7604a0d20c42d1e7dc5b9d94ac0a1036_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7604a0d20c42d1e7dc5b9d94ac0a1036_JaffaCakes118
Size

383KB
MD5

7604a0d20c42d1e7dc5b9d94ac0a1036
SHA1

92b5bc9cd791548bd129a80aa643f7bcb01f2dca
SHA256

4df2fe22622ca3f8ad5d571b1645b81e2b200373e3b2a8c6b012efe3fc65ca97
SHA512

b7b44e2b93de25d95cdf4e7d063b0a08a731749111f4eaf5bcece152e0e0278ff8c7a98234144445dba1d81451dd9548efad7325056b88cb2483716635343060
SSDEEP

6144:0gMXt0VUmVnaEEoUvFjpbIFsrotg7WEHsezruoM36rGLKird9L3GVq5UmZ1:0FyUgJEZvFRI+rmGyIuaAKiWVqi81

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7604a0d20c42d1e7dc5b9d94ac0a1036_JaffaCakes118

Files

7604a0d20c42d1e7dc5b9d94ac0a1036_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c95c9948b43bff23318a8a6653031a45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapistub

MAPIResolveName
ScCountProps@12
ScCountNotifications@12
UNKOBJ_FreeRows@8
GetTnefStreamCodepage
GetOutlookVersion
BMAPIDetails
HrSetOneProp@8
MAPIInitialize@4
GetTnefStreamCodepage@12
DeregisterIdleRoutine@4
MNLS_MultiByteToWideChar@24
ScCreateConversationIndex@16
PpropFindProp@12
MAPIUninitialize
ScRelocNotifications@20
BMAPISaveMail
MAPIAddress
FtSubFt@16
FreePadrlist@4
MAPIAdminProfiles@8
BMAPIAddress
OpenStreamOnFile
MAPIInitialize
WrapCompressedRTFStream
MAPIOpenLocalFormContainer@4
MAPIFindNext
WrapProgress@20
MAPISaveMail
HrAddColumnsEx@20
MAPIFreeBuffer
cmc_query_configuration
MAPIAllocateBuffer@8
FDecodeID@12
MAPILogonEx
WrapCompressedRTFStream@12
MAPIOpenFormMgr@8
LPropCompareProp@8
HrIStorageFromStream@16
MAPIDetails
HrQueryAllRows@24
OpenTnefStreamEx
BMAPIReadMail
MAPIAllocateMore@12

sqlunirl

_EnumResourceNames_@16
_SetDefaultCommConfig_@12
_OpenFile_@12
_MoveFile@8
_ChangeServiceConfig_@44
_CreateFont@56
_PeekMessage@20
_RegisterClass_@4
_CharNext_@4
_FindFirstFileEx_@24
_SendMessageTimeout_@28
_CreateFileMapping_@24
AllocConvertMultiSZNameToA
_FindFirstFile_@8
_LoadCursor@8
_GetPrivateProfileSection_@16
_OutputDebugString_@4
_NDdeShareAdd_@20
_LookupPrivilegeName_@16
_SetFileAttributes_@8
newMultiByteFromWideChar
_AccessCheckAndAuditAlarm_@44
_WriteConsoleInput_@16
_OpenSCManager_@12
__lopen_@8
_GetFileVersionInfo_@16
_ShellAbout_@16
_CreateEvent_@16
_ReplaceText_@4
_GetKeyboardLayoutName_@4
_UpdateResource_@24
_RegisterServiceCtrlHandler_@8
_LoadImage_@24
_EnumDesktops_@12
_GetMenuItemInfo_@16
_FatalAppExit_@8
_SetComputerName_@4
_SetWindowLong@12
_LoadCursorFromFile_@4
_DefDlgProc_@16
_ExtractAssociatedIcon_@12
_RegRestoreKey_@12

msvcrt

__CxxLongjmpUnwind
_mbstrlen
fopen
__getmainargs
_putws
_ungetch
_XcptFilter
_mbsnbset
_hypot
_wrename
__wargv
_wcstoui64
_adj_fdivr_m64
_mbscat
_kbhit
_pwctype
_lseeki64
_getdrive
mblen
_unlink
_ismbcl0
_CIcos
wcstombs
ungetwc
_mbscspn
signal
iswalpha
_wchmod
_toupper
_aligned_free
_strtoui64
__isascii
strlen
__RTtypeid
cosh
_strtime
_heapchk
_y0
_vscprintf
wcstod
fseek

