b53c98d2288193fd9a37b18da87c9e14_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b53c98d2288193fd9a37b18da87c9e14_JaffaCakes118
Size

177KB
MD5

b53c98d2288193fd9a37b18da87c9e14
SHA1

693455770e3c6ff87b74f660149e066701bb4ebd
SHA256

cf745fbe40eaa715aa22fecfc2be567bc3e4647196266481210f12e4161fd8b3
SHA512

29ccb56eae0a6b7bab54d8f50ad162bca8ad971b7e10599ab6f0852f4bec855f312d5128dfb8a18ce931e08dd69613304c4e800509b9fab06f5ccc7b8ea5d127
SSDEEP

3072:y437TC4n8rxKqb8+bXO1lIGTn2b6VrCLOP/FvYU940TEIQ9l2gsV1FKRL3oaOOR:y4frgAqb8+TK5SeVr8OPmU5TEB2PV1AF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b53c98d2288193fd9a37b18da87c9e14_JaffaCakes118

Files

b53c98d2288193fd9a37b18da87c9e14_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f1369198d0682d1e97e86301d4f7ef6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_BuildCommDCBAndTimeouts_@12
_NDdeIsValidAppTopicList_@4
_LookupAccountName_@28
_ModifyMenu_@20
_CreateWindowStation_@16
_ResetDC_@8
_CharLowerBuff_@8
_LookupPrivilegeName_@16
_GetComputerName@8
_ShellExecute_@24
newMultiByteFromWideCharSize
_GetProfileString_@20
_FreeEnvironmentStrings@4
_GetCharWidth_@16
_WinHelp@16
_GetCommandLine_@0
_CreateWaitableTimer_@12
_RegisterServiceCtrlHandler_@8
_MessageBoxEx_@20
_RegisterClipboardFormat_@4
_CreateScalableFontResource_@16
_GetNamedPipeHandleState_@28
_SetWindowsHook_@8
_GetShortPathName_@12
_DeviceCapabilities_@20
_MAKEINTRESOURCE@4
_GetWindowLong@8
_NDdeSetTrustedShare_@12
_NDdeShareGetInfo_@28
_GetVolumeInformation_@32
_GetSystemDirectory_@8

mapi32

ScMAPIXFromSMAPI
CreateTable@36
UNKOBJ_ScCOReallocate@12
cmc_list
UlAddRef@4
HrAddColumns@16
MAPIFindNext
MAPILogonEx@20
UlRelease@4
HrGetOneProp@12
MAPIDeleteMail
BuildDisplayTable@40
EnableIdleRoutine@8
MAPIAllocateBuffer@8
FtSubFt@16
SwapPword@8
HrSetOmiProvidersFlagsInvalid
HrGetOmiProvidersFlags@8
OpenStreamOnFile
UNKOBJ_COFree@8
UNKOBJ_Free@8
FreePadrlist@4
HrComposeEID@28
cmc_send_documents
MAPIReadMail
MAPILogon
MAPILogoff
ScBinFromHexBounded@12
FtNegFt@8
MAPIInitIdle@4
BMAPIFindNext
BMAPIGetAddress
OpenTnefStreamEx@32
MAPIAllocateMore
HrDispatchNotifications@4
SzFindLastCh@8
MAPIFreeBuffer
MapStorageSCode@4
ScCountNotifications@12
cmc_logon

kernel32

LocalAlloc
GetCurrentProcess
RemoveLocalAlternateComputerNameA
FindNextVolumeMountPointW
RtlFillMemory
UnregisterWait
VirtualAlloc
WaitCommEvent
SetUnhandledExceptionFilter
GetTickCount
GetTimeFormatA
GetCurrentThread
SetThreadLocale
OutputDebugStringW
GetSystemInfo
EnumResourceNamesA
WriteProfileStringW
GetNumberOfConsoleInputEvents
CreateConsoleScreenBuffer
GetModuleHandleA
GetVolumePathNameW
MapUserPhysicalPages
EnumSystemCodePagesA
SetConsoleWindowInfo
SetFilePointerEx
WritePrivateProfileSectionA
UpdateResourceA
DosDateTimeToFileTime
BaseCleanupAppcompatCacheSupport
GlobalAlloc
VirtualFree
GetLastError
IsDBCSLeadByteEx
GetProcessHeaps
GetUserDefaultLCID
GetProfileSectionA
GetCurrencyFormatW
ContinueDebugEvent
GetConsoleScreenBufferInfo
LoadLibraryA
SearchPathA
ExpungeConsoleCommandHistoryA
ExitVDM
GetPrivateProfileStructA
FindFirstFileExW
OpenProcess
_lread
SetFileShortNameW
GetTapeParameters

