35295d76cf27d61b1dc5a58e0fc67ed2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

35295d76cf27d61b1dc5a58e0fc67ed2_JaffaCakes118
Size

99KB
MD5

35295d76cf27d61b1dc5a58e0fc67ed2
SHA1

6c29685c0d8d5a0aae11887f2654592813ddbe9d
SHA256

2d3fe4f5cd15ed84aecbea722e35a68b4d71ff7564c1c7bb21e9224b6ad2f93f
SHA512

52083da21a9268384c454cc95daef603e3cf1b5ecd51895a1995918ca2bbc235f1479b038480548ec2d565b742c78dab0308d256d2b64a80af80bf0b4b6e3f4c
SSDEEP

1536:pOpuW1UCpGynfR+J3Zqk8qi/XEyIxu4S1p5yVK8iVmCp1/NIRWjhe1nDsyBjOxoA:dWeqrN/Gxu4S1p5ykrJ1qAjhe1IoM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35295d76cf27d61b1dc5a58e0fc67ed2_JaffaCakes118

Files

35295d76cf27d61b1dc5a58e0fc67ed2_JaffaCakes118
.exe windows:1 windows x86 arch:x86

d2fd04171910726c8846f832675fadbe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoReleaseMarshalData
CLIPFORMAT_UserUnmarshal
StgGetIFillLockBytesOnFile
CoGetMarshalSizeMax
GetDocumentBitStg
HACCEL_UserSize
CoGetDefaultContext
GetRunningObjectTable
HBRUSH_UserMarshal
HBRUSH_UserFree
DcomChannelSetHResult
StringFromCLSID
OleCreateLinkToFileEx
IsValidIid
OleDuplicateData
CoInitializeEx
WriteClassStm
CoQueryProxyBlanket
PropSysFreeString
CreateClassMoniker
CoFileTimeToDosDateTime
PropSysAllocString
CoTaskMemAlloc
HGLOBAL_UserFree
OleCreateFromFileEx
CoGetCancelObject
OleInitialize
HGLOBAL_UserMarshal
CoFileTimeNow
StgCreateDocfileOnILockBytes
CoUnmarshalHresult
OleLockRunning
CoQueryReleaseObject
OleCreateLinkFromData
CoMarshalHresult
OleConvertOLESTREAMToIStorage
CoFreeAllLibraries
CoGetTreatAsClass
HMETAFILE_UserMarshal
HDC_UserSize

mapistub

CchOfEncoding@4
HrGetOmiProvidersFlags@8
ScCountNotifications@12
MAPIUninitialize
ScBinFromHexBounded@12
FBadRow@4
SzFindCh@8
BMAPIReadMail
FtAddFt@16
HrDispatchNotifications@4
HrAddColumns@16
MAPILogon
MAPIInitialize@4
cmc_logoff
BMAPIGetReadMail
HrEntryIDFromSz@12
cmc_query_configuration
cmc_logon
MAPIFreeBuffer@4
ScInitMapiUtil@4
MAPIAddress
FtMulDw@12
MAPISendMail
LAUNCHWIZARD
ScMAPIXFromCMC
FBadRestriction@4
OpenTnefStreamEx
MAPIAllocateBuffer
MapStorageSCode@4
LPropCompareProp@8

dhcpcsvc

DhcpRegisterParamChange
DhcpNotifyConfigChangeEx
DhcpRequestOptions
DhcpDeRegisterOptions
DhcpRenewIpAddressLeaseEx
DhcpAcquireParameters
DhcpLeaseIpAddressEx
DhcpReleaseIpAddressLease
DhcpEnumClasses
DhcpDeRegisterParamChange
DhcpRenewIpAddressLease
DhcpStaticRefreshParams
DhcpCApiCleanup
DhcpPersistentRequestParams
McastReleaseAddress
McastRenewAddress
DhcpCApiInitialize
DhcpFallbackRefreshParams
DhcpRegisterOptions
McastApiCleanup
McastApiStartup
DhcpHandlePnPEvent
DhcpNotifyConfigChange
DhcpDelPersistentRequestParams
DhcpUndoRequestParams
DhcpRemoveDNSRegistrations
DhcpOpenGlobalEvent
DhcpRequestParams

