42a756de82dc023bc4765b04c4350d15_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42a756de82dc023bc4765b04c4350d15_JaffaCakes118
Size

857KB
MD5

42a756de82dc023bc4765b04c4350d15
SHA1

b2fa644dbfdaa170d1adc5c47f9274c8495f09c4
SHA256

75cc42074b097bb2200066585b9baff96ccfc3b8aaea6e846080410e6ea1f039
SHA512

9624304b209b124695b15029ea21ec4a65b1292fc992d2f9ade5b81bb348276d38a4c1eba5c2390bd679fd5bd78b3520ce64ade652f02012ba2209d8ef0b14e8
SSDEEP

12288:/3ctZnFokVFBm2DREc4sS+25b0iZK/GAKEIDeez7yQsm1aT6iH/:/apDmc4Z+YgESJKEg7/spTtf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42a756de82dc023bc4765b04c4350d15_JaffaCakes118

Files

42a756de82dc023bc4765b04c4350d15_JaffaCakes118
.exe windows:5 windows x86 arch:x86

934d9ae6aa85c034a8ee8279f806b9ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlwoa

_LoadCursor@8
_GetWindowLong@8
_DrawText@20
_SetProp@12
_WinHelp@16
_CallWindowProc@20
_GetTextExtentPoint32@16
_TextOut@20
_DeleteFile@4
_LoadIcon@8
_CommDlg_OpenSave_GetSpec@12
_DefWindowProc@16
_GetVersionEx@4
_CreateWindowEx@48
newWideCharFromMultiByte
_GetDiskFreeSpaceEx@16
_SetWindowText@8
_LoadString@16
_FindResource@12
_GetWindowTextLength@4
_tfopen
_GetTextMetrics@8
_CharUpper@4
_IsDialogMessage@8
_StartDoc@8
_SetWindowLong@12
_CreateFont@56
_GetClassInfo@12
_LoadLibrary@4
_CreateFontIndirect@4
_GetFileTitle@12
_CommDlg_OpenSave_GetFolderPath@12
_GetComputerName@8
_PeekMessage@20
_CreateFile@28
_GetSaveFileName@4
_GetObject@12
_GetOpenFileName@4
_MoveFile@8
_ExtTextOut@32
_CharLower@4
_LoadMenu@8
_FreeEnvironmentStrings@4
_FormatMessage@28

kernel32

AllocConsole
GetDiskFreeSpaceExA
DosPathToSessionPathW
SetDefaultCommConfigA
GetCPInfo
PeekNamedPipe
Beep
DeleteFileA
VirtualQueryEx
GetCurrentThread
HeapQueryInformation
UnhandledExceptionFilter
FreeResource
SetVolumeLabelW
GlobalUnlock
FlushConsoleInputBuffer
ExpungeConsoleCommandHistoryA
FlushInstructionCache
SetCommTimeouts
GetProfileStringA
lstrcatA
WriteConsoleOutputA
GetOEMCP
ShowConsoleCursor
CancelDeviceWakeupRequest
GetVolumeNameForVolumeMountPointA
UnmapViewOfFile
RemoveDirectoryA
GetLocaleInfoW
SetDefaultCommConfigW
LocalFileTimeToFileTime
ReleaseSemaphore
VirtualAlloc
GetACP
SetVolumeMountPointW
GetAtomNameA
InterlockedDecrement
LoadLibraryA
CreateFileW
FindClose
GlobalAlloc

mapi32

cmc_free
HrIStorageFromStream@16
ScDupPropset@16
MNLS_MultiByteToWideChar@24
FixMAPI@0
CchOfEncoding@4
FreeProws@4
ScCountProps@12
WrapProgress@20
HrAllocAdviseSink@12
HrThisThreadAdviseSink@8
MAPIFreeBuffer@4
FtgRegisterIdleRoutine@20
MAPIDeleteMail
ScMAPIXFromCMC
GetTnefStreamCodepage
IsBadBoundedStringPtr@8
OpenIMsgOnIStg@44
HrGetOneProp@12
OpenTnefStreamEx@32
CreateIProp@24
DeregisterIdleRoutine@4
LpValFindProp@12
MAPIAllocateMore
HexFromBin@12
DeinitMapiUtil@0
MAPIAllocateBuffer@8
SetAttribIMsgOnIStg@16
OpenTnefStream@28
GetOutlookVersion
SzFindLastCh@8
OpenIMsgSession@12
MNLS_lstrcmpW@8
HrAddColumnsEx@20
MAPIInitIdle@4
cmc_logon
MAPIResolveName