shlwapi

UrlUnescapeW
SHRegDeleteUSValueA
PathCreateFromUrlA
ChrCmpIA
PathIsPrefixW
PathUndecorateW
UrlEscapeA
UrlIsOpaqueA
StrStrNIW
PathSetDlgItemPathW
PathIsNetworkPathA
PathIsSameRootW
PathParseIconLocationW
StrCatBuffA
StrCSpnA
PathCommonPrefixW
StrChrIW
SHEnumKeyExW
AssocQueryKeyW
SHRegGetBoolUSValueW
PathUndecorateA
StrRetToBufA
PathFindFileNameW
PathIsUNCA
PathRemoveBackslashW
StrToIntW
PathAppendA
SHDeleteOrphanKeyA
StrCmpIW
SHRegEnumUSKeyW
PathMatchSpecW
PathMakeSystemFolderA
SHDeleteKeyW
StrPBrkA
PathIsPrefixA
SHSetValueW
StrFormatKBSizeW
SHDeleteValueA
UrlIsW
StrFormatByteSize64A

ntdll

NtCancelIoFile
ZwNotifyChangeDirectoryFile
ZwUnmapViewOfSection
ZwUnloadDriver
ZwQueryInformationFile
RtlNormalizeProcessParams
ZwSetTimer
ZwReleaseSemaphore
NtModifyBootEntry
NtCancelTimer
ZwAlertThread
RtlIpv6StringToAddressW
RtlTraceDatabaseEnumerate
memchr
ZwUnloadKeyEx
ZwWaitForDebugEvent
ZwCreateSection
RtlMultiByteToUnicodeSize
RtlEqualDomainName
RtlDecompressBuffer
NtRenameKey
RtlQuerySecurityObject
NtQueryTimerResolution
RtlUpcaseUnicodeToMultiByteN
ZwQueryInstallUILanguage
RtlDeleteNoSplay
RtlUnhandledExceptionFilter
ZwDelayExecution
ZwTerminateJobObject
RtlCreateQueryDebugBuffer
ZwPrivilegeObjectAuditAlarm
RtlInitializeRXact
ZwWaitForSingleObject
RtlNewSecurityGrantedAccess
RtlFindClearBits
RtlUnicodeToMultiByteN

msvcirt

??6ostream@@QAEAAV0@F@Z
?setb@streambuf@@IAEXPAD0H@Z
?tie@ios@@QBEPAVostream@@XZ
?fill@ios@@QBEDXZ
?base@streambuf@@IBEPADXZ
??5istream@@QAEAAV0@AAF@Z
?unlockc@ios@@KAXXZ
?egptr@streambuf@@IBEPADXZ
??_Distream_withassign@@QAEXXZ
?setbuf@ofstream@@QAEPAVstreambuf@@PADH@Z
??0stdiostream@@QAE@PAU_iobuf@@@Z
??0filebuf@@QAE@XZ
?pcount@strstream@@QBEHXZ
??_Diostream@@QAEXXZ
??1Iostream_init@@QAE@XZ
??_Difstream@@QAEXXZ
?doallocate@streambuf@@MAEHXZ
??_8strstream@@7Bistream@@@
??0Iostream_init@@QAE@XZ
?x_maxbit@ios@@0JA
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
??6ostream@@QAEAAV0@O@Z
??6ostream@@QAEAAV0@PBE@Z
??5istream@@QAEAAV0@AAD@Z
?fail@ios@@QBEHXZ
?pbase@streambuf@@IBEPADXZ
?cerr@@3Vostream_withassign@@A
??1filebuf@@UAE@XZ
??5istream@@QAEAAV0@PAD@Z
?getline@istream@@QAEAAV1@PADHD@Z
?peek@istream@@QAEHXZ
?open@ifstream@@QAEXPBDHH@Z
?sh_none@filebuf@@2HB
?xsgetn@streambuf@@UAEHPADH@Z
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
?delbuf@ios@@QAEXH@Z
??0istrstream@@QAE@PAD@Z
??_Estrstream@@UAEPAXI@Z
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??6ostream@@QAEAAV0@PAVstreambuf@@@Z
??6ostream@@QAEAAV0@I@Z

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1369198d0682d1e97e86301d4f7ef6c

Headers

DLL Characteristics

File Characteristics

Imports

sqlunirl

mapi32

kernel32

shlwapi

ntdll

msvcirt

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 88KB - Virtual size: 302KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 896B

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 88KB - Virtual size: 302KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 896B