56785ff5824599b4a37a9ab13c072fdc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

56785ff5824599b4a37a9ab13c072fdc_JaffaCakes118
Size

88KB
MD5

56785ff5824599b4a37a9ab13c072fdc
SHA1

3ecefe0339117bf2ca48d10c433bdc9ef6f4b6ce
SHA256

1e399f78661c4597039222e195515eba60d0d0e8f827616b1dcf35920c564d70
SHA512

7fb3f3826ce499e0235fe15f998648530d7ae1460feda7d81317f6e879bdca459d229b557b3fb13fcf6241a7f8ae496a7c6dd2f033f5a3d1d4f4708163aba825
SSDEEP

1536:L866VQdNrMDiti4E/4cQfYdbA0yTYSAskRH3zSndRyAaKBYfr0iz65ANes0GlUMZ:L86rqinG1A57EjSnvyAaQYfZm54PeB16

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56785ff5824599b4a37a9ab13c072fdc_JaffaCakes118

Files

56785ff5824599b4a37a9ab13c072fdc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

50c2088a6dd379720345153cf1e40576

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindNextComponentA
PathQuoteSpacesW
PathGetCharTypeW
PathFindExtensionW
StrCatBuffW
StrStrIA
StrToIntExW
PathSkipRootA
PathFileExistsW
PathFindExtensionA
StrStrIW
StrRetToStrW
PathAddBackslashW
ColorRGBToHLS
StrCmpNW
StrRChrA
HashData
SHSetThreadRef
PathCompactPathW
PathIsContentTypeA
SHRegOpenUSKeyW
SHRegEnumUSValueW
PathGetDriveNumberW
SHRegQueryUSValueA
PathIsUNCServerW
PathMatchSpecA
PathRemoveArgsA
PathIsFileSpecA
StrCSpnW
SHRegGetUSValueW
StrCpyW
PathIsRelativeA
PathParseIconLocationA
PathBuildRootW
PathMatchSpecW
StrCmpNA
PathStripToRootW
StrCatW
SHGetThreadRef
StrFormatKBSizeW
PathIsDirectoryEmptyA
PathCombineA
PathIsNetworkPathA
StrChrIA
PathMakePrettyW
SHRegWriteUSValueA
PathIsURLA
PathFindNextComponentW
SHEnumKeyExA
SHRegGetBoolUSValueW
GetMenuPosFromID
StrChrA
SHRegQueryInfoUSKeyW
PathFindSuffixArrayW
SHRegDeleteUSValueA
PathCommonPrefixW
StrRChrIA
PathAddBackslashA
UrlHashA
StrSpnW
StrFromTimeIntervalA
ColorHLSToRGB
PathGetDriveNumberA
StrCmpNIA
StrFormatByteSizeA
ChrCmpIW
PathRenameExtensionA
SHOpenRegStream2W
StrChrW
PathRemoveBackslashW
PathGetArgsW
StrCmpIW
StrToIntW
IntlStrEqWorkerW
StrCSpnIA
PathUnmakeSystemFolderW
StrFromTimeIntervalW
PathFileExistsA
PathRelativePathToA
PathQuoteSpacesA
PathStripPathW
SHGetInverseCMAP
SHQueryValueExW
PathCreateFromUrlA
StrCSpnA
UrlCreateFromPathA
PathIsContentTypeW
UrlIsW
SHIsLowMemoryMachine
PathStripToRootA
SHDeleteValueA
SHRegGetUSValueA
UrlCanonicalizeA
PathGetCharTypeA
wnsprintfW
SHRegEnumUSValueA
PathUnquoteSpacesA
StrDupA
PathIsUNCW
AssocQueryKeyA
SHRegQueryUSValueW
PathIsUNCServerA
PathMakeSystemFolderW
StrRetToStrA
SHDeleteKeyA
SHDeleteValueW
SHDeleteKeyW
PathIsUNCServerShareA
PathAddExtensionW
PathIsSameRootW
PathMakeSystemFolderA
PathCompactPathExW
PathIsRelativeW

