77c24dfdf8aac3241230c377d09ed96d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

77c24dfdf8aac3241230c377d09ed96d_JaffaCakes118
Size

143KB
MD5

77c24dfdf8aac3241230c377d09ed96d
SHA1

e5eea3302541a4381c05682b3872cd068df3cd8d
SHA256

2f40de6c8966b9ef11b4ced1eff4f978b35e3e3b142c12f137f0665b6daf346f
SHA512

b1bd3a45775bb5dcf5d6482b6f6af2868cbe06de0df7d730a58bc078f525d5e0368e829bcc35606aefd8d407d24415d8fed8b698cd3333ba30cc0b2d29c096e2
SSDEEP

3072:v9p6REvMx+21ohomYBM5BGVPNYm9pkdz1EYgjjo:v2REUY2q1YBMrLsm1gj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77c24dfdf8aac3241230c377d09ed96d_JaffaCakes118

Files

77c24dfdf8aac3241230c377d09ed96d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b4d3b5b49a0d10080714fb39dc8e1e73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapi32

FGetComponentPath
GetAttribIMsgOnIStg@12
__ValidateParameters@8
FtNegFt@8
FGetComponentPath@20
OpenTnefStreamEx
PRProviderInit
MAPIDeleteMail
ChangeIdleRoutine@28
DllGetClassObject
HrDecomposeMsgID@24
OpenStreamOnFile@24
FBinFromHex@8
MAPIOpenLocalFormContainer@4
OpenTnefStreamEx@32
EncodeID@12
MNLS_CompareStringW@24
MAPIReadMail
HrAllocAdviseSink@12
SwapPword@8
MAPIAdminProfiles
cmc_free
WrapProgress@20
MAPISaveMail
MapStorageSCode@4
ScCopyProps@16
MAPISendMail
HrComposeMsgID@24
ScCreateConversationIndex@16
UNKOBJ_ScSzFromIdsAlloc@20
SzFindSz@8
FPropContainsProp@12
WrapStoreEntryID@24
UNKOBJ_COFree@8
PpropFindProp@12

msvcirt

??_7iostream@@6B@
?seekoff@strstreambuf@@UAEJJW4seek_dir@ios@@H@Z
??_7ifstream@@6B@
??_Gstdiobuf@@UAEPAXI@Z
?unlock@streambuf@@QAEXXZ
??0ofstream@@QAE@XZ
?binary@filebuf@@2HB
__dummy_export
?underflow@stdiobuf@@UAEHXZ
?x_maxbit@ios@@0JA
??1istream_withassign@@UAE@XZ
??5istream@@QAEAAV0@AAG@Z
?osfx@ostream@@QAEXXZ
??0istrstream@@QAE@PADH@Z
??_Dostrstream@@QAEXXZ
?bitalloc@ios@@SAJXZ
??0ostrstream@@QAE@XZ
?bad@ios@@QBEHXZ
?peek@istream@@QAEHXZ
??0strstreambuf@@QAE@PAEH0@Z
??_Distream@@QAEXXZ
?getline@istream@@QAEAAV1@PACHD@Z
??_7logic_error@@6B@
??0ostream_withassign@@QAE@ABV0@@Z
?xsputn@streambuf@@UAEHPBDH@Z
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
??1exception@@UAE@XZ
??0fstream@@QAE@ABV0@@Z
??4istream@@IAEAAV0@PAVstreambuf@@@Z
?tellg@istream@@QAEJXZ
?setbuf@filebuf@@UAEPAVstreambuf@@PADH@Z
??0ios@@IAE@XZ
??0istrstream@@QAE@PAD@Z
??_Gexception@@UAEPAXI@Z
??0stdiostream@@QAE@ABV0@@Z
?sh_write@filebuf@@2HB
??_7istrstream@@6B@
?openprot@filebuf@@2HB
?getline@istream@@QAEAAV1@PADHD@Z
??Bios@@QBEPAXXZ
??_Difstream@@QAEXXZ
??0ifstream@@QAE@XZ

cryptui

WizardFree
CryptUIDlgSelectCertificateA
CryptUIFreeCertificatePropertiesPagesW
CryptUIWizFreeDigitalSignContext
CryptUIFreeCertificatePropertiesPagesA
CryptUIWizSubmitCertRequestNoDS
CryptUIWizDigitalSign
I_CryptUIProtectFailure
CryptUIDlgViewCRLW
CryptUIFreeViewSignaturesPagesW
CryptUIGetViewSignaturesPagesA
I_CryptUIProtect
CryptUIWizBuildCTL
CryptUIWizQueryCertRequestNoDS
CryptUIGetCertificatePropertiesPagesW
LocalEnroll
CryptUIDlgViewSignerInfoA
CryptUIWizFreeCertRequestNoDS
CryptUIDlgViewCRLA
ACUIProviderInvokeUI
LocalEnrollNoDS
CryptUIDlgViewCertificateW
CryptUIDlgViewCTLA
CryptUIGetViewSignaturesPagesW
CryptUIDlgViewCertificatePropertiesW
CryptUIDlgSelectStoreA
CryptUIDlgFreeCAContext
CryptUIDlgViewSignerInfoW
CryptUIDlgViewContext
DllRegisterServer

w32topl

ToplScheduleIsEqual
ToplHeapExtractMin
ToplHeapInsert
ToplGraphMakeRing
ToplDeleteSpanningTreeEdges
ToplGraphNumberOfVertices
ToplPScheduleValid
ToplVertexNumberOfOutEdges
ToplSetAllocator
ToplAddEdgeToGraph
ToplDeleteComponents
ToplEdgeGetFromVertex
ToplVertexGetId
ToplEdgeDisassociate
ToplGraphCreate
ToplEdgeCreate
ToplEdgeSetToVertex
ToplGraphFindEdgesForMST
ToplScheduleCacheCreate
ToplIterAdvance
ToplGetAlwaysSchedule
ToplVertexGetParent
ToplScheduleMerge
ToplEdgeSetFromVertex
ToplScheduleImport
ToplVertexFree
ToplScheduleNumEntries
ToplSTHeapInit
ToplVertexInit
ToplListSetIter

msi

MsiEnumRelatedProductsA
MsiEnumComponentsW
MsiSetPropertyW
MsiDatabaseMergeW
MsiSummaryInfoGetPropertyW
MsiInvalidateFeatureCache
MsiEnumComponentsA
MsiInstallMissingComponentA
MsiProvideAssemblyA
MsiAdvertiseScriptW
MsiDatabaseExportW
MsiSourceListClearAllW
MsiAdvertiseProductA
MsiOpenPackageW
MsiEnumComponentQualifiersW
MsiDatabaseApplyTransformA
MsiProvideQualifiedComponentExW
MsiQueryFeatureStateA
MsiSetFeatureStateA
MsiQueryProductStateA
MsiNotifySidChangeW
MsiIsProductElevatedA
MsiEnableUIPreview
MsiConfigureFeatureFromDescriptorW
MsiSequenceA
MsiCollectUserInfoW
MsiAdvertiseProductExW
DllGetVersion
MsiApplyPatchA
MsiGetTargetPathA
MsiSummaryInfoSetPropertyA
MsiGetFileSignatureInformationW
MsiViewModify
MsiProcessAdvertiseScriptA
MsiGetUserInfoW
MsiSequenceW
MsiGetFeatureUsageA

cfgmgr32

CM_Detect_Resource_Conflict_Ex
CM_Get_Device_Interface_List_Size_ExA
CM_Get_Parent
CM_Get_Class_Registry_PropertyW
CM_Uninstall_DevNode_Ex
CM_Run_Detection
CM_Get_DevNode_Registry_PropertyW
CM_Query_Remove_SubTree_Ex
CM_Free_Log_Conf_Handle
CM_Get_First_Log_Conf
CM_Get_Res_Des_Data
CM_Get_Device_Interface_ListA
CM_Setup_DevNode
CM_Get_DevNode_Status_Ex
CM_Set_DevNode_Registry_Property_ExW
CM_Get_Device_ID_List_SizeW
CM_Locate_DevNode_ExA
CM_Locate_DevNodeA
CM_Get_HW_Prof_Flags_ExA
CM_Locate_DevNode_ExW
CM_Query_Resource_Conflict_List
CM_Create_DevNodeA
CM_Open_DevNode_Key
CM_Unregister_Device_Interface_ExW
CM_Get_Device_IDA
CM_Get_Class_Registry_PropertyA
CM_Get_Device_ID_List_ExA
CM_Enumerate_EnumeratorsW
CMP_WaitServicesAvailable
CM_Get_Device_ID_ListA
CM_Free_Resource_Conflict_Handle
CM_Get_Device_Interface_List_ExW

