c1cd22c2e716f6c160a4bc5d776b6918_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c1cd22c2e716f6c160a4bc5d776b6918_JaffaCakes118
Size

58KB
MD5

c1cd22c2e716f6c160a4bc5d776b6918
SHA1

38e4ac1bb4beaa6d2951af78b00a58013a482065
SHA256

2479542e0b79fd944a7a06963137afc4f3c4623a8fc60b2a921cf7b53f8336e9
SHA512

6aefe6f1230cd79979edea3121855e919af2def8652ca65766411a307beafd32be7ae629d319405dc69f50fe35e72203d289940263dcfc7fcea80049d1aa6a69
SSDEEP

1536:6KoSr3NpKdLLO+n6xPccsIY0qWvTvz/Unz9TTPU4DZvV+vZVm999+:qCpKhtn6LsIY0zTuJTTcaZvs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1cd22c2e716f6c160a4bc5d776b6918_JaffaCakes118

Files

c1cd22c2e716f6c160a4bc5d776b6918_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1bf9e37d3b1c69464ad87cca3fdacb74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
GetCommConfig
CreateMemoryResourceNotification
CreateDirectoryA
SetConsoleCursor
EnumLanguageGroupLocalesW
GetUserGeoID
VirtualAlloc
GetComputerNameW
GetCurrentThreadId
GetCurrentProcessId
GetVolumePathNameW
DefineDosDeviceA
GetModuleHandleW
SetMailslotInfo
LoadLibraryA
LoadLibraryW
ClearCommBreak
GetSystemTimeAsFileTime
GetProcAddress
QueryPerformanceCounter
GetFileType
InterlockedDecrement
BaseUpdateAppcompatCache
GetStartupInfoA
GetCalendarInfoW
IsValidLocale
CreateProcessA
GetTickCount

advapi32

LsaICLookupSidsWithCreds
ReportEventA
IdentifyCodeAuthzLevelW
BuildImpersonateTrusteeA
AreAnyAccessesGranted
CryptEnumProvidersW
OpenBackupEventLogW
CredDeleteW
ControlTraceW
ElfOpenBackupEventLogA
CheckTokenMembership
I_ScIsSecurityProcess
GetMultipleTrusteeOperationA
MD5Init
PrivilegedServiceAuditAlarmA
UnregisterTraceGuids
CryptGetUserKey
GetMultipleTrusteeOperationW
CryptDestroyHash
RegUnLoadKeyA

msvcp60

?do_scan_is@?$ctype@G@std@@MBEPBGFPBG0@Z
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
?max@?$numeric_limits@G@std@@SAGXZ
?quiet_NaN@?$numeric_limits@I@std@@SAIXZ
?_Sinh@?$_Ctr@O@std@@SAOOO@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?close@?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEXXZ
?round_error@?$numeric_limits@N@std@@SANXZ
??0Init@ios_base@std@@QAE@XZ
?open@?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAEPAV12@PBDF@Z
?tellp@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE?AV?$fpos@H@2@XZ
?do_curr_symbol@?$_Mpunct@D@std@@MBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@M@0@@Z
??4?$complex@M@std@@QAEAAV01@ABM@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
?length@?$codecvt@GDH@std@@QBEHAAHPBG1I@Z

olecli32

OleRelease
PbCreateInvisible
MfQueryBounds
ErrCopyFromLink
LeObjectConvert
ErrExecute
OleRequestData
OleQueryOutOfDate
OleGetData
DibChangeData
LeCreateInvisible
LeQueryProtocol

mapistub

GetOutlookVersion
CreateTable@36
UlAddRef@4
MAPIOpenLocalFormContainer
MAPIAllocateMore
BMAPISaveMail
FBadRowSet@4
FPropCompareProp@12
FEqualNames@8
GetTnefStreamCodepage@12
GetAttribIMsgOnIStg@12
UNKOBJ_ScAllocate@12
FtgRegisterIdleRoutine@20
HrThisThreadAdviseSink@8

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bf9e37d3b1c69464ad87cca3fdacb74

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcp60

olecli32

mapistub

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 10KB - Virtual size: 75KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 324B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 10KB - Virtual size: 75KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 324B