732e9bbb176791d8850759a7d0ab2999_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

732e9bbb176791d8850759a7d0ab2999_JaffaCakes118
Size

107KB
MD5

732e9bbb176791d8850759a7d0ab2999
SHA1

d712980f2ebe81cb97514a4cf595681932bdc829
SHA256

01927a659faa39de4d603047d2fc41b26cc47439bd999d901b23b09e28d33ed5
SHA512

9257b4e8052348dc415703470dd49efe40a601fd6114ebbdd5897f925527ce1435d3b90837148c640336d9eb042a9b320b26daed04eadbb93e0c08e7323df758
SSDEEP

3072:yfK+rUB9wqKmuclOftlNHARNRMwBnwJqvbs+TmePt:kK+rUTwqKmucsftRqvbLa6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
732e9bbb176791d8850759a7d0ab2999_JaffaCakes118

Files

732e9bbb176791d8850759a7d0ab2999_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bfa8d20ade3bf07508a98b852c38cb75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetTimeFormatA
DeleteVolumeMountPointA
RtlCaptureStackBackTrace
FindFirstVolumeMountPointA
GlobalFindAtomA
GlobalAlloc
GetCurrentProcessId
GetProfileStringW
MapUserPhysicalPages
VirtualAlloc
WaitForSingleObjectEx
GetConsoleAliasExesLengthW
GetEnvironmentVariableW
SetComPlusPackageInstallStatus
BuildCommDCBA
OutputDebugStringA
GetThreadLocale
IsValidLocale

mapistub

HrEntryIDFromSz@12
HrComposeEID@28
GetTnefStreamCodepage
ScInitMapiUtil@4
FtAddFt@16
FBadRglpszA@8
MAPIAllocateMore
UNKOBJ_ScCOReallocate@12
ScLocalPathFromUNC@12
HrGetOmiProvidersFlags@8
FtMulDwDw@8
FPropContainsProp@12
DeregisterIdleRoutine@4
MAPIUninitialize@0
FEqualNames@8
MAPIOpenFormMgr@8
MAPIUninitialize
UFromSz@4
OpenIMsgSession@12
MAPIDetails

clbcatq

UpdateFromAppChange
ServerGetApplicationType
CreateComponentLibraryEx
GetComputerObject
ComPlusMigrate
OpenComponentLibraryEx
DowngradeAPL
OpenComponentLibraryOnStreamEx
UpdateFromComponentChange
GetCatalogObject
CLSIDFromStringByBitness
InprocServer32FromString
CheckMemoryGates
GetCatalogObject2
SetSetupOpen
OpenComponentLibraryOnMemEx
ActivatorUpdateForIsRouterChanges
SetupOpen
SetupSave
DeleteAllActivatorsForClsid
SetSetupSave
GetSimpleTableDispenser
CoRegCleanup

ntdsapi

DsGetSpnW
DsCrackSpn3W
DsAddSidHistoryA
DsRemoveDsServerW
DsGetDomainControllerInfoW
DsUnquoteRdnValueA
DsReplicaGetInfoW
DsReplicaUpdateRefsW
DsReplicaSyncAllA
DsBindWithSpnW
DsCrackUnquotedMangledRdnW
DsCrackUnquotedMangledRdnA
DsListServersForDomainInSiteW
DsFreeDomainControllerInfoW
DsFreeSpnArrayW

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 59KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfa8d20ade3bf07508a98b852c38cb75

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mapistub

clbcatq

ntdsapi

Sections

.text Size: 35KB - Virtual size: 34KB

Size: 40KB - Virtual size: 39KB

Size: 59KB - Virtual size: 213KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 408B

.text
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 408B