2cf23d1bc7ca017875d7c33b51a5a4c0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2cf23d1bc7ca017875d7c33b51a5a4c0_JaffaCakes118
Size

134KB
MD5

2cf23d1bc7ca017875d7c33b51a5a4c0
SHA1

6d0ce86df414d0c50439dcee55b10dfb171142af
SHA256

926c39076a79a39a9329b7a65abd94d389e0044556f78c57c22a02780ccd1b47
SHA512

f1dd65986399ec4c8914f08645f9d24691e82eb6d5ac5c7e894be067a5c48250161925be6546217de78d8bc7f47813c5fcef06b3624e1d8e7004d6b99550ca1d
SSDEEP

3072:3z2ltECS52ZSJCyJbH/8V3nrpCfNzqdAeL7o+:3zItECS52ZSYy+nrpCmAa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cf23d1bc7ca017875d7c33b51a5a4c0_JaffaCakes118

Files

2cf23d1bc7ca017875d7c33b51a5a4c0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e9bcfcffad121834d1a7b5979c2b26d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapistub

FixMAPI
IsBadBoundedStringPtr@8
EncodeID@12
MAPIDeinitIdle@0
HrEntryIDFromSz@12
HrComposeMsgID@24
HrDecomposeMsgID@24
HrGetOmiProvidersFlags@8
WrapCompressedRTFStream@12
GetOutlookVersion@0
PropCopyMore@16
UNKOBJ_ScCOAllocate@12
SzFindSz@8
FPropCompareProp@12
FreeProws@4
MAPIReadMail
WrapStoreEntryID@24
MAPIGetDefaultMalloc@0
ScCountNotifications@12
BuildDisplayTable@40
HrGetOmiProvidersFlags
FGetComponentPath
HrGetOneProp@12
FDecodeID@12
HrValidateParameters@8
MAPIOpenLocalFormContainer
FBadRglpszA@8
SzFindCh@8
FBadSortOrderSet@4
MAPIDetails
FtNegFt@8
MNLS_lstrcmpW@8
cmc_act_on
cmc_query_configuration
OpenStreamOnFile
CreateTable@36
ScUNCFromLocalPath@12
FtAddFt@16
RTFSync@12
MAPILogonEx@20

kernel32

GetNumaHighestNodeNumber
DefineDosDeviceA
LocalAlloc
GetConsoleAliasesLengthW
InterlockedDecrement
GetConsoleCursorInfo
RegisterWaitForInputIdle
GetProcessIoCounters
OpenWaitableTimerA
GetProcessAffinityMask
InitAtomTable
SleepEx
DefineDosDeviceW
DeviceIoControl
GlobalReAlloc
SetTapeParameters
LoadLibraryA
OpenWaitableTimerW
SetConsoleMaximumWindowSize
HeapCreate
GetNumaProcessorNode
SetConsoleMode
LocalUnlock
VerLanguageNameW
FindFirstFileW
WriteConsoleInputW
GetModuleHandleA
GetCurrencyFormatW
RtlMoveMemory
RequestDeviceWakeup
GetStartupInfoW
GetVDMCurrentDirectories
VirtualAlloc
lstrlen
CancelWaitableTimer
GetLocaleInfoW
WritePrivateProfileStringW
FormatMessageA
GetComputerNameA
UnlockFileEx

esent

JetBeginExternalBackupInstance
JetGetLS
JetOpenTempTable
JetGetCursorInfo
JetRollback@8
JetSetCurrentIndex2
JetReadFileInstance
JetCloseTable
JetCreateTable
JetOpenFile
JetDeleteColumn2
JetGetLogInfoInstance2
JetOpenDatabase
JetCreateIndex2
JetDefragment2
JetCloseDatabase
JetMove
JetCreateInstance
JetGetTruncateLogInfoInstance
JetDBUtilities
JetDefragment
JetDetachDatabase
JetPrepareUpdate@12
JetSetSystemParameter
JetGetLock
JetUpdate@20
JetCreateDatabase
JetConvertDDL

wintrust

WTHelperOpenKnownStores
WTHelperGetKnownUsages
TrustDecode
OfficeCleanupPolicy
SoftpubAuthenticode
CryptCATOpen
WVTAsn1SpcStatementTypeEncode
SoftpubDllRegisterServer
CryptSIPGetSignedDataMsg
CryptCATEnumerateCatAttr
CryptCATGetAttrInfo
HTTPSCertificateTrust
SoftpubDumpStructure
WVTAsn1CatMemberInfoEncode
CryptCATEnumerateMember
TrustFindIssuerCertificate
WTHelperCheckCertUsage
WVTAsn1SpcSigInfoEncode
WVTAsn1SpcMinimalCriteriaInfoDecode
SoftpubLoadSignature
WTHelperGetFileName
SoftpubCheckCert
WVTAsn1SpcPeImageDataDecode
WTHelperCertIsSelfSigned
WTHelperGetFileHash
MsCatFreeHashTag
CryptCATClose
WintrustCertificateTrust
WVTAsn1SpcStatementTypeDecode
WVTAsn1SpcSpAgencyInfoDecode
WTHelperProvDataFromStateData
OfficeInitializePolicy
WVTAsn1SpcSigInfoDecode
CryptCATAdminResolveCatalogPath

msvcrt

strchr
_pgmptr
_cputs
bsearch
_wasctime
_cgets
_mkdir
_mbccpy
towupper
log
modf
_ftime
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_osplatform
??0bad_cast@@QAE@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
_mbcjistojms
_wspawnvpe
_spawnvp
__mb_cur_max
_eof
_wcslwr
_wmkdir
??0exception@@QAE@ABV0@@Z
iswxdigit
fflush
_wmktemp
_itoa
_mbctolower
_outpd
_ismbcsymbol

sqlunirl

_GetComputerName@8
_GetDateFormat_@24
_PageSetupDlg_@4
_CharLower@4
_OpenEventLog_@8
_PrivilegedServiceAuditAlarm_@20
_ttof
_GetKeyNameText_@12
_GetSystemDirectory_@8
_ChangeServiceConfig_@44
_ReadEventLog_@28
_PostMessage@16
_EndUpdateResource_@8
_GetClassInfo@12
_MessageBoxIndirect_@4
_BuildCommDCBAndTimeouts_@12
_EnumProps_@8
_NDdeIsValidShareName_@4
_CharToOem_@8
AllocConvertMultiSZNameToA
_CreateDesktop_@24
_GetOutlineTextMetrics_@12
_RegisterClass_@4
_IsBadStringPtr_@8
_SendMessageTimeout_@28
_GetUserObjectInformation_@20
_ExpandEnvironmentStrings_@12
_RegSaveKey_@12
_GetProfileString_@20
_WriteProfileString_@12
_CharUpper@4
_SendDlgItemMessage@20
_VkKeyScan_@4
_GetCharWidthFloat_@16
_CallNamedPipe_@28
_LookupPrivilegeValue_@12
_OpenWindowStation_@12

user32

PostQuitMessage
RegisterClassW
DefWindowProcW

comsnap

InstallDsExtension

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9bcfcffad121834d1a7b5979c2b26d3

Headers

DLL Characteristics

File Characteristics

Imports

mapistub

kernel32

esent

wintrust

msvcrt

sqlunirl

user32

comsnap

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 50KB - Virtual size: 210KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 204B

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 50KB - Virtual size: 210KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 204B