bd9f0cc41494746a1da9592124579e77_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd9f0cc41494746a1da9592124579e77_JaffaCakes118
Size

45KB
MD5

bd9f0cc41494746a1da9592124579e77
SHA1

a32c877e697781647922db9381387ac7f3656c74
SHA256

59649d065b1f428c6e0c4f97d087a87ebbea229fba0cd50a583579c423d6a1f9
SHA512

90f27e160792b71ebc75a706955c31e7e514de8eb3dd20437e3094c08964865d86ad82663b0e2b902e25d78076edbb8eb4d3d53f7d8a989d7c29a587e8e209c3
SSDEEP

768:ofyTwXykfc3nM8RDBtb3qj/mSbwOS5yTFp/EZT/AwSZKBTvNytH2xtFqk:Jcil3nMADb3qjBbwO9TP/EZT4wSuyByz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd9f0cc41494746a1da9592124579e77_JaffaCakes118

Files

bd9f0cc41494746a1da9592124579e77_JaffaCakes118
.exe windows:5 windows x86 arch:x86

67bc43f53d0418144f292035a494be06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
DnsHostnameToComputerNameW
VirtualLock
OutputDebugStringA
WriteConsoleInputVDMW
GetComputerNameW
DeleteFileA
LoadResource
GetBinaryTypeW
WriteProfileSectionA
GetModuleHandleExW
GetConsoleMode
GetProcessTimes
CompareFileTime
IsValidCodePage
EscapeCommFunction
GetTapeStatus
MoveFileWithProgressA
EnumSystemCodePagesA
FreeEnvironmentStringsA
SetConsoleMenuClose
WriteConsoleW
IsProcessInJob
VerLanguageNameA
WaitCommEvent
GetConsoleAliasExesW
ExitVDM
lstrcmp
SetHandleCount
OpenWaitableTimerW
UpdateResourceA
SetVolumeMountPointW
CreateFileMappingW
IsDBCSLeadByteEx
RegisterWaitForSingleObjectEx
LoadLibraryA
FindActCtxSectionGuid
CommConfigDialogA
GetEnvironmentVariableW
NlsGetCacheUpdateCount
BackupWrite
OpenJobObjectW
LocalFlags
VirtualAlloc

atmlib

ATMFinish
ATMGetVersionExW
ATMRemoveFontW
ATMEnumMMFonts
ATMGetFontPathsA
ATMBBoxBaseXYShowTextA
ATMInstallSubstFontA
ATMFontAvailableW
ATMMakePSS
ATMFontStatusA
ATMGetFontPathsW
ATMBBoxBaseXYShowTextW
ATMGetNtmFieldsW
ATMXYShowTextW
ATMGetNtmFields
ATMEnumFonts
ATMGetBuildStr
ATMAddFontExA
ATMGetFontInfo
ATMGetPostScriptNameW
ATMFontStatusW
ATMMakePSSA
ATMEndFontChange
ATMGetVersionExA
ATMGetNtmFieldsA
ATMBeginFontChange
ATMMakePFMA
ATMSelectObject
ATMGetVersion
ATMSetFlags
ATMGetMenuNameW
ATMBBoxBaseXYShowText
ATMGetFontPaths
ATMFontAvailable
ATMGetFontInfoW

msvcrt40

__fpecode
_wexecv
_heapadd
_chdir
?raw_name@type_info@@QBEPBDXZ
??0exception@@QAE@ABQBD@Z
__p__iob
_atodbl
_execvp
_wcsset
isalnum
?x_lockc@ios@@0U_CRT_CRITICAL_SECTION@@A
fwscanf
??0istream_withassign@@QAE@XZ
_wcmdln
?write@ostream@@QAEAAV1@PBEH@Z
strcpy
_spawnle
_exit
??0strstream@@QAE@PADHH@Z
?cin@@3Vistream_withassign@@A
__p__commode
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
??0ostrstream@@QAE@PADHH@Z
bsearch
_CIcos
gmtime

