478e6a8bbb16738fbdd15369ec4b2051_JaffaCakes118

General

Target

478e6a8bbb16738fbdd15369ec4b2051_JaffaCakes118
Size

558KB
MD5

478e6a8bbb16738fbdd15369ec4b2051
SHA1

c1526a9035c537995603fb1c9cb581af3b8e5bff
SHA256

20c0901840f5c5fcb522b756f1dbc2951308520912f9ff474843d00fad2bad99
SHA512

e21bd05c6776321506cd61ba8c09802ae9c5e492cb3c983b01aeaa42ce1ac926adba9f0010d9aa1dc81d87d1c9abb72fba0e9dccbf3948a3eb53dc32188d1f64
SSDEEP

12288:buhB/VygOATOipnNECNRRtDyLS8X1s7deRVqZ:buhBdygOAKipGC/RteLS8yp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
478e6a8bbb16738fbdd15369ec4b2051_JaffaCakes118

Files

478e6a8bbb16738fbdd15369ec4b2051_JaffaCakes118
.exe windows:4 windows x86 arch:x86

83e800c7435eede238b3f257c5bc5ab4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mapi32

BMAPIAddress
BMAPIAddress
BMAPIDetails
BMAPIFindNext
BMAPIGetAddress
BMAPIGetReadMail
BMAPIReadMail
BMAPIResolveName
BMAPISaveMail
BMAPISendMail
BuildDisplayTable@40
CbOfEncoded@4
CchOfEncoding@4
ChangeIdleRoutine@28
CloseIMsgSession@4
CreateIProp@24
CreateTable@36
DeinitMapiUtil@0
DeregisterIdleRoutine@4
DllCanUnloadNow
DllGetClassObject
EnableIdleRoutine@8
EncodeID@12
FBadColumnSet@4
FBadEntryList@4
FBadProp@4
FBadPropTag@4

imm32

ImmGetContext
ImmLockClientImc
ImmIsIME
ImmInstallIMEW
ImmLockIMC
ImmLockIMCC
ImmLockImeDpi
ImmNotifyIME
ImmRegisterClient
ImmRegisterWordA
ImmRegisterWordW
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmCreateIMCC
ImmActivateLayout
ImmDisableIME
ImmGenerateMessage
ImmGetAppCompatFlags
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA

kernel32

GetLastError
CreateFileA
GetWindowsDirectoryA
GetACP
OutputDebugStringW
AttachConsole
SetThreadLocale
HeapSetInformation
CreateRemoteThread
QueryDosDeviceA
LZRead

gdi32

CloseFigure
CloseFigure

Sections

.text
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 318KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83e800c7435eede238b3f257c5bc5ab4

Headers

File Characteristics

Imports

mapi32

imm32

kernel32

gdi32

Sections

.text Size: 31KB - Virtual size: 32KB

.data Size: 13KB - Virtual size: 318KB

.rsrc Size: 504KB - Virtual size: 504KB

.text
Size: 31KB - Virtual size: 32KB

.data
Size: 13KB - Virtual size: 318KB

.rsrc
Size: 504KB - Virtual size: 504KB