455ef77873e65f713fde773118ecba7d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

455ef77873e65f713fde773118ecba7d_JaffaCakes118
Size

137KB
MD5

455ef77873e65f713fde773118ecba7d
SHA1

32412a2130e3d814db9643f9f99d4ac929aba4b3
SHA256

0c1b22d60b1b4fb7902d1aab6555b075eda85ef3c9ab9cc0e98d52de12ee57ca
SHA512

210fe5357eec53a57fd92e6b3cade26c334c92e135c934665ed3225072d2e8893be20ce11ac8daa60f156d059ff60dddb88b03676c409fa955fe14773a18f7d5
SSDEEP

3072:i9p6REvMx+21ohomYBM5BGVPklnm9pkdz1EYgjI:i2REUY2q1YBMrrnsm1gjI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
455ef77873e65f713fde773118ecba7d_JaffaCakes118

Files

455ef77873e65f713fde773118ecba7d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b4d3b5b49a0d10080714fb39dc8e1e73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapi32

FGetComponentPath
GetAttribIMsgOnIStg@12
__ValidateParameters@8
FtNegFt@8
FGetComponentPath@20
OpenTnefStreamEx
PRProviderInit
MAPIDeleteMail
ChangeIdleRoutine@28
DllGetClassObject
HrDecomposeMsgID@24
OpenStreamOnFile@24
FBinFromHex@8
MAPIOpenLocalFormContainer@4
OpenTnefStreamEx@32
EncodeID@12
MNLS_CompareStringW@24
MAPIReadMail
HrAllocAdviseSink@12
SwapPword@8
MAPIAdminProfiles
cmc_free
WrapProgress@20
MAPISaveMail
MapStorageSCode@4
ScCopyProps@16
MAPISendMail
HrComposeMsgID@24
ScCreateConversationIndex@16
UNKOBJ_ScSzFromIdsAlloc@20
SzFindSz@8
FPropContainsProp@12
WrapStoreEntryID@24
UNKOBJ_COFree@8
PpropFindProp@12

msvcirt

??_7iostream@@6B@
?seekoff@strstreambuf@@UAEJJW4seek_dir@ios@@H@Z
??_7ifstream@@6B@
??_Gstdiobuf@@UAEPAXI@Z
?unlock@streambuf@@QAEXXZ
??0ofstream@@QAE@XZ
?binary@filebuf@@2HB
__dummy_export
?underflow@stdiobuf@@UAEHXZ
?x_maxbit@ios@@0JA
??1istream_withassign@@UAE@XZ
??5istream@@QAEAAV0@AAG@Z
?osfx@ostream@@QAEXXZ
??0istrstream@@QAE@PADH@Z
??_Dostrstream@@QAEXXZ
?bitalloc@ios@@SAJXZ
??0ostrstream@@QAE@XZ
?bad@ios@@QBEHXZ
?peek@istream@@QAEHXZ
??0strstreambuf@@QAE@PAEH0@Z
??_Distream@@QAEXXZ
?getline@istream@@QAEAAV1@PACHD@Z
??_7logic_error@@6B@
??0ostream_withassign@@QAE@ABV0@@Z
?xsputn@streambuf@@UAEHPBDH@Z
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
??1exception@@UAE@XZ
??0fstream@@QAE@ABV0@@Z
??4istream@@IAEAAV0@PAVstreambuf@@@Z
?tellg@istream@@QAEJXZ
?setbuf@filebuf@@UAEPAVstreambuf@@PADH@Z
??0ios@@IAE@XZ
??0istrstream@@QAE@PAD@Z
??_Gexception@@UAEPAXI@Z
??0stdiostream@@QAE@ABV0@@Z
?sh_write@filebuf@@2HB
??_7istrstream@@6B@
?openprot@filebuf@@2HB
?getline@istream@@QAEAAV1@PADHD@Z
??Bios@@QBEPAXXZ
??_Difstream@@QAEXXZ
??0ifstream@@QAE@XZ