ntdll

ZwOpenMutant
NtCreateJobSet
NtSetInformationFile
ZwQueueApcThread
NtOpenIoCompletion
strncat
RtlSizeHeap
RtlActivateActivationContextEx
ZwMapUserPhysicalPages
ZwPrivilegedServiceAuditAlarm
LdrSetAppCompatDllRedirectionCallback
ZwEnumerateSystemEnvironmentValuesEx
RtlCreateTagHeap
NtRequestPort
RtlTimeToSecondsSince1980
ZwReleaseMutant
NtResumeThread
ZwSetDefaultHardErrorPort
NtFlushKey
isxdigit
DbgUiWaitStateChange
ZwSetDebugFilterState
atan
NtAccessCheckByTypeResultListAndAuditAlarm
ZwFlushWriteBuffer
NtDeleteBootEntry
ZwFilterToken
ZwSetEventBoostPriority
ZwSetLdtEntries
RtlDowncaseUnicodeChar
strrchr
RtlPinAtomInAtomTable
RtlLengthRequiredSid
iswlower
NtLoadKey2
NtSaveMergedKeys
RtlZombifyActivationContext
strspn
NtQueryVolumeInformationFile
RtlSetGroupSecurityDescriptor

advapi32

CreateProcessAsUserW
AllocateLocallyUniqueId
SetPrivateObjectSecurity
BuildTrusteeWithNameW
WmiQueryAllDataMultipleW
LookupSecurityDescriptorPartsW
GetServiceDisplayNameA
GetSecurityDescriptorOwner
CryptGetDefaultProviderA
GetTrusteeNameA
IdentifyCodeAuthzLevelW
LsaOpenPolicy
RegCreateKeyExA
UnregisterIdleTask
RegCloseKey
ComputeAccessTokenFromCodeAuthzLevel
PrivilegeCheck
SystemFunction009
WmiDevInstToInstanceNameW
DuplicateToken
SystemFunction025
WmiOpenBlock
CryptReleaseContext
GetSecurityDescriptorSacl
AddAccessDeniedAce
IsValidSid
CredpConvertTargetInfo
ConvertStringSDToSDRootDomainA
CredEnumerateA
AccessCheckByTypeResultListAndAuditAlarmW
GetSidSubAuthority
RegCreateKeyW
CloseEncryptedFileRaw
GetSecurityDescriptorDacl
BuildTrusteeWithObjectsAndSidW
SystemFunction011
CredRenameW
OpenTraceW

kernel32

UnhandledExceptionFilter
VirtualAlloc
GlobalGetAtomNameW
SetConsoleMaximumWindowSize
DeleteCriticalSection
SetEnvironmentVariableA
LeaveCriticalSection
FindNextVolumeMountPointA
EnterCriticalSection
CreateFileMappingW
SetComputerNameExW
GetConsoleAliasesA
VerifyVersionInfoA
FindActCtxSectionStringA
WriteConsoleOutputCharacterW
QueryDosDeviceA
RequestDeviceWakeup
CreateMailslotA
AddRefActCtx
GetSystemDirectoryW
WriteConsoleInputVDMA
ReadConsoleInputExA
SetConsoleMenuClose
GetTempFileNameW
GetPrivateProfileIntW
GetPrivateProfileStructW
GetLogicalDriveStringsW
LoadLibraryA
WaitNamedPipeW
GetProfileIntA
GetFileTime

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 38KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b4d3b5b49a0d10080714fb39dc8e1e73

Headers

DLL Characteristics

File Characteristics

Imports

mapi32

msvcirt

cryptui

w32topl

msi

cfgmgr32

ntdll

advapi32

kernel32

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 38KB - Virtual size: 177KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 76KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 38KB - Virtual size: 177KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 76KB