pdh

PdhEnumObjectItemsA
PdhMakeCounterPathA
PdhAdd009CounterW
PdhEnumObjectsHW
PdhCreateSQLTablesA
PdhFormatFromRawValue
PdhReadRawLogRecord
PdhLookupPerfNameByIndexW
PdhRemoveCounter
PdhGetLogFileSize
PdhCreateSQLTablesW
PdhVbGetDoubleCounterValue
PdhBrowseCountersHA
PdhValidatePathA
PdhBindInputDataSourceW
PdhConnectMachineW
PdhGetRawCounterValue
PdhEnumMachinesHA
PdhTranslateLocaleCounterW
PdhGetLogFileTypeW
PdhGetDefaultPerfCounterW
PdhSelectDataSourceW
PdhExpandWildCardPathHA
PdhAddCounterW
PdhGetCounterInfoW
PdhEnumObjectItemsHW
PdhGetDefaultPerfCounterHA
PdhExpandWildCardPathW
PdhGetDefaultPerfObjectW
PdhOpenQueryW
PdhLookupPerfIndexByNameW
PdhBrowseCountersA
PdhParseCounterPathW
PdhBrowseCountersHW
PdhRelogA
PdhEnumLogSetNamesW
PdhGetDataSourceTimeRangeW
PdhSetLogSetRunID
PdhValidatePathW
PdhVbGetCounterPathElements
PdhOpenQueryH
PdhCloseLog
PdhVerifySQLDBW
PdhEnumObjectItemsHA
PdhSetQueryTimeRange

ifsutil

??1INTSTACK@@UAE@XZ
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
??0INTSTACK@@QAE@XZ
?CheckAndAdd@SPARSE_SET@@QAEEVBIG_INT@@PAE@Z
?SetSystemId@LOG_IO_DP_DRIVE@@QAEEE@Z
?Initialize@READ_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?ComputeVolId@SUPERAREA@@SGKK@Z
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@0@Z
?DumpHashTable@SPARSE_SET@@QAEXXZ
?QueryDisjointRangeAndAssignBuffer@TLINK@@QAEPAXPAVBIG_INT@@PAG1PAXK2@Z
?GetSortedNext@TLINK@@QAEPAXPAX@Z
?InvalidateVolume@IO_DP_DRIVE@@QAEEXZ
?ForceAutochk@VOL_LIODPDRV@@QAEEEKKGPBVWSTRING@@@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0@Z
?RemoveEdge@DIGRAPH@@QAEEKK@Z
??1NUMBER_SET@@UAE@XZ
?AddStart@NUMBER_SET@@QAEEVBIG_INT@@@Z
??0NUMBER_SET@@QAE@XZ
?Initialize@INTSTACK@@QAEEXZ
?Write@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
??0READ_WRITE_CACHE@@QAE@XZ
?QueryCompressedInteger@BIG_INT@@QBEXPAE0@Z
?Pop@INTSTACK@@QAEXK@Z
?Initialize@CANNED_SECURITY@@QAEEXZ
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@0PAVMESSAGE@@EE@Z

Sections

.text
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 130KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

934d9ae6aa85c034a8ee8279f806b9ca

Headers

DLL Characteristics

File Characteristics

Imports

sqlwoa

kernel32

mapi32

pdh

ifsutil

Sections

.text Size: 362KB - Virtual size: 362KB

.rdata Size: 362KB - Virtual size: 362KB

.data Size: 130KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 362KB - Virtual size: 362KB

.rdata
Size: 362KB - Virtual size: 362KB

.data
Size: 130KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B