netapi32

NetMessageBufferSend
DsRoleDemoteDc
I_NetLogonSamLogon
NetWkstaUserEnum
NetReplImportDirAdd
NetShareEnum
NetJoinDomain
NetpAllocFtinfoEntry
DsGetDcSiteCoverageA
I_NetGetForestTrustInformation
NetpAddTlnFtinfoEntry
NetDfsRename
NetUseGetInfo
I_NetAccountDeltas
NetWkstaUserGetInfo
NetReplImportDirEnum
NetGroupDel
NetShareDelSticky
RxNetAccessGetUserPerms
NetUseEnum
NetpwNameCompare
NetpSetFileSecurity
I_NetGetDCList
I_NetServerAuthenticate2
NetLocalGroupSetMembers
RxNetUserPasswordSet
NetReplExportDirUnlock
DsGetForestTrustInformationW
NetRenameMachineInDomain
NetRemoveAlternateComputerName
I_NetServerPasswordSet2
I_NetServerSetServiceBitsEx
I_NetServerPasswordGet
NetLocalGroupEnum
DsRoleDnsNameToFlatName
NetReplImportDirDel
I_NetDfsGetVersion
NetDfsAdd
DsGetDcNameWithAccountA
NetWkstaTransportEnum
NetAuditRead
NetConfigGet

olecli32

OleSetColorScheme
ErrUpdate
OleActivate
LeSetData
OleQueryReleaseMethod
OleSetHostNames
MfCallbackFunc
LeQueryBounds
DefCreateLinkFromFile
MfCopy
ErrQueryOutOfDate
OleRename
LeQueryType
CheckNetDrive
OleQueryType
PbCopyToClipboard
OleCreateFromFile
PbLoadFromStream
GenEnumFormat
ErrExecute
MfEqual
OleEnumFormats
ObjQueryType
BmRelease
OleDraw
PbCreateFromClip
ObjRename
BmChangeData
DibRelease
ErrQueryOpen
LeObjectConvert
GenEqual
OleGetData

mapi32

FPropContainsProp@12
MAPIAddress
MAPIInitialize
UFromSz@4
MAPIInitialize@4
MAPIDetails
RTFSync@12
ScBinFromHexBounded@12
WrapCompressedRTFStream@12
UNKOBJ_ScSzFromIdsAlloc@20
CreateIProp@24
HrSetOmiProvidersFlagsInvalid
MAPIFindNext
MAPIGetDefaultMalloc@0
FBadRglpNameID@8
FtMulDw@12
cmc_look_up
__ValidateParameters@8
HrGetOneProp@12
cmc_free
MNLS_WideCharToMultiByte@32
BMAPISaveMail
FtDivFtBogus@20
ScRelocProps@20
HrComposeEID@28

wininet

CreateUrlCacheEntryA
HttpCheckDavCompliance
FtpRenameFileW
CreateUrlCacheEntryW
InternetDialA
InternetShowSecurityInfoByURLW
InternetTimeFromSystemTimeA
InternetTimeFromSystemTime
HttpSendRequestW
CreateUrlCacheContainerA
GetUrlCacheHeaderData
FindFirstUrlCacheEntryExA
FindNextUrlCacheGroup
InternetSetStatusCallbackA
HttpQueryInfoA
InternetGetConnectedStateExA
InternetSetFilePointer
InternetSetStatusCallback
FtpDeleteFileW
InternetTimeToSystemTimeA
GetUrlCacheConfigInfoW
GetUrlCacheEntryInfoExA
InternetQueryFortezzaStatus
InternetQueryOptionW
InternetEnumPerSiteCookieDecisionA
PrivacyGetZonePreferenceW
FtpSetCurrentDirectoryA
FreeUrlCacheSpaceA
GetUrlCacheConfigInfoA
HttpEndRequestA
ParseX509EncodedCertificateForListBoxEntry
DeleteUrlCacheEntry
InternetSecurityProtocolToStringA
InternetUnlockRequestFile
InternetAutodial

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67bc43f53d0418144f292035a494be06

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

atmlib

msvcrt40

netapi32

olecli32

mapi32

wininet

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 36KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 36KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B