19f9a989f3c54444c2e4d3014d47cfb7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

19f9a989f3c54444c2e4d3014d47cfb7_JaffaCakes118
Size

52KB
MD5

19f9a989f3c54444c2e4d3014d47cfb7
SHA1

4a60da8e6b1f16e97c3f9cd2a92432dbf8a214d6
SHA256

24907808cc75f1e0ddb8882e34f8b8d73df554d6a70ee570ba35be809568072b
SHA512

969168b71d26d18a0cc1b6684e3b6397151d7c0fdb99f576ae3429b7d13c067f569a6ead8d599d24343bbb339982768f03532fe546bfb3c3aff4961c33f94bf7
SSDEEP

768:C4op4ahGb/fQYJdTkhYExVDWyJDXFJa6jzoBvjB/Efaij1utv8cx5k:ZopYHExAEDVJDoBvj/01uJj5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19f9a989f3c54444c2e4d3014d47cfb7_JaffaCakes118

Files

19f9a989f3c54444c2e4d3014d47cfb7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a530e431b5ea94c73bb7f62abe38eb57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

inetcomm

MimeOleCreateBody
HrGetDisplayNameWithSizeForFile
MimeEditViewSource
MimeOleGetCertsFromThumbprints
MimeOleGetRelatedSection
MimeOleCreateMessageParts
MimeOleSetPropW
MimeOleGenerateMID
HrAttachDataFromFile
HrDoAttachmentVerb
MimeOleAlgNameFromSMimeCap
CreateRangeList
MimeOleUnEscapeStringInPlace
EssKeyExchPreferenceEncodeEx
MimeOleEncodeHeader
EssContentHintDecodeEx
HrGetLastOpenFileDirectory
MimeOleCreateHeaderTable
EssSignCertificateDecodeEx
MimeOleCreateByteStream
MimeOleInetDateToFileTime
EssSignCertificateEncodeEx
MimeOleCreateMessage
HrAthGetFileNameW
MimeOleSMimeCapGetEncAlg
MimeOleGetInternat
MimeOleSMimeCapsFull
MimeOleGenerateCID
MimeOleParseRfc822Address
MimeOleSetBodyPropW
HrGetAttachIcon
MimeOleGetFileInfoW
MimeOleFindCharset
MimeOleSMimeCapGetHashAlg
CreateSMTPTransport
MimeOleStripHeaders
CreateIMAPTransport
HrGetLastOpenFileDirectoryW
CreateNNTPTransport
EssMLHistoryEncodeEx
MimeOleConvertEnrichedToHTML
MimeOleOpenFileStream

crtdll

_wcsrev
putc
_nextafter
swscanf
__doserrno
_searchenv
_vsnwprintf
__fpecode
_dup2
_fdopen
_tzname
vwprintf
strchr
isalpha
gets
_mbstrlen
wcsncpy
iswalnum
wcslen
__iscsym
_ltow
_pipe
_y1
_setsystime
_fmode_dll
_tempnam
_expand
_tell
_getdiskfree
_CIcos
_flsbuf
_statusfp
_seterrormode
_locking
_CIasin
_spawnlpe
_pclose
towlower
_mktemp
_strdec
wcsrchr
_stricoll
strcpy
memset

query

??1CFileMapView@@QAE@XZ
?PeekULong@CMemDeSerStream@@UAEKXZ
?SkipUShort@CMemDeSerStream@@UAEXXZ
??0CDbColumnNode@@QAE@ABUtagDBID@@H@Z
?QuerySdidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?IsIISAdminUp@CMetaDataMgr@@SGHAAH@Z
?MakeMetadataICommand@@YGJPAPAUIUnknown@@W4CiMetaData@@PBG2PAU1@@Z
?MinPageInUse@CPhysStorage@@QAEHAAK@Z
?Next@CPropertyList@@UAEPBVCPropEntry@@XZ
?SkipULong@CMemDeSerStream@@UAEXXZ
??0CRequestQueue@@QAE@IIIHIIABU_GUID@@@Z
?PutWString@@YGXAAVPSerStream@@PBG@Z
??1CLangList@@QAE@XZ
??0CDbColId@@QAE@XZ
?_wcsFileName@CGlobalPropFileRefresher@@0PAGA
?NewWordBreaker@CCiOle@@SGPAUIWordBreaker@@ABU_GUID@@@Z
?Marshall@CPropertyRestriction@@QBEXAAVPSerStream@@@Z
?MinPageInUse@CBufferCache@@QAEHAAK@Z
?SaComputeSize@@YGKGAAUtagSAFEARRAY@@@Z
??0CNatLanguageRestriction@@QAE@PBGABVCFullPropSpec@@K@Z
??1CScopeRestriction@@QAE@XZ
?QueryInterface@CQueryUnknown@@UAGJABU_GUID@@PAPAX@Z
?GetFloat@CMemDeSerStream@@UAEMXZ
?GetNumber@CQueryScanner@@QAEHAA_KAAH@Z
??1CParseCommandTree@@QAE@XZ
?SetCatalog@CCatState@@QAEXPBG@Z
?GetDiskSpace@CDriveInfo@@QAEXAA_J0@Z
?PutValue@CValueNormalizer@@QAEXKAAKABVCStorageVariant@@@Z
?AddEntry@CPropertyList@@UAEXPAVCPropEntry@@H@Z
?Close@CPipeClient@@IAEXXZ
?Find@CStaticPropertyList@@UAEPBVCPropEntry@@PBG@Z
?UnMarshall@CDbPropSet@@QAEHAAVPDeSerStream@@@Z
CIState
?ciIsValidPointer@@YGHPBX@Z
?Release@CEnumString@@UAGKXZ
??1COccRestriction@@QAE@XZ
??1CPropertyList@@UAE@XZ
?AddRef@CEmptyPropertyList@@UAGKXZ
?Append@CEnumWorkid@@QAEXK@Z
?Load@CLocalGlobalPropertyList@@QAEXQBG@Z
??1CDbSortSet@@QAE@XZ
?Reset@CRegChangeEvent@@QAEXXZ