user32

DdeCmpStringHandles
SwitchDesktop
UnhookWindowsHookEx
PaintDesktop
DefWindowProcA
CreateWindowStationW
VkKeyScanW
GetGuiResources
CharToOemBuffA
CountClipboardFormats
RegisterHotKey
UnhookWindowsHook
GetUserObjectInformationA
InSendMessageEx
MonitorFromWindow
GetMessageW
AppendMenuW
InvalidateRect
ChangeDisplaySettingsExW
GetCursor
CreateMDIWindowA
CopyImage
LoadBitmapW
DdeConnectList
UpdateWindow
RegisterClipboardFormatW
MapVirtualKeyExA
IsDialogMessage
GetListBoxInfo
TranslateAcceleratorA
SetClipboardViewer
CascadeWindows
DdeFreeDataHandle
DlgDirListA
FreeDDElParam
ChangeMenuA
CreateCursor
DrawFrame
GetUpdateRgn
HiliteMenuItem
MoveWindow
ChildWindowFromPoint
CallMsgFilter
SetWindowPlacement
GetMenuItemInfoW
CharPrevA
DlgDirListW
LoadAcceleratorsA
SendMessageCallbackA
OemToCharA
IsCharLowerW
MapVirtualKeyExW
LookupIconIdFromDirectoryEx
GetKeyNameTextA
GetClassLongA
SetClassWord
DispatchMessageA
WINNLSGetEnableStatus
DdeClientTransaction
RemovePropA
GetScrollInfo
CreateDialogIndirectParamW
LoadBitmapA
CallNextHookEx
ClipCursor
RegisterDeviceNotificationA
GetUserObjectSecurity
LoadCursorFromFileA
DestroyWindow
OffsetRect
GetKeyboardLayout
GetMenuState
GetScrollBarInfo
GetClipboardOwner
ShowCaret
GetWindowLongA
DrawTextW
RegisterClassExW
GrayStringA
SetScrollRange
IsZoomed
CreateIconIndirect
RealGetWindowClass
DdeSetQualityOfService
CharPrevW
SetWindowTextA
SetMenu
GetQueueStatus
GetMessagePos
EnableScrollBar
SetUserObjectSecurity
GetSystemMenu
EnumPropsExA
DrawIcon
OemKeyScan
UnregisterDeviceNotification
DestroyIcon
EndPaint
GetMessageTime
SetClipboardData
DdeAccessData
CreateWindowExW
ExcludeUpdateRgn
WaitMessage
SetUserObjectInformationW
SendIMEMessageExA
SetSystemCursor
DialogBoxParamW
LoadMenuIndirectA
GetClassInfoW
DdeGetData
GetWindowLongW
CopyAcceleratorTableW
ValidateRgn
GetWindowTextLengthA
GetMenuBarInfo
ChangeClipboardChain
TrackMouseEvent
DdeFreeStringHandle
CascadeChildWindows
GetProcessDefaultLayout
GetMenuItemInfoA
RegisterClipboardFormatA
WinHelpA
UnhookWinEvent
SetWindowWord
ModifyMenuW
ValidateRect
GetDlgCtrlID
DdeImpersonateClient
CreateMenu
DrawStateW
ShowOwnedPopups
BringWindowToTop
SetParent
CharUpperBuffA
GetDialogBaseUnits
WINNLSGetIMEHotkey
GetMenuItemID

