be2d4ba910589e209b14851f8bce0a5b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be2d4ba910589e209b14851f8bce0a5b_JaffaCakes118
Size

426KB
MD5

be2d4ba910589e209b14851f8bce0a5b
SHA1

951ead64160b68e1b4816b0d6327121f87904bfe
SHA256

be04502be4133e32274ff51f7a98bfcca79770dbbb3c33c909014923ebca22fe
SHA512

2392cf9577641acc65625ff124124da6beb4d13b48d9559cf86175cc229d7543eeee74075a7297bc17770109ad94910b1187470d4d7117597d21c6a3e7ad02b2
SSDEEP

12288:BKptGUmRu602MKpWH02c2ScFqIoLZNTuc3g7:4c86eKQcfTIo9NTu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be2d4ba910589e209b14851f8bce0a5b_JaffaCakes118

Files

be2d4ba910589e209b14851f8bce0a5b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

04e1156b658b9ebbccdc9b93c4ba379e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOverlappedResult
LZClose
GetFirmwareEnvironmentVariableW
WriteConsoleInputVDMA
SetDefaultCommConfigA
CreateMutexA
AllocateUserPhysicalPages
Process32NextW
GetVolumePathNamesForVolumeNameA
CreateIoCompletionPort
lstrcatA
GetCurrencyFormatA
ReadConsoleA
ExitVDM
SetConsoleCursor
CreateToolhelp32Snapshot
FatalAppExitA
GlobalAlloc
GetModuleHandleA
GetConsoleScreenBufferInfo
EnumCalendarInfoExA
GetExitCodeThread
GlobalReAlloc
SetConsolePalette
SetHandleCount
HeapSize
IsValidLocale
RequestWakeupLatency
GetUserDefaultLCID
GetConsoleCursorMode
GlobalUnWire
InterlockedIncrement
SetNamedPipeHandleState
GetNamedPipeInfo
MapUserPhysicalPagesScatter
WaitCommEvent
AddConsoleAliasW
AddLocalAlternateComputerNameA
LoadLibraryA
CancelTimerQueueTimer
SetConsoleLocalEUDC
GetConsoleInputExeNameA
VirtualProtectEx
SetComputerNameExW
GetThreadLocale
VirtualAlloc
FillConsoleOutputAttribute
DeleteTimerQueueTimer
CopyLZFile
SignalObjectAndWait
GlobalMemoryStatusEx
UnmapViewOfFile
SetEnvironmentVariableW
CreateFileA
GetCurrentThread
FindFirstVolumeMountPointA
EnumTimeFormatsA
RemoveLocalAlternateComputerNameW
GetWriteWatch
IsBadCodePtr
GetLargestConsoleWindowSize
InterlockedPopEntrySList
GetCurrentDirectoryA
GlobalUnfix
CancelDeviceWakeupRequest
WriteConsoleOutputW
WriteConsoleOutputA
FindFirstVolumeA
EnumResourceNamesA
BackupWrite
GetConsoleAliasA
DeleteAtom
GetTapeStatus
FreeLibrary
SetErrorMode
LoadModule
LZSeek
DeleteTimerQueue
RemoveDirectoryW
lstrcpyW
QueryDosDeviceW
EnumSystemLocalesW
SetConsoleCursorMode
GetUserDefaultLangID
DeviceIoControl
GetLogicalDriveStringsA
CancelWaitableTimer
DebugBreakProcess
TransactNamedPipe
ContinueDebugEvent

mapistub

UNKOBJ_ScSzFromIdsAlloc@20
BMAPISendMail
FBadRglpNameID@8
MNLS_WideCharToMultiByte@32
MAPILogonEx@20
ScUNCFromLocalPath@12
MAPIOpenLocalFormContainer@4
UlAddRef@4
ScGenerateMuid@4
MAPIDeinitIdle@0
HrAllocAdviseSink@12
DeinitMapiUtil@0
MNLS_lstrcmpW@8
HrAddColumnsEx@20
FBadEntryList@4
InstallFilterHook@4
FixMAPI
ScCopyProps@16
FBadProp@4
OpenStreamOnFile
FBadRglpszA@8
HrIStorageFromStream@16
WrapProgress@20
GetOutlookVersion
HrDispatchNotifications@4
UNKOBJ_ScCOReallocate@12
__ValidateParameters@8
MAPIFindNext
EncodeID@12
HrDecomposeMsgID@24
MAPILogoff
FEqualNames@8
cmc_look_up
FtDivFtBogus@20
FPropExists@8

