46476cfa8279b4349bcae77935fa1455_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46476cfa8279b4349bcae77935fa1455_JaffaCakes118
Size

178KB
MD5

46476cfa8279b4349bcae77935fa1455
SHA1

cce6cfe5ed2e2554527e185022841fa0976d8f38
SHA256

66fb5000cad49bd14f13ac3764d74219d3661c0ea47baba49ad590641f3afed6
SHA512

13de54b3f93964bb4fd6c175498527bd10d805816f177a4b426bbe9c65612f35a7624cf9015c7e8819c62f3622c3f914871ec407a1297172381af3415687fe51
SSDEEP

3072:WsXhmQ1aZZiBYp9eR2cXqJKaCS3nPbEPxj5unMQb3qAkF+RzNHEeZQR:7hmUqiBYpARnXqlXfbEeMc3hRNlZQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46476cfa8279b4349bcae77935fa1455_JaffaCakes118

Files

46476cfa8279b4349bcae77935fa1455_JaffaCakes118
.exe windows:5 windows x86 arch:x86

623150713251261c14a820e30b54e354

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileSectionA
SetConsolePalette
GetCurrentThread
GlobalAlloc
OpenFileMappingA
SetStdHandle
EnumResourceLanguagesW
FlushFileBuffers
IsBadHugeWritePtr
GetModuleHandleA
IsBadCodePtr
CompareStringA
GetNextVDMCommand
DefineDosDeviceW
BaseDumpAppcompatCache
GetConsoleCursorInfo
InitializeCriticalSectionAndSpinCount
VirtualAlloc
FindNextVolumeW
GetComputerNameA
WideCharToMultiByte
SetVolumeLabelW
GetUserDefaultLangID
ReadFile
ExpandEnvironmentStringsW
OutputDebugStringW
HeapFree
lstrcmpA
CreateMailslotA
OpenConsoleW
FillConsoleOutputCharacterA
PrivMoveFileIdentityW
FindFirstVolumeW
DisconnectNamedPipe
FindFirstFileA
CloseProfileUserMapping
SetupComm
QueryDosDeviceW
lstrcpynW
GetBinaryTypeA
CloseConsoleHandle
SearchPathW
SetComputerNameA
OpenMutexW
UnhandledExceptionFilter
GetOverlappedResult
SetComputerNameExA
GetCurrentDirectoryW
UnregisterConsoleIME
LoadLibraryA
GetVolumePathNamesForVolumeNameA
EnumResourceTypesW
RequestWakeupLatency
MoveFileWithProgressA
GetProcessVersion
BeginUpdateResourceA
GetModuleHandleW
GlobalGetAtomNameW
CreateHardLinkW
EndUpdateResourceW
ResetEvent
TerminateJobObject
EnumLanguageGroupLocalesW
SetComPlusPackageInstallStatus
TermsrvAppInstallMode
RequestDeviceWakeup

mapi32

FBadProp@4
BMAPIAddress
MAPILogoff
BuildDisplayTable@40
HrValidateIPMSubtree@20
HrSetOmiProvidersFlagsInvalid@4
ScMAPIXFromSMAPI
UNKOBJ_COFree@8
MAPIFreeBuffer
HrSetOneProp@8
MAPILogonEx
MNLS_IsBadStringPtrW@8
MAPIAllocateMore
RTFSync
FreePadrlist@4
SzFindSz@8
MAPIInitialize
EncodeID@12
CreateTable@36
MAPIInitIdle@4
ScMAPIXFromCMC
MAPILogonEx@20
OpenTnefStreamEx@32
BMAPIDetails
MAPIGetDefaultMalloc@0
UNKOBJ_Free@8
InstallFilterHook@4
EnableIdleRoutine@8
GetOutlookVersion@0
ScUNCFromLocalPath@12
FBadSortOrderSet@4
cmc_logoff
OpenIMsgOnIStg@44
HrSzFromEntryID@12