cryptui

WizardFree
CryptUIDlgSelectCertificateA
CryptUIFreeCertificatePropertiesPagesW
CryptUIWizFreeDigitalSignContext
CryptUIFreeCertificatePropertiesPagesA
CryptUIWizSubmitCertRequestNoDS
CryptUIWizDigitalSign
I_CryptUIProtectFailure
CryptUIDlgViewCRLW
CryptUIFreeViewSignaturesPagesW
CryptUIGetViewSignaturesPagesA
I_CryptUIProtect
CryptUIWizBuildCTL
CryptUIWizQueryCertRequestNoDS
CryptUIGetCertificatePropertiesPagesW
LocalEnroll
CryptUIDlgViewSignerInfoA
CryptUIWizFreeCertRequestNoDS
CryptUIDlgViewCRLA
ACUIProviderInvokeUI
LocalEnrollNoDS
CryptUIDlgViewCertificateW
CryptUIDlgViewCTLA
CryptUIGetViewSignaturesPagesW
CryptUIDlgViewCertificatePropertiesW
CryptUIDlgSelectStoreA
CryptUIDlgFreeCAContext
CryptUIDlgViewSignerInfoW
CryptUIDlgViewContext
DllRegisterServer

w32topl

ToplScheduleIsEqual
ToplHeapExtractMin
ToplHeapInsert
ToplGraphMakeRing
ToplDeleteSpanningTreeEdges
ToplGraphNumberOfVertices
ToplPScheduleValid
ToplVertexNumberOfOutEdges
ToplSetAllocator
ToplAddEdgeToGraph
ToplDeleteComponents
ToplEdgeGetFromVertex
ToplVertexGetId
ToplEdgeDisassociate
ToplGraphCreate
ToplEdgeCreate
ToplEdgeSetToVertex
ToplGraphFindEdgesForMST
ToplScheduleCacheCreate
ToplIterAdvance
ToplGetAlwaysSchedule
ToplVertexGetParent
ToplScheduleMerge
ToplEdgeSetFromVertex
ToplScheduleImport
ToplVertexFree
ToplScheduleNumEntries
ToplSTHeapInit
ToplVertexInit
ToplListSetIter

msi

MsiEnumRelatedProductsA
MsiEnumComponentsW
MsiSetPropertyW
MsiDatabaseMergeW
MsiSummaryInfoGetPropertyW
MsiInvalidateFeatureCache
MsiEnumComponentsA
MsiInstallMissingComponentA
MsiProvideAssemblyA
MsiAdvertiseScriptW
MsiDatabaseExportW
MsiSourceListClearAllW
MsiAdvertiseProductA
MsiOpenPackageW
MsiEnumComponentQualifiersW
MsiDatabaseApplyTransformA
MsiProvideQualifiedComponentExW
MsiQueryFeatureStateA
MsiSetFeatureStateA
MsiQueryProductStateA
MsiNotifySidChangeW
MsiIsProductElevatedA
MsiEnableUIPreview
MsiConfigureFeatureFromDescriptorW
MsiSequenceA
MsiCollectUserInfoW
MsiAdvertiseProductExW
DllGetVersion
MsiApplyPatchA
MsiGetTargetPathA
MsiSummaryInfoSetPropertyA
MsiGetFileSignatureInformationW
MsiViewModify
MsiProcessAdvertiseScriptA
MsiGetUserInfoW
MsiSequenceW
MsiGetFeatureUsageA

cfgmgr32

CM_Detect_Resource_Conflict_Ex
CM_Get_Device_Interface_List_Size_ExA
CM_Get_Parent
CM_Get_Class_Registry_PropertyW
CM_Uninstall_DevNode_Ex
CM_Run_Detection
CM_Get_DevNode_Registry_PropertyW
CM_Query_Remove_SubTree_Ex
CM_Free_Log_Conf_Handle
CM_Get_First_Log_Conf
CM_Get_Res_Des_Data
CM_Get_Device_Interface_ListA
CM_Setup_DevNode
CM_Get_DevNode_Status_Ex
CM_Set_DevNode_Registry_Property_ExW
CM_Get_Device_ID_List_SizeW
CM_Locate_DevNode_ExA
CM_Locate_DevNodeA
CM_Get_HW_Prof_Flags_ExA
CM_Locate_DevNode_ExW
CM_Query_Resource_Conflict_List
CM_Create_DevNodeA
CM_Open_DevNode_Key
CM_Unregister_Device_Interface_ExW
CM_Get_Device_IDA
CM_Get_Class_Registry_PropertyA
CM_Get_Device_ID_List_ExA
CM_Enumerate_EnumeratorsW
CMP_WaitServicesAvailable
CM_Get_Device_ID_ListA
CM_Free_Resource_Conflict_Handle
CM_Get_Device_Interface_List_ExW