sqlwoa

_DefWindowProc@16
_GetWindowText@12
_GetTextExtentPoint32@16
_GetModuleFileName@12
_FormatMessage@28
_GetSaveFileName@4
_GetObject@12
_CreateDialogIndirectParam@20
_trename
_SetDlgItemText@12
_StartDoc@8
_CommDlg_OpenSave_GetFolderPath@12
newMultiByteFromWideCharSize
_SendMessage@16
_FreeEnvironmentStrings@4
_LoadIcon@8
_DrawText@20
_GetClassInfo@12
_tfopen
ConvertMultiSZNameToW
_FindResource@12
_MAKEINTRESOURCE@4
_GetDiskFreeSpaceEx@16
_DeleteFile@4
_LoadBitmap@8
_MessageBox@16
_IsDialogMessage@8
_LoadCursor@8
_SetProp@12

mfcsubs

?AssignCopy@CString@@IAEXHPBG@Z
?GetAt@CString@@QBEGH@Z
??0CStringArray@@QAE@XZ
?SetAt@CString@@QAEXHG@Z
?Format@CString@@QAAXIZZ
??N@YG_NPBGABVCString@@@Z
?TrimRight@CString@@QAEXXZ
??0CCriticalSection@@QAE@XZ
?IsEmpty@CString@@QBEHXZ
??0CString@@QAE@GH@Z
?HashKey@CMapStringToPtr@@QBEIPBG@Z
??YCString@@QAEABV0@D@Z
?SpanExcluding@CString@@QBE?AV1@PBG@Z
?LoadStringW@CString@@QAEHI@Z
??0CString@@QAE@XZ
??ACString@@QBEGH@Z
?UnlockBuffer@CString@@QAEXXZ
??H@YG?AVCString@@GABV0@@Z
?NewAssoc@CMapStringToPtr@@IAEPAUCAssoc@1@XZ
??4CString@@QAEABV0@PBG@Z
?Mid@CString@@QBE?AV1@HH@Z
?TrimLeft@CString@@QAEXXZ
?FreeAssoc@CMapStringToPtr@@IAEXPAUCAssoc@1@@Z
?RemoveKey@CMapStringToPtr@@QAEHPBG@Z
?GetAt@CStringArray@@QBE?AVCString@@H@Z
?Lock@CSyncObject@@UAEHK@Z
?Right@CString@@QBE?AV1@H@Z
?InsertAt@CStringArray@@QAEXHPAV1@@Z
??4CString@@QAEABV0@PBD@Z
??YCString@@QAEABV0@PBG@Z
?Lookup@CMapStringToPtr@@QBEHPBGAAPAX@Z
??1CString@@QAE@XZ
?FormatV@CString@@IAEXPBGPAD@Z

d3d8thk

OsThunkDdWaitForVerticalBlank
OsThunkDdCanCreateSurface
OsThunkDdGetDxHandle
OsThunkDdGetFlipStatus
OsThunkDdUpdateOverlay
OsThunkDdQueryDirectDrawObject
OsThunkDdGetAvailDriverMemory
OsThunkDdDestroyD3DBuffer
OsThunkDdGetMoCompFormats
OsThunkDdGetDriverInfo
OsThunkDdGetInternalMoCompInfo
OsThunkDdCreateSurface
OsThunkDdCreateD3DBuffer
OsThunkDdDeleteSurfaceObject
OsThunkDdCreateDirectDrawObject
OsThunkDdAttachSurface
OsThunkDdGetDriverState
OsThunkDdColorControl
OsThunkDdBeginMoCompFrame
OsThunkDdGetDC
OsThunkDdAddAttachedSurface
OsThunkDdReenableDirectDrawObject
OsThunkDdGetScanLine
OsThunkDdCreateMoComp
OsThunkDdSetExclusiveMode
OsThunkDdLock
OsThunkDdGetBltStatus
OsThunkDdSetGammaRamp
OsThunkDdGetMoCompGuids
OsThunkDdDestroyMoComp
OsThunkDdFlip
OsThunkDdFlipToGDISurface
OsThunkDdResetVisrgn
OsThunkDdUnlock
OsThunkDdDeleteDirectDrawObject
OsThunkDdUnlockD3D
OsThunkDdCanCreateD3DBuffer
OsThunkDdBlt
OsThunkD3dValidateTextureStageState
OsThunkDdEndMoCompFrame
OsThunkDdGetMoCompBuffInfo
OsThunkDdAlphaBlt
OsThunkDdRenderMoComp
OsThunkDdCreateSurfaceEx

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 238KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04e1156b658b9ebbccdc9b93c4ba379e

Headers

File Characteristics

Imports

kernel32

mapistub

sqlwoa

mfcsubs

d3d8thk

Sections

.text Size: 95KB - Virtual size: 94KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 238KB - Virtual size: 632KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 95KB - Virtual size: 94KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 238KB - Virtual size: 632KB

.rsrc
Size: 18KB - Virtual size: 18KB