4802e7f88db0bddb7606c27e79a07172_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4802e7f88db0bddb7606c27e79a07172_JaffaCakes118
Size

43KB
MD5

4802e7f88db0bddb7606c27e79a07172
SHA1

008849c9c9d062d11bee248967d7f264a16e5aa9
SHA256

0e48f0d39af0585e82842ffebb60256f3fb22887cf36417832ef5bb4a0d3f098
SHA512

a3f51701b14d325e4ae58de9055a1945146a5209d2b98948155afb33a8d1d01f4702395c858d661ea786eaafa57f0f9dea652a56360e9f423a0a7b4ce0c2aaf7
SSDEEP

768:8K4+YzgEF6goXm/p0dY6AmOae2rZw+3CH7jdkVl+OUvtCqK1O:8K7IgA6RXm+OaeGX3u7jdkVlpUlCqK1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4802e7f88db0bddb7606c27e79a07172_JaffaCakes118

Files

4802e7f88db0bddb7606c27e79a07172_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3b21b16d11694c4886b3c3c0e349b8ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapistub

FBadSortOrderSet@4
CloseIMsgSession@4
UNKOBJ_ScCOAllocate@12
FDecodeID@12
FGetComponentPath@20
HrComposeEID@28
FBadRglpNameID@8
ScCopyProps@16
FBinFromHex@8
LAUNCHWIZARD
MAPIOpenLocalFormContainer@4
MAPISaveMail
SzFindLastCh@8
HrValidateParameters@8
UNKOBJ_Free@8
MAPIUninitialize@0
OpenTnefStream
cmc_free
MAPIDeleteMail
BMAPIDetails
LpValFindProp@12
LPropCompareProp@8
MNLS_lstrlenW@4
FBadProp@4
ScCreateConversationIndex@16
SzFindSz@8
MAPIAllocateMore
HrIStorageFromStream@16
MAPILogoff
SwapPword@8
FtMulDw@12
__ValidateParameters@8
FtAdcFt@20

ntdll

RtlValidateProcessHeaps
RtlFreeAnsiString
RtlEnumerateGenericTableAvl
NtRaiseHardError
NtEnumerateSystemEnvironmentValuesEx
NtNotifyChangeKey
RtlDeleteCriticalSection
RtlQueryInformationAcl
ZwImpersonateClientOfPort
_wcsupr
ZwQuerySection
RtlActivateActivationContextEx
NtCancelIoFile
RtlCompactHeap
ZwWaitForSingleObject
RtlWalkHeap
ZwSetIoCompletion
NtTerminateProcess
wcsspn
ZwCreateFile
NtSetSystemInformation
NtAdjustPrivilegesToken
NtQueryDebugFilterState
NtPowerInformation
RtlGetControlSecurityDescriptor
NtQueryFullAttributesFile
RtlCreateUserSecurityObject
vDbgPrintExWithPrefix
RtlConvertUiListToApiList
RtlConvertSidToUnicodeString
NtMapUserPhysicalPagesScatter
RtlSetTimer
RtlTraceDatabaseFind
RtlUlongByteSwap
LdrDisableThreadCalloutsForDll
RtlIpv6AddressToStringW
ZwReplyPort
ZwReplyWaitReceivePortEx
RtlUpcaseUnicodeString
ZwQueryDirectoryObject

kernel32

PrepareTape
FindResourceExA
CreateTapePartition
SetEvent
GetConsoleAliasesA
TerminateThread
SetConsoleCursorInfo
EnumTimeFormatsA
Toolhelp32ReadProcessMemory
FindFirstChangeNotificationW
LoadLibraryA
LockResource
VirtualAlloc
LocalAlloc
SetThreadIdealProcessor
SetProcessShutdownParameters
lstrcpyW
SetConsoleIcon
FindFirstVolumeMountPointW
GetSystemDefaultUILanguage
SetLastConsoleEventActive
HeapCreate
EnumResourceLanguagesW
SetLocaleInfoA
SetProcessPriorityBoost
CreateJobSet
RtlCaptureStackBackTrace
GetLocaleInfoW
ExpandEnvironmentStringsW
RegisterWaitForSingleObjectEx
GetCommTimeouts
FlushInstructionCache
ConvertFiberToThread
BuildCommDCBA
GetAtomNameA
EnumCalendarInfoExA
GetConsoleScreenBufferInfo
GetConsoleWindow
BackupSeek
GetSystemTimeAsFileTime
GlobalHandle
Thread32First
FindFirstVolumeMountPointA
GetNumaProcessorNode
AddConsoleAliasW
CreateDirectoryExW

iphlpapi

UnenableRouter
NTPTimeToNTFileTime
GetIpAddrTable
GetNumberOfInterfaces
_PfAddGlobalFilterToInterface@8
FlushIpNetTable
DeleteIPAddress
_PfRemoveFilterHandles@12
_PfBindInterfaceToIPAddress@12
DeleteIpForwardEntry
InternalSetIpStats
NotifyAddrChange
do_echo_rep
do_echo_req
GetIpErrorString
InternalSetTcpEntry
_PfMakeLog@4
_PfDeleteLog@0
IpReleaseAddress
_PfAddFiltersToInterface@24
Icmp6ParseReplies
InternalGetIfTable
IcmpCreateFile
Icmp6CreateFile
InternalGetTcpTable
InternalSetIpForwardEntry
GetFriendlyIfIndex
AllocateAndGetIpAddrTableFromStack
SetIpStatistics
IpRenewAddress
GetAdaptersAddresses
NhpAllocateAndGetInterfaceInfoFromStack
InternalGetIpNetTable
IcmpSendEcho2

crtdll

strftime
mktime
fopen
__fpecode
_ismbchira
_osversion_dll
_sopen
strstr
_findfirst
fgetwc
pow
acos
_spawnvp
towupper
_matherr
isxdigit
mbtowc
_CIcosh
isalpha
_fpieee_flt
_mbsset
_fsopen
_getw
fgets
_flsbuf
fgetc
_wcsicmp
_mbclen
_strcmpi
_ftime
rand
wcschr
_assert
_ctype

msvcrt

_getsystime
_ctype
_wexecvpe
?set_unexpected@@YAP6AXXZP6AXXZ@Z
_ltow
wcstoul
strstr
_fputchar
_ismbcupper
fprintf
__p__winminor
wcstol
__p__fmode
swprintf
_isatty
??0exception@@QAE@ABQBD@Z
_mkdir
_findfirst64
atoi
_localtime64
_findfirsti64
pow
_strnicmp
_splitpath
_wfindfirst
wcschr
wcsspn
__RTDynamicCast
__setlc_active
_wrmdir
??_Eexception@@UAEPAXI@Z

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b21b16d11694c4886b3c3c0e349b8ba

Headers

DLL Characteristics

File Characteristics

Imports

mapistub

ntdll

kernel32

iphlpapi

crtdll

msvcrt

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 15KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 15KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B