kernel32

GetProfileSectionA
PostQueuedCompletionStatus
VDMConsoleOperation
UnlockFile
GetModuleHandleW
_lcreat
LockResource
LocalReAlloc
GetStringTypeExW
FileTimeToDosDateTime
IsBadHugeWritePtr
SetEvent
VerLanguageNameW
SetLastError
GlobalGetAtomNameW
GetStdHandle
GetCompressedFileSizeA
GetModuleHandleExW
SetThreadContext
DeleteTimerQueueEx
SetComPlusPackageInstallStatus
EnumSystemLanguageGroupsW
PeekNamedPipe
GetConsoleAliasesLengthA
TryEnterCriticalSection
ReadConsoleInputW
EnumResourceTypesA
GetLargestConsoleWindowSize
lstrlenA
GetDateFormatA
WaitForSingleObjectEx
IsValidLanguageGroup
GetDiskFreeSpaceExA
GetModuleHandleA
FlushFileBuffers
OpenEventW
_lopen
WaitForMultipleObjects
GetSystemWindowsDirectoryW
DeactivateActCtx
GlobalAddAtomW
WaitNamedPipeW
GetEnvironmentVariableA
SetCriticalSectionSpinCount
LocalShrink
TransactNamedPipe
FindFirstFileExA
ReplaceFile
GetCurrentThread
GetTimeZoneInformation
SetThreadAffinityMask
GetUserDefaultLangID
DosPathToSessionPathA
RemoveVectoredExceptionHandler
FoldStringW
EnumResourceNamesA
GetVolumePathNameA
LoadLibraryA
PurgeComm
GetSystemDefaultUILanguage
GlobalAlloc
VirtualAlloc
lstrcpyA
InterlockedExchange
CreateFileW
SetProcessAffinityMask
SetProcessShutdownParameters
_lread
EnumLanguageGroupLocalesW
AddVectoredExceptionHandler
FindVolumeClose
SetConsoleMenuClose
HeapUnlock

certcli

CADeleteCertType
CACreateCertType
CASetCACertificate
CAInstallDefaultCertType
CACertTypeRegisterQuery
DllInstall
CAEnumNextCA
CACertTypeQuery
CAOIDFreeProperty
CAGetCertTypeExpiration
CAOIDCreateNew
CAGetCAFlags
DllGetClassObject
CAGetCertTypePropertyEx
CASetCAExpiration
CASetCASecurity
CAOIDGetLdapURL
CAEnumFirstCA
CASetCAFlags
CASetCAProperty
CASetCertTypeExpiration
CASetCertTypeFlagsEx
CADeleteCA
CASetCertTypeFlags
CACertTypeAccessCheck
CAAccessCheckEx
CACloseCertType

atl

AtlComPtrAssign
AtlGetVersion
AtlAxCreateDialogA
AtlComQIPtrAssign
AtlModuleInit
AtlModuleRegisterWndClassInfoW
AtlGetObjectSourceInterface
AtlModuleTerm
AtlModuleAddTermFunc
AtlModuleUnRegisterTypeLib
AtlAxCreateDialogW
AtlModuleUnregisterServerEx
AtlIPersistStreamInit_Save
AtlModuleAddCreateWndData
AtlDevModeW2A
AtlAxGetHost
AtlModuleRevokeClassObjects
AtlModuleUnregisterServer
AtlModuleRegisterClassObjects
AtlPixelToHiMetric
AtlModuleExtractCreateWndData
AtlWaitWithMessageLoop
AtlIPersistPropertyBag_Save
AtlModuleUpdateRegistryFromResourceD
AtlIPersistStreamInit_Load
AtlModuleRegisterServer
AtlModuleRegisterTypeLib
AtlAxDialogBoxA
AtlAdvise
AtlCreateTargetDC
AtlMarshalPtrInProc
AtlIPersistPropertyBag_Load
AtlModuleGetClassObject
AtlHiMetricToPixel
AtlAxWinInit
AtlUnmarshalPtr
AtlFreeMarshalStream

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2fd04171910726c8846f832675fadbe

Headers

File Characteristics

Imports

ole32

mapistub

dhcpcsvc

kernel32

certcli

atl

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 512B - Virtual size: 118KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 118KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 1KB - Virtual size: 1KB