winmm

mciGetDeviceIDFromElementIDA
midiOutGetNumDevs
mciGetYieldProc
SendDriverMessage
waveOutGetPlaybackRate
mciSetDriverData
joyConfigChanged
waveOutPause
mmioOpenA
joyReleaseCapture
waveOutGetErrorTextW
mixerGetDevCapsW
waveOutBreakLoop
joyGetThreshold
waveOutGetPitch
midiOutGetVolume
mmTaskYield
midiStreamRestart
waveInStart
waveOutClose
mmioInstallIOProcA
mciExecute
mciGetDeviceIDW
midiOutSetVolume
midiStreamStop

imagehlp

FindExecutableImageEx
TouchFileTimes
SymGetModuleInfo64
GetImageUnusedHeaderBytes
SymGetLinePrev64
StackWalk
GetImageConfigInformation
FindDebugInfoFile
SymRegisterFunctionEntryCallback64
UnDecorateSymbolName
SymGetModuleBase
SymGetLinePrev
ReBaseImage64
MapFileAndCheckSumW
SymEnumTypes
SymInitialize
MakeSureDirectoryPathExists
SymGetSymPrev64
SymFunctionTableAccess64
ImageRvaToSection
SymUnDName
SymRegisterCallback
SymGetTypeInfo
BindImage
SymEnumSym
StackWalk64
ImageGetCertificateData
RemovePrivateCvSymbolicEx

ntdll

ZwGetContextThread
RtlLengthSecurityDescriptor
ZwSaveKey
RtlInitNlsTables
RtlAnsiStringToUnicodeSize
ZwSetValueKey
NtCreateDebugObject
ZwQueryPortInformationProcess
ZwUnloadKeyEx
NtQueryQuotaInformationFile
RtlCompareMemory
ZwUnmapViewOfSection
RtlAddAccessAllowedAceEx
NtEnumerateValueKey
RtlDeleteSecurityObject
RtlCreateUserProcess
atan
RtlAreBitsSet
_splitpath
NtSetSecurityObject
NtAccessCheckByType
RtlAcquireResourceExclusive
ZwQueryIntervalProfile
ZwClearEvent
ZwQuerySection
RtlValidateHeap
NtTerminateThread
RtlProtectHeap
NtAlertThread
RtlEnumerateGenericTable
RtlAppendAsciizToString
RtlAppendUnicodeToString
RtlAddAuditAccessAce
ZwQueryMutant
ZwQueryInformationAtom
ZwSetTimerResolution
RtlInitializeHandleTable
_aullrem
ZwImpersonateClientOfPort

kernel32

HeapUnlock
SetFilePointerEx
SetNamedPipeHandleState
OpenThread
FileTimeToLocalFileTime
GlobalFindAtomA
CopyFileExW
GetCalendarInfoA
_lwrite
ReadConsoleInputExW
VirtualProtectEx
SetComPlusPackageInstallStatus
GetUserGeoID
IsValidCodePage
VirtualAlloc
Module32FirstW
OpenFile
OutputDebugStringA
OpenSemaphoreA
ClearCommBreak
GetLongPathNameW
LoadLibraryA
Heap32Next
GetGeoInfoW
SetConsoleWindowInfo
GetPriorityClass
CancelDeviceWakeupRequest
GlobalCompact
UnmapViewOfFile
HeapCompact
IsDebuggerPresent
GetConsoleInputExeNameA
FileTimeToSystemTime
GetStartupInfoA
SetStdHandle
InitializeCriticalSection
SetFileApisToANSI
CopyLZFile
HeapDestroy
lstrlenA
WriteConsoleOutputAttribute
GlobalFix
GetConsoleTitleW
GetWindowsDirectoryW
lstrcpynA
IsProcessInJob
SetThreadAffinityMask
TransactNamedPipe

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 179KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c95c9948b43bff23318a8a6653031a45

Headers

DLL Characteristics

File Characteristics

Imports

mapistub

sqlunirl

msvcrt

winmm

imagehlp

ntdll

kernel32

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 89KB - Virtual size: 89KB

.data Size: 179KB - Virtual size: 634KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 89KB - Virtual size: 89KB

.data
Size: 179KB - Virtual size: 634KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 1024B - Virtual size: 1024B