2cadb567f34753f5e9a5831231934c90_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2cadb567f34753f5e9a5831231934c90_JaffaCakes118
Size

824KB
MD5

2cadb567f34753f5e9a5831231934c90
SHA1

d4ec69114c3bc8ef7a3346ff66b2ff2d56f96e0f
SHA256

a9a0590772b9a25fafc1215b2a5369e9c74cf63459426bb6eb007c655efbd197
SHA512

aa15a5f5da746161c4f0becda5ee22cec89144e74b96fba08583bd54be7362b0689b285b93d2e386f2bfb6b264e6c1cdaceb9b11e3e00ab5b5012a754ac48154
SSDEEP

24576:tHcquManplGiiHx9Ch6gB2dDAv5tX1SI4:t8MaPex9Csfqg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cadb567f34753f5e9a5831231934c90_JaffaCakes118

Files

2cadb567f34753f5e9a5831231934c90_JaffaCakes118
.exe windows:5 windows x86 arch:x86

09e2e3a1c3731da379890199a4275f66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

NdrServerCall2
MIDL_wchar_strlen
NdrStubInitializeMarshall
NDRSContextUnmarshall2
I_RpcAllocate
RpcEpRegisterNoReplaceA
RpcGetAuthorizationContextForClient
NdrSimpleStructFree
UuidCreate
tree_peek_ndr
NdrMesProcEncodeDecode2
I_RpcBindingInqDynamicEndpointA
RpcServerTestCancel
CStdStubBuffer_IsIIDSupported
NdrConvert
MIDL_wchar_strcpy
RpcServerUseProtseqEpExA
I_RpcNsBindingSetEntryNameA
RpcUserFree
char_array_from_ndr
NdrNonEncapsulatedUnionBufferSize
RpcBindingCopy
RpcServerUnregisterIfEx
RpcRaiseException
I_RpcServerRegisterForwardFunction
NdrXmitOrRepAsUnmarshall
RpcSsGetContextBinding
NDRCContextBinding
RpcBindingSetOption
I_RpcParseSecurity
I_RpcGetBufferWithObject
NdrStubCall2
I_RpcTransIoCancelled
NdrGetSimpleTypeMemorySize
NdrStubForwardingFunction
I_RpcTransServerNewConnection
RpcServerUseProtseqW
RpcServerRegisterAuthInfoW
RpcNetworkInqProtseqsW
short_array_from_ndr

mapistub

cmc_send_documents
CloseIMsgSession@4
IsBadBoundedStringPtr@8
HrComposeMsgID@24
UNKOBJ_FreeRows@8
FBadRowSet@4
OpenTnefStream
UNKOBJ_ScCOReallocate@12
BMAPIAddress
cmc_look_up
UlFromSzHex@4
CbOfEncoded@4
MAPIAllocateMore
SzFindCh@8
OpenIMsgSession@12
HrQueryAllRows@24
FPropCompareProp@12
MAPILogon
cmc_query_configuration
MAPIDetails
MAPIResolveName
FGetComponentPath
cmc_logoff
FtSubFt@16
MapStorageSCode@4
FtNegFt@8
cmc_act_on
FreeProws@4
WrapCompressedRTFStream
HrGetOmiProvidersFlags@8
ScRelocProps@20
OpenIMsgOnIStg@44
cmc_list
BMAPIReadMail
MAPIDeleteMail
MAPIFreeBuffer
GetOutlookVersion@0
HrGetOmiProvidersFlags
FreePadrlist@4
ScBinFromHexBounded@12
FGetComponentPath@20
MAPIDeinitIdle@0
cmc_read
PpropFindProp@12
SwapPlong@8

