eb98fb94d48e02214b5b63e1f2340abb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eb98fb94d48e02214b5b63e1f2340abb_JaffaCakes118
Size

83KB
MD5

eb98fb94d48e02214b5b63e1f2340abb
SHA1

83bc4c4992f558d864b0456ec4254835fafea709
SHA256

ea6801120b5b2f13ae2dc30366547529d8c7b998721b263ba1e5adbed12f23ab
SHA512

445b1754aca4c8281651ef5d3920cfc8abdbe245176de763d1ac8f65af2ee18a247228a0ff807f2e889717b313189c04a34822f18f0098970ed81028a4fc88c6
SSDEEP

1536:j5O4TSNQa/6CDm6+wxZVdiX/PlwAuOzZqQdnrDG5OvNUHmv2VRkpdBtwV9gJ:8//3Dm6+OtYP5uAqYnri5WKBVipdvj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb98fb94d48e02214b5b63e1f2340abb_JaffaCakes118

Files

eb98fb94d48e02214b5b63e1f2340abb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

03fa310e97cb5b1f514d90f948384975

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapi32

ScCreateConversationIndex@16
FtAddFt@16
MAPIInitIdle@4
cmc_list
MAPISaveMail
ScCountProps@12
FBadRglpszW@8
FBinFromHex@8
FBadPropTag@4
FDecodeID@12
ScCopyProps@16
HrValidateParameters@8
cmc_send_documents
HrAllocAdviseSink@12
GetOutlookVersion@0
cmc_free
UNKOBJ_ScCOAllocate@12
FtSubFt@16

kernel32

GetConsoleFontSize
CloseHandle
GetStartupInfoA
VirtualAlloc
RemoveLocalAlternateComputerNameA
CreateJobObjectW
GetModuleHandleW
GetCurrentProcessId
GetTickCount
OutputDebugStringA
LoadLibraryA
GetCurrentThreadId
FindCloseChangeNotification
GetProcessIoCounters
ConsoleMenuControl
InterlockedDecrement
SetCommBreak
GetSystemTimeAsFileTime
QueryPerformanceCounter
_llseek
FindNextVolumeMountPointA

winmm

midiInReset
mmioAscend
midiOutPrepareHeader
mmTaskYield
midiOutCacheDrumPatches
DefDriverProc
mciGetDeviceIDFromElementIDA
auxSetVolume
waveOutWrite
midiInStop
mmioAdvance
midiInMessage
midiInGetDevCapsA
auxGetVolume
mciGetDriverData
midiOutMessage
mmioSetInfo

winsta

WinStationEnumerateA
WinStationReset
ServerLicensingGetPolicy
ServerQueryInetConnectorInformationW
WinStationGenerateLicense
ServerLicensingSetPolicy
WinStationShadow
WinStationGetLanAdapterNameA
WinStationSetInformationW
WinStationGetAllProcesses
ServerLicensingFreePolicyInformation

uxtheme

GetThemeSysSize
GetThemeString
GetThemeFont
EnableTheming
GetThemePropertyOrigin
GetThemeIntList
SetWindowTheme
OpenThemeData
GetThemePosition
GetThemeAppProperties
GetThemeBackgroundContentRect
DrawThemeEdge
GetThemeFilename
GetThemeBackgroundExtent
GetThemeSysString

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03fa310e97cb5b1f514d90f948384975

Headers

DLL Characteristics

File Characteristics

Imports

mapi32

kernel32

winmm

winsta

uxtheme

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 20KB - Virtual size: 27KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 252B

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 20KB - Virtual size: 27KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 252B