CoInitializeEx
CoTaskMemRealloc
CoCreateGuid
OleSaveToStream
StgIsStorageFile
CLSIDFromString
CoImpersonateClient
CoGetMalloc
StringFromCLSID
OleUninitialize
CoGetObjectContext
OleLoadFromStream
WriteClassStm
CoUninitialize
CoGetClassObject
CoRevertToSelf
CreateOleAdviseHolder
CreateILockBytesOnHGlobal
CreateItemMoniker
CoRegisterClassObject
CoMarshalInterThreadInterfaceInStream
CoCreateFreeThreadedMarshaler
ProgIDFromCLSID
CoFreeUnusedLibraries
PropVariantCopy
OleInitialize
GetRunningObjectTable
CoInitialize
CoSetProxyBlanket
StgCreateDocfile
OleRegEnumVerbs
CLSIDFromProgID
StringFromIID
OleRegGetMiscStatus
PropVariantClear
CoReleaseMarshalData
CoTaskMemAlloc
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemFree
StgCreateDocfileOnILockBytes
CoGetInterfaceAndReleaseStream
StringFromGUID2
CoInitializeSecurity
IIDFromString
CoUnmarshalInterface
CreateDataAdviseHolder

kernel32

GetStringTypeA
TlsFree
InitializeCriticalSectionAndSpinCount
GetExitCodeThread
SetFilePointer
GetFileAttributesA
GlobalUnlock
SetLastError
GetLastError
GetStdHandle
GetDriveTypeW
LCMapStringA
FileTimeToLocalFileTime
GetStringTypeW
lstrcatW
GetModuleFileNameA
CreateProcessA
InterlockedDecrement
LoadLibraryExA
GetSystemInfo
GetSystemTime
CancelIo
RtlUnwind
GetEnvironmentStrings
DeleteCriticalSection
CreateFileMappingA
GetCurrentProcessId
CompareStringW
LoadResource
CreateMutexA
GetProcessHeap
TlsSetValue
FindResourceW
FindResourceA
FreeEnvironmentStringsW
GetUserDefaultLCID
GetSystemDirectoryW
LockResource
GetWindowsDirectoryA
lstrcpyW
GetSystemTimeAsFileTime
GetSystemDirectoryA
GetCurrentThreadId
ResumeThread
GetWindowsDirectoryW
VirtualProtect
SetEndOfFile
Sleep
WriteConsoleW
GetStartupInfoA
lstrcatA
GetEnvironmentStringsW
GetFileType
SetEvent
CreateEventA
UnhandledExceptionFilter
CreateDirectoryA
ReadFile
CreateFileMappingW
IsBadWritePtr
LCMapStringW
CreateThread
SetFileAttributesW
MulDiv
IsDebuggerPresent
lstrlenW
HeapAlloc
GetConsoleMode
GetVersion
ExitProcess
GetOEMCP
GlobalLock
HeapReAlloc
VirtualAlloc
CloseHandle
UnmapViewOfFile
lstrcmpW
GetVersionExW
IsBadReadPtr
LocalAlloc
HeapSize
InterlockedIncrement
MultiByteToWideChar
FlushFileBuffers
OutputDebugStringW
GetComputerNameW
SetErrorMode
OpenMutexW
WaitForSingleObject
OpenEventA
FindFirstFileA

version

VerFindFileW
VerQueryValueA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
VerLanguageNameA
GetFileVersionInfoSizeW

oleaut32

VariantCopyInd
GetActiveObject
SetErrorInfo
SysFreeString
VariantCopy
SysAllocStringLen
SafeArrayCreate
VariantInit
SysReAllocStringLen
SafeArrayGetElement
SysStringByteLen
SysStringLen
OleLoadPicture
SafeArrayPtrOfIndex
SafeArrayPutElement
SysAllocStringByteLen
CreateErrorInfo
SafeArrayGetUBound
VariantClear
VariantChangeTypeEx
RegisterTypeLib
SafeArrayUnaccessData
LoadTypeLib
GetErrorInfo
SafeArrayGetLBound
SafeArrayAccessData
VariantChangeType

msvcrt

realloc
_strlwr
wcstol
_vsnwprintf
_wfopen
strtok
sprintf
_errno
towlower
_ftol
sscanf
bsearch
_except_handler3
qsort
_CIsqrt
_wsplitpath
exit
strchr
wcscspn
wcsrchr
_unlock
_wcslwr
wcscat
memmove
_snwprintf
swprintf
__set_app_type
__CxxFrameHandler
_initterm
tolower
_wcsnicmp
_beginthreadex
strstr
_strnicmp
_ltow
_fileno
isdigit
wcsncmp
_wtol
ceil
iswctype
iswdigit
_adjust_fdiv
strtoul
fseek
wcscmp
_ultoa
swscanf
__badioinfo
strrchr
_acmdln
__pioinfo
_lseeki64
_isatty
isleadbyte

Sections

.tls
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da54437dc72ed8f43c2632c81f14563e

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

user32

comdlg32

advapi32

gdi32

shell32

shlwapi

comctl32

ole32

kernel32

version

oleaut32

msvcrt

Sections

.tls Size: 56KB - Virtual size: 55KB

.text Size: 130KB - Virtual size: 129KB

.rsrc Size: 1KB - Virtual size: 1KB

.tls
Size: 56KB - Virtual size: 55KB

.text
Size: 130KB - Virtual size: 129KB

.rsrc
Size: 1KB - Virtual size: 1KB