msvcirt

??_Gstdiostream@@UAEPAXI@Z
??0ios@@IAE@ABV0@@Z
??0ostream@@QAE@PAVstreambuf@@@Z
??5istream@@QAEAAV0@AAM@Z
?flags@ios@@QAEJJ@Z
??0istrstream@@QAE@PAD@Z
??_Efstream@@UAEPAXI@Z
??4iostream@@IAEAAV0@AAV0@@Z
?precision@ios@@QAEHH@Z
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
?overflow@stdiobuf@@UAEHH@Z
?ipfx@istream@@QAEHH@Z
?unbuffered@streambuf@@IBEHXZ
??0stdiobuf@@QAE@PAU_iobuf@@@Z
?pbackfail@streambuf@@UAEHH@Z
??_Gstrstreambuf@@UAEPAXI@Z
??0Iostream_init@@QAE@XZ
?put@ostream@@QAEAAV1@D@Z
??0streambuf@@IAE@XZ
??_7strstream@@6B@
??_7strstreambuf@@6B@
??0istream@@IAE@ABV0@@Z
??_Diostream@@QAEXXZ
??_Eifstream@@UAEPAXI@Z
?tie@ios@@QAEPAVostream@@PAV2@@Z
??_8stdiostream@@7Bostream@@@
?snextc@streambuf@@QAEHXZ
?setf@ios@@QAEJJ@Z
?clrlock@streambuf@@QAEXXZ
??_8stdiostream@@7Bistream@@@
??_7fstream@@6B@
??5istream@@QAEAAV0@PAD@Z
??1exception@@UAE@XZ
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
?sync@strstreambuf@@UAEHXZ
?eback@streambuf@@IBEPADXZ
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
??1istrstream@@UAE@XZ
?setmode@ofstream@@QAEHH@Z
??0filebuf@@QAE@ABV0@@Z
?in_avail@streambuf@@QBEHXZ
?open@ifstream@@QAEXPBDHH@Z
?cout@@3Vostream_withassign@@A
??_Difstream@@QAEXXZ
__dummy_export
??_Distream@@QAEXXZ
?width@ios@@QBEHXZ
??_Distream_withassign@@QAEXXZ
?endl@@YAAAVostream@@AAV1@@Z
??6ostream@@QAEAAV0@F@Z
?attach@ifstream@@QAEXH@Z
?overflow@strstreambuf@@UAEHH@Z
?cerr@@3Vostream_withassign@@A
??_7ofstream@@6B@
??0ostrstream@@QAE@XZ
??1istream@@UAE@XZ
?fd@ifstream@@QBEHXZ
??_8fstream@@7Bistream@@@
?sputbackc@streambuf@@QAEHD@Z
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?rdbuf@ios@@QBEPAVstreambuf@@XZ
?sunk_with_stdio@ios@@0HA
??0ostrstream@@QAE@PADHH@Z
??1strstreambuf@@UAE@XZ
??_Gios@@UAEPAXI@Z
?openprot@filebuf@@2HB
??0ostream@@IAE@XZ
??_Giostream@@UAEPAXI@Z
??4ostream_withassign@@QAEAAV0@ABV0@@Z
?putback@istream@@QAEAAV1@D@Z
??_7logic_error@@6B@
?underflow@stdiobuf@@UAEHXZ
??0ifstream@@QAE@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??_Dostrstream@@QAEXXZ
??0exception@@QAE@ABV0@@Z
??1istream_withassign@@UAE@XZ

kernel32

WriteConsoleInputVDMW
WriteConsoleInputVDMA
GetSystemWow64DirectoryA
LoadLibraryA
GetConsoleAliasesLengthA
GetSystemDirectoryW
GetEnvironmentStringsW
LocalAlloc
Process32Next
MoveFileExW
GetNumberFormatW
GlobalAlloc
SetFileValidData
BaseFlushAppcompatCache
WriteTapemark
OpenProfileUserMapping
PurgeComm
QueryPerformanceCounter
GetExitCodeThread
ReadConsoleOutputA
OutputDebugStringW
GetCalendarInfoW
GetThreadPriorityBoost
DuplicateConsoleHandle
lstrcpyA
HeapLock
GetCurrentThread
GlobalUnfix
UnregisterWait
VirtualAlloc
GetFileAttributesExW
GetThreadLocale
SetThreadIdealProcessor

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a530e431b5ea94c73bb7f62abe38eb57

Headers

DLL Characteristics

File Characteristics

Imports

inetcomm

crtdll

query

msvcirt

kernel32

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 47KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 47KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B