242c243e79b02c4c745badf0e667c1a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

242c243e79b02c4c745badf0e667c1a1_JaffaCakes118
Size

806KB
MD5

242c243e79b02c4c745badf0e667c1a1
SHA1

8afcdd9b0a478782485e85136c530b9a4fb500b0
SHA256

26e791fcf3afb3822b8a18caf038e7aeedfac72e72320ac0ab11de76b79340d0
SHA512

9de7b28233407baeb67cff9458dbb6f976d5eef8c491779efc0605d4a3159ac4668f44e3247b337cefbc412418005a141bcb719e7080608064f0526766102d05
SSDEEP

24576:TeOvCUQ+8NG21yWPUesyk3IXTTMXnhRi:Teq78CWPU7yk3hhRi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
242c243e79b02c4c745badf0e667c1a1_JaffaCakes118

Files

242c243e79b02c4c745badf0e667c1a1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

07794a0cc64c3372c5bc6fa32efe8df6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapistub

UNKOBJ_ScAllocateMore@16
UNKOBJ_COFree@8
ScCopyProps@16
FreePadrlist@4
FtMulDwDw@8
FixMAPI@0
UNKOBJ_Free@8
MAPIAllocateBuffer@8
SwapPlong@8
CloseIMsgSession@4
cmc_logon
GetOutlookVersion
FBadRglpNameID@8
PpropFindProp@12
BMAPIFindNext
HexFromBin@12
MAPIDeleteMail
FtSubFt@16
FPropContainsProp@12
OpenTnefStream@28
MAPIOpenFormMgr@8
MAPIUninitialize@0
ScRelocProps@20
MapStorageSCode@4
MAPIUninitialize
OpenIMsgOnIStg@44
MAPISendDocuments
HrDecomposeMsgID@24
OpenTnefStream

msvcrt40

??0ofstream@@QAE@PBDHH@Z
?precision@ios@@QBEHXZ
?x_curindex@ios@@0HA
??6ostream@@QAEAAV0@M@Z
_makepath
??_7fstream@@6B@
??1istream@@UAE@XZ
abs
_ltoa
mbstowcs
clearerr
_wgetenv
??_Dostream@@QAEXXZ
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
?snextc@streambuf@@QAEHXZ
_spawnlpe
__p__iob
_rotr
_environ
ispunct

winmm

mmTaskSignal
midiInGetErrorTextW
mixerGetLineControlsA
WOWAppExit
midiDisconnect
waveOutGetErrorTextA
mmDrvInstall
joyGetNumDevs
mixerClose
waveInOpen
mmioOpenA
mixerGetDevCapsW
WOW32ResolveMultiMediaHandle
waveOutReset
mciGetDeviceIDW
mciLoadCommandResource
sndPlaySoundW
mciGetDeviceIDFromElementIDW
mmioSeek
midiInUnprepareHeader
timeGetSystemTime
midiOutReset
joySetThreshold
mixerGetControlDetailsA

cryptext

CryptExtOpenCTL
DllRegisterServer
CryptExtOpenCRLW
CryptExtOpenPKCS7W
CryptExtAddCERW
CryptExtOpenCER
CryptExtOpenCERW
CryptExtAddP7R
DllCanUnloadNow
CryptExtAddP7RW
CryptExtOpenPKCS7
CryptExtAddSPCW
CryptExtAddCRLW
CryptExtOpenP7R
CryptExtOpenP7RW
CryptExtOpenSTR
CryptExtOpenCAT
DllUnregisterServer
CryptExtAddCER
CryptExtOpenCTLW
CryptExtOpenCATW
CryptExtAddCRL
CryptExtAddSPC
CryptExtAddPFXW
CryptExtAddCTL
CryptExtAddPFX
DllGetClassObject
CryptExtOpenCRL

cfgmgr32

CM_Set_HW_Prof_Ex
CM_Set_DevNode_Registry_PropertyW
CM_Add_ID_ExA
CM_Add_IDA
CM_Get_Res_Des_Data_Ex
CM_Set_HW_Prof_Flags_ExA
CM_Query_Remove_SubTree_Ex
CM_Create_DevNode_ExW
CM_Get_Hardware_Profile_Info_ExW
CM_Get_Log_Conf_Priority_Ex
CM_Get_Device_Interface_List_SizeA
CM_Locate_DevNode_ExW
CM_Set_DevNode_Problem_Ex
CM_Register_Device_Interface_ExW
CM_Register_Device_Driver_Ex
CM_Get_Class_Registry_PropertyW
CM_Test_Range_Available
CM_Locate_DevNode_ExA
CM_Unregister_Device_InterfaceA
CM_Remove_SubTree_Ex
CM_Get_Depth
CM_Query_And_Remove_SubTree_ExA
CM_Get_Parent
CM_Create_Range_List
CM_Get_Class_Key_Name_ExW

expsrv

rtcInputBox
rtI2FromErrVar
__vbaCyForNext
TipUnloadProject
_adj_fprem
rtcGetDateVar
__vbaCyUI1
EVENT_SINK_Invoke
PutMem4
__vbaGet3
__vbaDerefAry1
__vbaI2ErrVar
__vbaLateMemCallLd
__vbaNextEachVar
__vbaCyI4
rtcHexBstrFromVar
__vbaRedim
__vbaVarNot
rtcIntVar
_adj_fdivr_m32
GetMemVar
__vbaDateR4
__vbaInputFile
__vbaCySub
__vbaLateIdCallSt
__vbaStrVarCopy
__vbaVarErrI4
__vbaAryLock
__vbaObjIs

kernel32

GetFileAttributesA
GetThreadPriority
EnumDateFormatsExW
SetConsoleNlsMode
GetNumberOfConsoleMouseButtons
GetStringTypeW
EnumTimeFormatsW
SetComputerNameExA
EnumTimeFormatsA
LoadLibraryA
SetConsoleCtrlHandler
DeleteVolumeMountPointA
VirtualLock
lstrcmp
Process32FirstW
GlobalFree
AssignProcessToJobObject
RemoveDirectoryA
GlobalHandle
GlobalFindAtomW
GetOverlappedResult
FoldStringA
VerifyVersionInfoW
EnumResourceTypesA
VirtualUnlock
VirtualAlloc
RegisterWaitForSingleObject
DeleteFileW

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 588KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07794a0cc64c3372c5bc6fa32efe8df6

Headers

DLL Characteristics

File Characteristics

Imports

mapistub

msvcrt40

winmm

cryptext

cfgmgr32

expsrv

kernel32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 201KB - Virtual size: 200KB

.data Size: 588KB - Virtual size: 2.0MB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 348B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 201KB - Virtual size: 200KB

.data
Size: 588KB - Virtual size: 2.0MB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 348B