c2aaffa893b6e1be2c008d19ffc7f08c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c2aaffa893b6e1be2c008d19ffc7f08c_JaffaCakes118
Size

871KB
MD5

c2aaffa893b6e1be2c008d19ffc7f08c
SHA1

9737ad1c197a86be0fbce5174a0a25a6b2a00e1e
SHA256

e3d717a8964f7fdd15aaceddafc0b679d02e2414d184bcd02c2fd39f8b53eb5a
SHA512

bc62a95758309b47803e632dc3610b198484e075c9fd38492f63d4af038a2892dd6eb37e630d7ee793d0c6f480c82ecf23f610dd328410b4899edf8869bcde86
SSDEEP

24576:gUr3KrnvYBJoyr8MyuoRkjNX79mTwhpnnMWdhNALXnl4qMPyt:3r3kQB18MyuLFBdpfhGDnl4qMI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2aaffa893b6e1be2c008d19ffc7f08c_JaffaCakes118

Files

c2aaffa893b6e1be2c008d19ffc7f08c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3f5cfa251d5f3cc5462c1de7010e8e0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapi32

SetAttribIMsgOnIStg@16
PpropFindProp@12
HrSzFromEntryID@12
GetTnefStreamCodepage@12
MAPIAdminProfiles@8
MAPIResolveName
UlRelease@4
DllGetClassObject
HrSetOmiProvidersFlagsInvalid@4
FPropExists@8
cmc_act_on
FBadPropTag@4
MNLS_lstrlenW@4
MAPIFreeBuffer@4
SzFindSz@8
WrapCompressedRTFStream@12
HrComposeEID@28
BMAPIGetAddress
MAPIOpenLocalFormContainer@4
FGetComponentPath@20
BMAPIAddress
MAPIOpenFormMgr@8
cmc_logoff
MAPISendMail
EncodeID@12
SwapPlong@8
GetOutlookVersion@0
CloseIMsgSession@4
UNKOBJ_ScSzFromIdsAlloc@20
CreateTable@36
FtNegFt@8
HrSetOmiProvidersFlagsInvalid
MAPIDetails
ScGenerateMuid@4
FBadRow@4
LpValFindProp@12

wininet

FindFirstUrlCacheEntryExW
FtpGetFileW
GetUrlCacheHeaderData
InternetReadFile
InternetAlgIdToStringW
FtpGetCurrentDirectoryW
FindNextUrlCacheEntryA
UnlockUrlCacheEntryStream
HttpSendRequestExW
FtpCommandW
InternetConfirmZoneCrossing
FtpSetCurrentDirectoryW
LoadUrlCacheContent
RunOnceUrlCache
DetectAutoProxyUrl
FindNextUrlCacheGroup
FtpRemoveDirectoryW
InternetFortezzaCommand
IsUrlCacheEntryExpiredW
InternetGetConnectedState
GetUrlCacheGroupAttributeA
SetUrlCacheConfigInfoW
DeleteIE3Cache
DeleteUrlCacheContainerW
GetUrlCacheEntryInfoExA
InternetGoOnlineA
GetUrlCacheConfigInfoA
ForceNexusLookupExW
GetUrlCacheEntryInfoW
FindFirstUrlCacheGroup
HttpAddRequestHeadersW
InternetShowSecurityInfoByURL
HttpAddRequestHeadersA
GopherOpenFileA
SetUrlCacheEntryInfoA
InternetCombineUrlW
SetUrlCacheEntryGroupW
GetUrlCacheGroupAttributeW

kernel32

BackupWrite
EnumSystemLanguageGroupsA
GetConsoleNlsMode
IsBadStringPtrW
GetACP
LZCopy
WriteConsoleA
GlobalAlloc
GetCurrentThread
SetThreadPriority
SetLastError
SetFileAttributesW
LocalShrink
FindNextFileW
_llseek
FindResourceW
GetThreadTimes
GetCurrentThreadId
VerLanguageNameW
GetFileAttributesW
VirtualAlloc
GetConsoleAliasesW
QueryMemoryResourceNotification
SetTimeZoneInformation
GetPrivateProfileStructW
SetConsoleInputExeNameW
GlobalUnlock
LoadLibraryA
GetModuleHandleA
GetConsoleInputExeNameW
LCMapStringA
GetEnvironmentStringsA
SetFileShortNameA