ole32

CoGetCallerTID
WriteStringStream
StgCreateDocfileOnILockBytes
OleCreateFromFileEx
RegisterDragDrop
OleSave
CoFreeAllLibraries
OleLoadFromStream
OleCreateStaticFromData
OleDuplicateData
OleCreateLinkFromDataEx
ReadClassStg
CoImpersonateClient
CoGetClassObject
OleRegGetUserType
CoTreatAsClass
OleTranslateAccelerator
CoRevokeClassObject
StgCreateDocfile
OleCreateFromDataEx
CoUnmarshalHresult
OleRegGetMiscStatus
OleLoad
CoMarshalInterface
CoReleaseServerProcess
CreateILockBytesOnHGlobal
StringFromCLSID
FreePropVariantArray
OleCreateLinkToFileEx
CoGetStandardMarshal
CoFileTimeNow
CreateItemMoniker
CoGetObject
OleGetClipboard
CoDosDateTimeToFileTime
OleGetIconOfClass
WriteOleStg
OleRun
CoRegisterSurrogate
CoSwitchCallContext
CoQueryProxyBlanket
CreateStreamOnHGlobal
OleBuildVersion
OleRegEnumVerbs
CoTaskMemFree
ReadFmtUserTypeStg
OleSetAutoConvert
OleCreateMenuDescriptor
SetConvertStg
CoGetMalloc
OleConvertIStorageToOLESTREAM
CoInitializeSecurity
CoRegisterMessageFilter
UtGetDvtd16Info
StgCreateStorageEx
GetConvertStg
CoFreeLibrary
OleSetContainedObject
CoGetMarshalSizeMax
StgOpenStorageEx
OleQueryCreateFromData
CoSetProxyBlanket
WriteClassStm
CoDisconnectObject
CoLockObjectExternal
CoInitialize
StgIsStorageFile
StgIsStorageILockBytes
StringFromGUID2
OleConvertOLESTREAMToIStorageEx
CoGetCurrentProcess
StgGetIFillLockBytesOnFile
IIDFromString
CoGetInstanceFromFile
OleSaveToStream
CoRegisterClassObject
StgOpenStorage
OleLockRunning
CreateDataAdviseHolder
CoIsHandlerConnected
CreateClassMoniker
CoCreateInstance
WriteFmtUserTypeStg
SetDocumentBitStg
CoGetInstanceFromIStorage
WriteClassStg
CoReleaseMarshalData
CoQueryClientBlanket
OleCreateLinkEx
OleCreate
OleGetAutoConvert
MonikerRelativePathTo
PropVariantCopy

advapi32

QueryServiceConfigA
CryptGetUserKey
CryptSetKeyParam
BuildImpersonateTrusteeA
GetSidIdentifierAuthority
CryptHashData
RegEnumKeyW
EnumServicesStatusW
GetMultipleTrusteeOperationW
GetServiceKeyNameA
RegLoadKeyW
CryptEnumProviderTypesA
CryptSetProviderA
GetSecurityDescriptorControl
CryptCreateHash
EqualPrefixSid
RegReplaceKeyA
AllocateLocallyUniqueId
RegEnumValueW
RegRestoreKeyA
GetNumberOfEventLogRecords
SetSecurityDescriptorOwner
GetSecurityDescriptorOwner
GetAuditedPermissionsFromAclA
RegCreateKeyW
GetCurrentHwProfileA
GetSecurityDescriptorSacl
RegDeleteValueW
OpenEventLogA
SetServiceBits
InitializeAcl
GetPrivateObjectSecurity
GetSecurityDescriptorLength
AdjustTokenGroups
CryptDuplicateHash
SetServiceObjectSecurity
LookupSecurityDescriptorPartsA
ClearEventLogW
EqualSid
EnumServicesStatusA
SetEntriesInAccessListW
SetEntriesInAclA
RegUnLoadKeyA
GetAce
CryptHashSessionKey
SetEntriesInAuditListW
CreateServiceA
GetFileSecurityA
PrivilegedServiceAuditAlarmA
RegSaveKeyW
SetSecurityInfo
LookupPrivilegeValueA
CryptGetKeyParam
CloseEventLog
BuildImpersonateTrusteeW
RegQueryValueExA
GetExplicitEntriesFromAclW
GetMultipleTrusteeOperationA
DeregisterEventSource
AllocateAndInitializeSid
CryptGetDefaultProviderA
CryptDestroyKey
QueryServiceConfigW
NotifyChangeEventLog
SetSecurityInfoExW
ConvertAccessToSecurityDescriptorA
GetServiceKeyNameW
SetSecurityDescriptorSacl
LookupAccountSidW
GetAuditedPermissionsFromAclW
CryptVerifySignatureW
CryptEnumProvidersW
BuildTrusteeWithNameW
GetServiceDisplayNameW
RegCloseKey
LookupPrivilegeNameA
OpenEventLogW
MakeSelfRelativeSD
MapGenericMask
BuildTrusteeWithSidW
RegRestoreKeyW
CryptEnumProviderTypesW
AddAccessDeniedAce
ChangeServiceConfigA
ObjectPrivilegeAuditAlarmW
ObjectOpenAuditAlarmW
RegQueryMultipleValuesW
SetSecurityDescriptorDacl
NotifyBootConfigStatus
RegOpenKeyW
EnumDependentServicesW
FreeSid
GetOldestEventLogRecord
RegDeleteKeyW
CryptExportKey
SetSecurityDescriptorGroup
OpenThreadToken
GetAccessPermissionsForObjectW
IsValidSid
BuildTrusteeWithNameA
GetSecurityDescriptorGroup
ObjectCloseAuditAlarmW
QueryServiceLockStatusA
GetSecurityDescriptorDacl
CryptAcquireContextW
RegisterEventSourceW
AreAllAccessesGranted
BuildSecurityDescriptorA
GetAclInformation
CryptReleaseContext
RegGetKeySecurity
RegEnumKeyA
OpenSCManagerW
CryptGenKey
StartServiceW
GetTokenInformation
RegSetValueA
GetTrusteeTypeA
StartServiceA
ObjectPrivilegeAuditAlarmA

