f59731130ec83f0ede2443e4f92b8c49_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f59731130ec83f0ede2443e4f92b8c49_JaffaCakes118
Size

858KB
MD5

f59731130ec83f0ede2443e4f92b8c49
SHA1

d795dfa23bb04685fc9c0b2343223985e2ed3f75
SHA256

f8b85592c4df58b2a95cf4a6f9703dc907e8d5e8f51cb2565b9e7aa5d6b21443
SHA512

3b30c855069c958f0cbe8946a8d884914f6b93eef507da1a104993b7230b910ce85c44e5b688c95a8c05d4cdc1ab6ca9732900757be1951fc5d47b4fedc674f2
SSDEEP

24576:TutToO0EsaC2zDW2cW432wllBxKoXUNXzXPsusX21xL:uQEzvqllXKoXizfsuL1xL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f59731130ec83f0ede2443e4f92b8c49_JaffaCakes118

Files

f59731130ec83f0ede2443e4f92b8c49_JaffaCakes118
.exe windows:5 windows x86 arch:x86

84c048713e9ac767e4c590ebb712de56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSSendMessageA
WTSQueryUserToken
WTSQueryUserConfigW
WTSSendMessageW
WTSWaitSystemEvent
WTSVirtualChannelOpen
WTSEnumerateSessionsA
WTSCloseServer
WTSShutdownSystem
WTSEnumerateServersW
WTSRegisterSessionNotification
WTSVirtualChannelPurgeOutput
WTSEnumerateProcessesW
WTSTerminateProcess
WTSVirtualChannelPurgeInput
WTSDisconnectSession
WTSEnumerateProcessesA
WTSEnumerateServersA
WTSOpenServerA
WTSSetSessionInformationA
WTSVirtualChannelRead
WTSFreeMemory
WTSSetSessionInformationW
WTSSetUserConfigW
WTSQuerySessionInformationW
WTSVirtualChannelQuery
WTSQuerySessionInformationA
WTSSetUserConfigA
WTSQueryUserConfigA
WTSVirtualChannelClose
WTSEnumerateSessionsW
WTSLogoffSession
WTSVirtualChannelWrite
WTSUnRegisterSessionNotification
WTSOpenServerW

kernel32

EnumCalendarInfoW
GlobalLock
WriteConsoleOutputCharacterA
GetConsoleCP
GetPrivateProfileStringA
GetCurrentConsoleFont
VirtualAlloc
UTRegister
SetCurrentDirectoryA
SetLocaleInfoW
OpenJobObjectW
GetUserDefaultLCID
VirtualLock
LZStart
GetCurrentProcess
FindFirstVolumeMountPointW
CmdBatNotification
EscapeCommFunction
CreateFileMappingW
IsBadHugeWritePtr
IsBadStringPtrW
GetFirmwareEnvironmentVariableW
PurgeComm
GetFileSizeEx
FatalExit
GetVDMCurrentDirectories
SetFileAttributesA
GetConsoleSelectionInfo
GetVersion
CreateDirectoryExW
GetPrivateProfileStringW
EnumSystemLocalesW
PrepareTape
SetCommTimeouts
lstrcmpi
GetVolumeInformationW
EnumCalendarInfoA
GetDevicePowerState
DeleteTimerQueueTimer
QueryPerformanceCounter
GlobalFindAtomA
SetLastConsoleEventActive
IsBadCodePtr
ResetEvent
RegisterWowExec
WriteConsoleOutputCharacterW
LZCopy
CreateNamedPipeA
_lwrite
SetConsoleFont
HeapFree
LCMapStringW
SetThreadUILanguage
GetConsoleScreenBufferInfo
GetFileInformationByHandle
GetSystemWow64DirectoryW
SetMailslotInfo
ConvertDefaultLocale
GetConsoleAliasesA
SetConsoleOutputCP
GetNumberFormatW
SearchPathA
RegisterConsoleIME
CallNamedPipeW
RemoveLocalAlternateComputerNameW
GetNamedPipeInfo
GetStdHandle
GetModuleFileNameA
WriteConsoleA
LoadLibraryA
FindVolumeClose
OpenJobObjectA
WriteProcessMemory
InitializeSListHead
_hwrite
GetNumaProcessorNode
SetConsoleMaximumWindowSize
CreateMemoryResourceNotification
GetEnvironmentStringsW
FindNextVolumeA
AddConsoleAliasA
TerminateJobObject
QueryDosDeviceA
GetNamedPipeHandleStateA
PeekNamedPipe
GetProfileSectionW
WritePrivateProfileStructW
GetOEMCP
FindNextVolumeW
FindNextChangeNotification

mapi32

MAPIOpenFormMgr@8
OpenStreamOnFile
UFromSz@4
RTFSync@12
UNKOBJ_FreeRows@8
HrDecomposeEID@28
UNKOBJ_ScCOAllocate@12
BMAPIDetails
ScCountNotifications@12
FBadRglpszW@8
FtNegFt@8
DeregisterIdleRoutine@4
MAPIAllocateMore@12
SwapPword@8
ScInitMapiUtil@4
FtMulDwDw@8
ScUNCFromLocalPath@12
FtAdcFt@20
OpenStreamOnFile@24
MAPIOpenLocalFormContainer@4
HrComposeMsgID@24
cmc_logoff
UNKOBJ_COFree@8
FtSubFt@16
WrapProgress@20
FDecodeID@12
HrSetOmiProvidersFlagsInvalid
MAPIUninitialize
UlAddRef@4
HrIStorageFromStream@16
cmc_query_configuration
BMAPIAddress
ScCopyNotifications@16

mfcsubs

?ConcatInPlace@CString@@IAEXHPBG@Z
?FreeDataChain@CPlex@@QAEXXZ
?Lookup@CMapStringToPtr@@QBEHPBGAAPAX@Z
??9@YG_NPBGABVCString@@@Z
?InsertAt@CStringArray@@QAEXHPBGH@Z
?Find@CString@@QBEHPBG@Z
?InsertAt@CStringArray@@QAEXHPAV1@@Z
?FreeExtra@CStringArray@@QAEXXZ
?Right@CString@@QBE?AV1@H@Z
??9@YG_NABVCString@@PBG@Z
?Lock@CSyncObject@@UAEHK@Z
?AllocBuffer@CString@@IAEXH@Z
?TrimRight@CString@@QAEXXZ
??M@YG_NPBGABVCString@@@Z
?SetAt@CMapStringToPtr@@QAEXPBGPAX@Z
??H@YG?AVCString@@ABV0@G@Z
?GetCount@CMapStringToPtr@@QBEHXZ
??H@YG?AVCString@@GABV0@@Z
??9@YG_NABVCString@@0@Z
?Empty@CString@@QAEXXZ
?MakeLower@CString@@QAEXXZ
?GetData@CStringArray@@QBEPBVCString@@XZ
?GetHashTableSize@CMapStringToPtr@@QBEIXZ
?ReverseFind@CString@@QBEHG@Z
?GetAllocLength@CString@@QBEHXZ
??0CString@@QAE@PBD@Z
?SpanIncluding@CString@@QBE?AV1@PBG@Z
?Left@CString@@QBE?AV1@H@Z
??8@YG_NABVCString@@PBG@Z
?Format@CString@@QAAXIZZ
?SpanExcluding@CString@@QBE?AV1@PBG@Z
?Append@CStringArray@@QAEHABV1@@Z
??P@YG_NPBGABVCString@@@Z
?InitHashTable@CMapStringToPtr@@QAEXIH@Z

icm32

CMCreateProfile
CMCreateTransform
CMCreateTransformW
CMCreateTransformExtW
CMDeleteTransform
CMCreateProfileW
CMGetNamedProfileInfo
CMCheckColors
CMCheckColorsInGamut
CMCreateTransformExt
CMTranslateRGBs
CMTranslateRGBsExt
CMConvertColorNameToIndex
CMCreateDeviceLinkProfile
CMIsProfileValid
CMTranslateRGB
CMCreateMultiProfileTransform
CMTranslateColors
CMGetInfo
CMCheckRGBs
CMConvertIndexToColorName

Sections

.text
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 321KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84c048713e9ac767e4c590ebb712de56

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

kernel32

mapi32

mfcsubs

icm32

Sections

.text Size: 362KB - Virtual size: 362KB

.rdata Size: 171KB - Virtual size: 171KB

.data Size: 321KB - Virtual size: 1.7MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 362KB - Virtual size: 362KB

.rdata
Size: 171KB - Virtual size: 171KB

.data
Size: 321KB - Virtual size: 1.7MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B