gdi32

SetColorAdjustment
GdiCleanCacheDC
SetTextColor
SetPixel
GetTextExtentExPointW
SetICMProfileW
GdiConvertDC
GdiEndDocEMF
EngAssociateSurface
FONTOBJ_vGetInfo
BRUSHOBJ_hGetColorTransform
GetBoundsRect
EngCreateClip
EngFindResource
ScaleWindowExtEx
GetWinMetaFileBits
GdiGetSpoolMessage
DdEntry16
SetWinMetaFileBits
EudcUnloadLinkW
GetTextCharacterExtra
EnumFontsA
EngGetDriverName
EnumICMProfilesA
DdEntry55
GetGlyphOutline
LineTo
DdEntry50
GetViewportExtEx
GetObjectA
PlgBlt
gdiPlaySpoolStream
BeginPath
GetEnhMetaFileHeader
DdEntry17
DdEntry15
GdiQueryTable
GdiInitSpool
CLIPOBJ_ppoGetPath
EngLoadModule
CombineTransform

mapistub

SzFindCh@8
OpenTnefStreamEx@32
cmc_query_configuration
FBadRglpNameID@8
MAPIGetDefaultMalloc@0
FPropContainsProp@12
FBadColumnSet@4
MAPIFindNext
BMAPISendMail
HexFromBin@12
FBadSortOrderSet@4
RTFSync@12
UFromSz@4
ScDupPropset@16
BMAPIDetails
HrQueryAllRows@24
UNKOBJ_ScCOReallocate@12
FixMAPI
SzFindLastCh@8
UNKOBJ_Free@8
PRProviderInit
ScCopyProps@16
ScBinFromHexBounded@12
BMAPIReadMail
HrDecomposeEID@28
HrGetOmiProvidersFlags
MNLS_WideCharToMultiByte@32
LpValFindProp@12
FBinFromHex@8
OpenIMsgOnIStg@44
BuildDisplayTable@40
cmc_send

user32

EndDialog
MessageBoxW

msvcrt

iswalpha
??_Ebad_typeid@@UAEPAXI@Z
__p__osver
_setmbcp
__p__dstbias
toupper
wcscoll
__wcserror
___unguarded_readlc_active_add_func
_memccpy
strcpy
_fpreset
mbtowc
_wcstoi64
_CIfmod
_wutime
_wcreat
_wfindfirst64
_adj_fpatan
mblen
__unDNameEx
_global_unwind2
__pctype_func
_wchmod
_j1
_fstati64
_fdopen
_wsearchenv
_popen
_wctime
iswctype
sinh
_wrmdir
_adj_fdivr_m16i
_cscanf
sprintf
__DestructExceptionObject
wcscspn
_mbbtype
wcscat

winscard

SCardForgetReaderGroupW
SCardForgetReaderW
SCardEstablishContext
SCardSetCardTypeProviderNameW
SCardReleaseNewReaderEvent
SCardGetStatusChangeW
SCardRemoveReaderFromGroupA
SCardGetProviderIdW
SCardForgetCardTypeA
SCardStatusA
SCardListReadersW
SCardListReaderGroupsW
SCardListInterfacesA
SCardControl
SCardForgetCardTypeW
SCardConnectA
SCardReleaseAllEvents
ClassInstall32
SCardLocateCardsByATRW
SCardRemoveReaderFromGroupW
SCardState
SCardListReaderGroupsA
SCardListCardsA
SCardAccessStartedEvent
SCardIntroduceCardTypeW
g_rgSCardRawPci
SCardAddReaderToGroupA
SCardForgetReaderGroupA
SCardEndTransaction
SCardReleaseStartedEvent
SCardLocateCardsA
SCardAddReaderToGroupW
SCardListCardsW

shell32

SHGetMalloc

Sections

.text
Size: 192KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 543KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f5cfa251d5f3cc5462c1de7010e8e0b

Headers

DLL Characteristics

File Characteristics

Imports

mapi32

wininet

kernel32

gdi32

mapistub

user32

msvcrt

winscard

shell32

Sections

.text Size: 192KB - Virtual size: 196KB

.rdata Size: 543KB - Virtual size: 544KB

.data Size: 132KB - Virtual size: 1.6MB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 192KB - Virtual size: 196KB

.rdata
Size: 543KB - Virtual size: 544KB

.data
Size: 132KB - Virtual size: 1.6MB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB