afec418fb604fb93656080d4851569b7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

afec418fb604fb93656080d4851569b7_JaffaCakes118
Size

59KB
MD5

afec418fb604fb93656080d4851569b7
SHA1

2790d898bf7ee702cf1bcc8199d45fae04d174a1
SHA256

2ae4dd5ccecc58450d1651753d7b9b3c26dd48246e97d0854f42eaf68e07536b
SHA512

f174a1ddf6c5131e29c404d636cd965671f90bd150b486bd4a2a719d5a40cb729c862ce36737f6d94d4a3b02052792d7e764f3e8e68158ef69294f7b110b5156
SSDEEP

1536:o1+uoErCmrxupWi/u7kWW6D9yI1VIN7eF2cKX:o1qErCispvFSbv2cO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afec418fb604fb93656080d4851569b7_JaffaCakes118

Files

afec418fb604fb93656080d4851569b7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f58206d500dec69526e359b66448dfbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

regapi

RegCdQueryA
RegWinStationQueryA
RegGetUserConfigFromUserParameters
RegPdCreateA
RegPdQueryW
RegCdQueryW
RegIsTServer
RegBuildNumberQuery
RegPdDeleteA
RegWinStationDeleteA
RegConsoleShadowQueryW
RegConsoleShadowQueryA
RegUserConfigQuery
RegMergeUserConfigWithUserParameters
RegGetMachinePolicy
RegDenyTSConnectionsPolicy
RegWinStationEnumerateA
RegIsMachinePolicyAllowHelp
RegCdDeleteW
RegPdDeleteW
RegQueryUtilityCommandList
RegCdDeleteA
RegWinStationCreateA
RegWinStationSetSecurityA

msvcrt40

_ismbcalnum
??1strstream@@UAE@XZ
__unDName
_isatty
?bitalloc@ios@@SAJXZ
_mbsupr
??6ostream@@QAEAAV0@O@Z
_wremove
difftime
__p__osver
??_7logic_error@@6B@
_mbsspn
?read@istream@@QAEAAV1@PAEH@Z
__threadhandle
clearerr
_wcsnicoll
system
_makepath
_wputenv
_yn
??_7stdiobuf@@6B@
?overflow@strstreambuf@@UAEHH@Z
_strdup
??5istream@@QAEAAV0@PAE@Z
??_7ostream@@6B@
_ismbbpunct
?write@ostream@@QAEAAV1@PBEH@Z
_environ
_wenviron
_wexeclp

kernel32

InitializeCriticalSection
MoveFileExW
AddAtomW
ResumeThread
CreateDirectoryExW
GetConsoleWindow
CreateSocketHandle
RaiseException
PeekNamedPipe
CreateProcessInternalW
GetTickCount
ReleaseSemaphore
DebugActiveProcessStop
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
AddLocalAlternateComputerNameA
SetConsoleCursorPosition
GetProcAddress
VirtualAlloc
SetConsoleOS2OemFormat
GetCurrentProcessId
RtlUnwind
RegisterConsoleOS2
GetStartupInfoW
BackupRead
VerSetConditionMask
LoadLibraryA

mapistub

MAPIInitialize@4
MAPIUninitialize@0
EnableIdleRoutine@8
FBadRglpszW@8
UNKOBJ_Free@8
SzFindLastCh@8
MAPIDetails
FBadRowSet@4
FixMAPI
WrapProgress@20
UNKOBJ_ScAllocate@12
UNKOBJ_FreeRows@8
__ValidateParameters@8
ScCopyNotifications@16
DeinitMapiUtil@0
MAPILogonEx
FBinFromHex@8
UFromSz@4
GetTnefStreamCodepage
HrDispatchNotifications@4
MAPISendMail
LpValFindProp@12
MNLS_IsBadStringPtrW@8
MAPILogonEx@20

comrepl

DllUnregisterServer
DllCanUnloadNow
DllRegisterServer
DllGetClassObject

msvcrt20

_getcwd
?attach@filebuf@@QAEPAV1@H@Z
abort
_sleep
?get@istream@@QAEAAV1@AAE@Z
strcat
_finite
?unbuffered@streambuf@@IBEHXZ
??_8stdiostream@@7Bostream@@@
__p__timezone
__seh_longjmp_unwind@4
_wtempnam
??6ostream@@QAEAAV0@N@Z
__threadhandle
_isctype
?close@filebuf@@QAEPAV1@XZ
_setmbcp
_fileinfo
?open@fstream@@QAEXPBDHH@Z
??0ostrstream@@QAE@ABV0@@Z
??_7stdiobuf@@6B@
_hypot
?attach@ifstream@@QAEXH@Z
iswascii

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f58206d500dec69526e359b66448dfbc

Headers

DLL Characteristics

File Characteristics

Imports

regapi

msvcrt40

kernel32

mapistub

comrepl

msvcrt20

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 23KB - Virtual size: 57KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 268B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 23KB - Virtual size: 57KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 268B