kernel32

GlobalAddAtomW
SetProcessAffinityMask
GlobalFix
LoadLibraryW
GetModuleHandleW
GetTimeFormatW
FileTimeToSystemTime
CompareStringA
GlobalAddAtomA
GetPriorityClass
CancelWaitableTimer
GetProfileStringW
FatalExit
ReadConsoleA
GetCommState
FillConsoleOutputCharacterW
CreateMailslotW
GetVolumeInformationA
FreeResource
SetFileTime
ResumeThread
GetTapeParameters
UnhandledExceptionFilter
SwitchToThread
RaiseException
ReadConsoleOutputCharacterW
GetConsoleTitleW
GetSystemPowerStatus
IsBadStringPtrW
DisconnectNamedPipe
GlobalHandle
VirtualProtect
GetProcessAffinityMask
MoveFileExW
GetCPInfoExA
UnlockFileEx
DebugActiveProcess
DeleteFileA
OpenFileMappingA
PeekNamedPipe
BuildCommDCBA
FreeEnvironmentStringsW
GetCurrentProcess
GetSystemTimeAdjustment
OpenMutexW
FreeEnvironmentStringsA
PrepareTape
GetVolumeInformationW
FindCloseChangeNotification
GetCPInfoExW
EnumSystemLocalesW
WritePrivateProfileStructA
SetCommState
GlobalFindAtomW
SetSystemPowerState
GetPrivateProfileSectionNamesA
SetUnhandledExceptionFilter
GetNamedPipeHandleStateW
CallNamedPipeA
ResetEvent
CreateEventW
GetEnvironmentStrings
GetStringTypeExA
GetCurrentThreadId
SetMailslotInfo
CreatePipe
LocalAlloc
CreateWaitableTimerA
GetModuleHandleA
SetFileApisToANSI
WriteFile
EscapeCommFunction
GetBinaryTypeA
lstrcpyW
LocalShrink
WaitNamedPipeA
GetCompressedFileSizeW
CreateDirectoryA
SetWaitableTimer
GetFileInformationByHandle
VirtualLock
SetVolumeLabelA
SetCalendarInfoW
IsBadCodePtr
SetFileAttributesA
ReleaseMutex
OpenSemaphoreW
FatalAppExitW
OpenEventA
SetLocalTime
FindResourceW
SetCurrentDirectoryA
GetFullPathNameA
GetNumberOfConsoleMouseButtons
GetConsoleScreenBufferInfo
GetProcessVersion
CreateDirectoryW
CompareStringW
SetTimeZoneInformation
SetPriorityClass
SetConsoleTitleW
GetWindowsDirectoryA
DefineDosDeviceW
lstrcmpiA
CreateFileMappingW
Thread32Next
SetCurrentDirectoryW
InitAtomTable
SetComputerNameA
WriteConsoleOutputAttribute
lstrcmpW
FindNextChangeNotification
CopyFileW
OpenEventW
ScrollConsoleScreenBufferA
GetUserDefaultLangID
VirtualUnlock
GetMailslotInfo
EnumResourceTypesW
EnumDateFormatsA
GetTapePosition
SetThreadIdealProcessor
SetConsoleActiveScreenBuffer
GetOEMCP
LockResource
lstrlenW
lstrcatA
GlobalMemoryStatus
GetStringTypeW
GetDiskFreeSpaceA
VirtualAlloc
GetThreadPriority
LockFile
GlobalFlags
MulDiv
GetCurrentProcessId
CreateToolhelp32Snapshot
HeapDestroy
GetPrivateProfileIntW

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

50c2088a6dd379720345153cf1e40576

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

ole32

advapi32

kernel32

Sections

.text Size: 69KB - Virtual size: 69KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 4KB

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 4KB