msvcrt40

_pwctype
_wcsnset
??0ifstream@@QAE@XZ
??_7istream_withassign@@6B@
_purecall
_fcvt
??0stdiostream@@QAE@ABV0@@Z
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
_mbscspn
wcstod
??1ostrstream@@UAE@XZ
_mbclen
?lockbuf@ios@@QAAXXZ
_amsg_exit
?str@strstreambuf@@QAEPADXZ
_wfindnexti64
_write
?sgetn@streambuf@@QAEHPADH@Z
fputs
??8type_info@@QBEHABV0@@Z
atan
_ismbcl2
??5istream@@QAEAAV0@AAJ@Z
atan2
??3@YAXPAX@Z
difftime
_assert
_fdopen
?setbuf@streambuf@@UAEPAV1@PADH@Z
_local_unwind2
_strerror
wscanf
_beginthread

ntdll

islower
RtlTraceDatabaseFind
NtSetThreadExecutionState
ZwReleaseKeyedEvent
isupper
ZwQueryFullAttributesFile
ZwPulseEvent
ZwInitializeRegistry
RtlApplicationVerifierStop
RtlEnumerateGenericTable
NtCreatePagingFile
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
RtlCreateSystemVolumeInformationFolder
NtSetSystemInformation
ZwFilterToken
ZwOpenMutant
VerSetConditionMask
RtlInitializeHandleTable
ZwCompressKey
RtlWalkFrameChain
NtSetHighWaitLowEventPair
ZwEnumerateSystemEnvironmentValuesEx
DbgUiIssueRemoteBreakin
ZwRenameKey
ZwQueryMultipleValueKey
RtlAreAnyAccessesGranted
ZwQueryDirectoryObject
RtlRealSuccessor
RtlFindLastBackwardRunClear
NtReleaseMutant
ZwMapViewOfSection
ZwFlushInstructionCache
ZwImpersonateAnonymousToken
_strlwr
RtlUnlockHeap
RtlProtectHeap
ZwLockFile
NtResumeProcess
NtEnumerateKey
_ui64tow
NtDeleteBootEntry
ZwQueryMutant
RtlpWaitForCriticalSection
NtRemoveProcessDebug

msvcrt

_findnext
_adj_fprem
_findclose
_wgetdcwd
_memccpy
_mbscat
strtoul
_putw
_jn
_putch
??_V@YAXPAX@Z
?unexpected@@YAXXZ
__lconv_init
freopen
_dstbias
_findnext64
isupper
_mbcasemap
__argc
_popen
_wexecvpe
strlen
_fpclass
??_7exception@@6B@
_CIsqrt
_strlwr
fsetpos
_execl
__fpecode
_ismbchira
printf
swscanf
__wargv
?_query_new_handler@@YAP6AHI@ZXZ

mapistub

MAPIDeinitIdle@0
DeinitMapiUtil@0
UlRelease@4
HrSetOneProp@8
ScCopyProps@16
__CPPValidateParameters@8
HrIStorageFromStream@16
SwapPword@8
UFromSz@4
UNKOBJ_ScAllocateMore@16
PRProviderInit
MNLS_lstrcpyW@8
FixMAPI
IsBadBoundedStringPtr@8
DeregisterIdleRoutine@4
MAPISendMail
MNLS_MultiByteToWideChar@24
FPropCompareProp@12
ScCountNotifications@12
FtAdcFt@20
MAPIOpenLocalFormContainer@4
HrThisThreadAdviseSink@8
cmc_send
FtAddFt@16
HrComposeMsgID@24
MAPIAllocateMore
MAPIAdminProfiles@8
PropCopyMore@16
EnableIdleRoutine@8
UlFromSzHex@4
MNLS_lstrlenW@4
InstallFilterHook@4
HrSetOmiProvidersFlagsInvalid
FBadEntryList@4

user32

RegisterClassA
PostQuitMessage
DefWindowProcA

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

623150713251261c14a820e30b54e354

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mapi32

msvcrt40

ntdll

msvcrt

mapistub

user32

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 512B - Virtual size: 241KB

.rsrc Size: 39KB - Virtual size: 38KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 512B - Virtual size: 241KB

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 1KB - Virtual size: 1KB