gdi32

GetObjectW
GetKerningPairsW
FixBrushOrgEx
EngFindResource
GdiGetSpoolFileHandle
Pie
EngBitBlt
GetPixelFormat
CreateEllipticRgnIndirect
NamedEscape
CreateBitmapIndirect
GdiGetDC
EngCreateBitmap
SetBitmapBits
SetDIBColorTable
EngMultiByteToWideChar
GetEnhMetaFileA
CreateSolidBrush
GetStretchBltMode
FillRgn
CreateICA
GetFontUnicodeRanges
CreateRectRgn
CloseEnhMetaFile
PatBlt
EngCreateDeviceSurface
GetDIBits
GetPath
StrokePath
GetCharABCWidthsFloatW
EngAlphaBlend
SetROP2
CreateDIBSection
GdiDrawStream
DdEntry0
PolyPolyline
GetRasterizerCaps
DdEntry14
DdEntry8
EnableEUDC

hid

HidD_SetNumInputBuffers
HidP_GetButtonCaps
HidP_UnsetUsages
HidD_GetProductString
HidD_Hello
HidD_GetMsGenreDescriptor
HidP_GetLinkCollectionNodes
HidP_UsageListDifference
HidP_GetData
HidP_SetScaledUsageValue
HidP_GetCaps
HidD_GetInputReport
HidP_GetUsagesEx
HidD_GetHidGuid
HidD_SetOutputReport
HidP_InitializeReportForID
HidP_SetData
HidP_SetUsages
HidP_GetSpecificValueCaps
HidD_GetPreparsedData
HidD_GetNumInputBuffers
HidP_GetValueCaps
HidP_GetSpecificButtonCaps
HidP_MaxUsageListLength
HidD_FlushQueue
HidP_SetUsageValue
HidP_MaxDataListLength
HidD_FreePreparsedData
HidD_GetSerialNumberString

kernel32

GetCommandLineA
VerifyConsoleIoHandle
DosPathToSessionPathW
RtlCaptureContext
CloseHandle
SetConsoleIcon
CreateMailslotA
BuildCommDCBAndTimeoutsA
FindResourceExW
SetThreadLocale
FreeLibraryAndExitThread
MapViewOfFile
GetConsoleCursorInfo
SetConsoleMode
LoadLibraryA
SetConsoleInputExeNameA
CancelWaitableTimer
CommConfigDialogW
RtlZeroMemory
InterlockedPushEntrySList
QueryPerformanceCounter
SetFirmwareEnvironmentVariableW
GetExitCodeThread
VirtualAlloc
SetDefaultCommConfigA
GetCurrentConsoleFont
GetExitCodeProcess
LoadLibraryW
LCMapStringA
FreeResource
ContinueDebugEvent
GetTickCount
EnumerateLocalComputerNamesW
GetConsoleAliasW
GetConsoleFontInfo
WriteProfileStringW
GetCurrentThreadId
OpenFileMappingA

msvcp60

?epsilon@?$numeric_limits@D@std@@SADXZ
?copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPAGII@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?grouping@?$numpunct@G@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?do_encoding@codecvt_base@std@@MBEHXZ
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@@Z
??_D?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEXXZ
?stossc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??_7?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??X?$_Complex_base@M@std@@QAEAAV01@ABM@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAO@Z
?max@?$numeric_limits@F@std@@SAFXZ
?_Makpat@?$_Mpunct@D@std@@AAEXAAUpattern@money_base@2@DDD@Z
??X?$_Complex_base@N@std@@QAEAAV01@ABN@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??_0std@@YAAAV?$complex@N@0@AAV10@ABV10@@Z
?round_error@?$numeric_limits@N@std@@SANXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0ABV12@@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
?_Tidy@locale@std@@CAXXZ
?_Isinf@?$_Ctr@M@std@@SA_NM@Z
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE?AVlocale@2@XZ
?infinity@?$numeric_limits@E@std@@SAEXZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Isnan@?$_Ctr@O@std@@SA_NO@Z

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 580KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09e2e3a1c3731da379890199a4275f66

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

mapistub

gdi32

hid

kernel32

msvcp60

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 212KB - Virtual size: 211KB

.data Size: 580KB - Virtual size: 1.9MB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 292B

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 212KB - Virtual size: 211KB

.data
Size: 580KB - Virtual size: 1.9MB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 292B