ntdll

ZwOpenMutant
NtCreateJobSet
NtSetInformationFile
ZwQueueApcThread
NtOpenIoCompletion
strncat
RtlSizeHeap
RtlActivateActivationContextEx
ZwMapUserPhysicalPages
ZwPrivilegedServiceAuditAlarm
LdrSetAppCompatDllRedirectionCallback
ZwEnumerateSystemEnvironmentValuesEx
RtlCreateTagHeap
NtRequestPort
RtlTimeToSecondsSince1980
ZwReleaseMutant
NtResumeThread
ZwSetDefaultHardErrorPort
NtFlushKey
isxdigit
DbgUiWaitStateChange
ZwSetDebugFilterState
atan
NtAccessCheckByTypeResultListAndAuditAlarm
ZwFlushWriteBuffer
NtDeleteBootEntry
ZwFilterToken
ZwSetEventBoostPriority
ZwSetLdtEntries
RtlDowncaseUnicodeChar
strrchr
RtlPinAtomInAtomTable
RtlLengthRequiredSid
iswlower
NtLoadKey2
NtSaveMergedKeys
RtlZombifyActivationContext
strspn
NtQueryVolumeInformationFile
RtlSetGroupSecurityDescriptor

advapi32

CreateProcessAsUserW
AllocateLocallyUniqueId
SetPrivateObjectSecurity
BuildTrusteeWithNameW
WmiQueryAllDataMultipleW
LookupSecurityDescriptorPartsW
GetServiceDisplayNameA
GetSecurityDescriptorOwner
CryptGetDefaultProviderA
GetTrusteeNameA
IdentifyCodeAuthzLevelW
LsaOpenPolicy
RegCreateKeyExA
UnregisterIdleTask
RegCloseKey
ComputeAccessTokenFromCodeAuthzLevel
PrivilegeCheck
SystemFunction009
WmiDevInstToInstanceNameW
DuplicateToken
SystemFunction025
WmiOpenBlock
CryptReleaseContext
GetSecurityDescriptorSacl
AddAccessDeniedAce
IsValidSid
CredpConvertTargetInfo
ConvertStringSDToSDRootDomainA
CredEnumerateA
AccessCheckByTypeResultListAndAuditAlarmW
GetSidSubAuthority
RegCreateKeyW
CloseEncryptedFileRaw
GetSecurityDescriptorDacl
BuildTrusteeWithObjectsAndSidW
SystemFunction011
CredRenameW
OpenTraceW

kernel32

UnhandledExceptionFilter
VirtualAlloc
GlobalGetAtomNameW
SetConsoleMaximumWindowSize
DeleteCriticalSection
SetEnvironmentVariableA
LeaveCriticalSection
FindNextVolumeMountPointA
EnterCriticalSection
CreateFileMappingW
SetComputerNameExW
GetConsoleAliasesA
VerifyVersionInfoA
FindActCtxSectionStringA
WriteConsoleOutputCharacterW
QueryDosDeviceA
RequestDeviceWakeup
CreateMailslotA
AddRefActCtx
GetSystemDirectoryW
WriteConsoleInputVDMA
ReadConsoleInputExA
SetConsoleMenuClose
GetTempFileNameW
GetPrivateProfileIntW
GetPrivateProfileStructW
GetLogicalDriveStringsW
LoadLibraryA
WaitNamedPipeW
GetProfileIntA
GetFileTime

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4d3b5b49a0d10080714fb39dc8e1e73

Headers

DLL Characteristics

File Characteristics

Imports

mapi32

msvcirt

cryptui

w32topl

msi

cfgmgr32

ntdll

advapi32

kernel32

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 38KB - Virtual size: 177KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 948B

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 38KB - Virtual size: 177KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 948B