09789dc94cb23943c78f30b1ac27a0a9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

09789dc94cb23943c78f30b1ac27a0a9_JaffaCakes118
Size

853KB
MD5

09789dc94cb23943c78f30b1ac27a0a9
SHA1

bed98c6c45f328cd8199009112aeb5439963c0c1
SHA256

17acd17bc7f4a22618d23021aa19b707aa02561c7924bb1ec238488ee7010a98
SHA512

cfe214d6c2fde29f101c73c0f898678a3ed3b920ff320e442079294dc89c46156265c6e58696644d32651fbe735960a75734f0a2263f8a2f9d4c7c9f42312cb1
SSDEEP

24576:T9W+273dQvbKChSNXwHCELCSn+cenB1TV:MNevbKCsC9CSuB1T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09789dc94cb23943c78f30b1ac27a0a9_JaffaCakes118

Files

09789dc94cb23943c78f30b1ac27a0a9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9b71b18f620b7f24e2b4b685d9c501ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
VirtualAlloc
RegisterConsoleOS2
FindActCtxSectionStringA
GlobalHandle
LoadLibraryA
GetCurrencyFormatW
WriteProfileStringA
lstrcmpA
GetVolumePathNameA
DeleteFileA
SetCommState
GetConsoleAliasW
LocalFree
SetConsoleMenuClose
OpenFileMappingW
SetLocalPrimaryComputerNameA
EnumCalendarInfoA
GetStartupInfoA
LocalUnlock
GetVolumeNameForVolumeMountPointA
CreateFileW
GetEnvironmentStringsW
GetNumaAvailableMemoryNode
CommConfigDialogA
SetProcessShutdownParameters
CreateEventW
MapUserPhysicalPages
GetDevicePowerState
UTRegister
DnsHostnameToComputerNameW
HeapCreate
GetCommandLineW
FindFirstChangeNotificationW
SetConsoleOutputCP
GetProfileStringW
EscapeCommFunction
GetPrivateProfileStructA

mapi32

ScCountProps@12
MAPIGetDefaultMalloc@0
HrDecomposeMsgID@24
WrapCompressedRTFStream
HrThisThreadAdviseSink@8
EnableIdleRoutine@8
BMAPIResolveName
ScDupPropset@16
FBadProp@4
cmc_logoff
LpValFindProp@12
MAPIAllocateBuffer
FtSubFt@16
FtAdcFt@20
GetAttribIMsgOnIStg@12
HrEntryIDFromSz@12
MAPIAdminProfiles
MAPISaveMail
OpenIMsgOnIStg@44
MAPIUninitialize@0

mspatcha

ApplyPatchToFileA
GetFilePatchSignatureByHandle
ApplyPatchToFileExW
ApplyPatchToFileExA
ApplyPatchToFileByHandles
TestApplyPatchToFileByHandles
TestApplyPatchToFileW
ApplyPatchToFileByHandlesEx
TestApplyPatchToFileA
ApplyPatchToFileW
GetFilePatchSignatureA
GetFilePatchSignatureW

winmm

waveInOpen
midiStreamPause
midiInOpen
midiInGetDevCapsA
mmTaskSignal
mixerGetDevCapsA
midiInGetErrorTextA
midiInAddBuffer
midiOutGetID
waveOutGetDevCapsA
waveOutGetID
mixerSetControlDetails
waveInGetDevCapsA
wid32Message
mmioRenameW
WOWAppExit

Sections

.text
Size: 754KB - Virtual size: 754KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b71b18f620b7f24e2b4b685d9c501ed

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mapi32

mspatcha

winmm

Sections

.text Size: 754KB - Virtual size: 754KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 4KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 754KB - Virtual size: 754KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 4KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB