c7febd14294a00a13e6294ab11d72598_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c7febd14294a00a13e6294ab11d72598_JaffaCakes118
Size

87KB
MD5

c7febd14294a00a13e6294ab11d72598
SHA1

5587c948f4c831f7012bf62bc0df79d4f0abc806
SHA256

b546aefab73bc92f14c2c25f444ca8fd84c13fb3d087e507e1e5b65ee8aed84b
SHA512

f697c3df20c7b7705827add0a6640e4e0e6499769584d788358d4dc7cbd643b74495deee20cbaea261956dec9a09b297cfde63a5357ea9d914412b2d3f9d999f
SSDEEP

1536:JiJqf6wvqDloDs/u3cxEIAsBW1FvMCZ3oMOUq/NgmnGSgYv:gwKDlQ1TI1W1FvpQ/RgY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7febd14294a00a13e6294ab11d72598_JaffaCakes118

Files

c7febd14294a00a13e6294ab11d72598_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cb97fd568800e96039461ae428d6148d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation
VirtualAlloc
HeapCreate
SetThreadPriority
QueryPerformanceCounter
GlobalMemoryStatus
LZRead
GetLastError
GetVolumePathNamesForVolumeNameA
LoadLibraryA
CreateActCtxW
SetUserGeoID
GetStartupInfoA
DosPathToSessionPathW
GetCurrentProcessId
CmdBatNotification
CancelDeviceWakeupRequest
GetCurrentThreadId
BuildCommDCBAndTimeoutsW
GetSystemTimeAsFileTime
RequestDeviceWakeup
GetTickCount
LZCreateFileW

setupapi

SetupQueryDrivesInDiskSpaceListA
CM_Enumerate_Enumerators_ExW
CMP_GetBlockedDriverInfo
SetupAddInstallSectionToDiskSpaceListA
SetupSetSourceListW
SetupPrepareQueueForRestoreW
SetupDiGetDeviceInfoListDetailW
SetupCloseFileQueue
pSetupGetFileTitle
SetupDiGetDeviceInstallParamsW
MyFree
SetupDiRegisterCoDeviceInstallers
SetupDiSetDeviceRegistryPropertyW
CM_Query_Resource_Conflict_List
CM_Get_DevNode_Registry_Property_ExW
CM_Register_Device_Interface_ExW
SetupQuerySpaceRequiredOnDriveA
pSetupSetQueueFlags
CM_Get_Sibling_Ex
SetupGetSourceFileSizeA
SetupSetDirectoryIdW
CM_Enumerate_Classes
pSetupStringTableStringFromId
SetupDiBuildClassInfoListExA
SetupDiSetDeviceInstallParamsW
CM_Get_Device_Interface_Alias_ExA
SetupInstallFileA
SetupUninstallOEMInfA
CM_Is_Version_Available
CM_Is_Dock_Station_Present
SetupDefaultQueueCallbackW
CM_Open_Class_KeyW
SetupPromptForDiskA
SetupDiCreateDeviceInfoListExW
SetupDiMoveDuplicateDevice
SetupDestroyDiskSpaceList
CM_Get_HW_Prof_Flags_ExW
CM_Set_DevNode_Problem
SetupRemoveInstallSectionFromDiskSpaceListW
SetupDeleteErrorW
CM_Add_IDW
SetupDiRemoveDeviceInterface
SetupGetTargetPathA
CM_Get_Device_ID_ExW
CM_Query_Arbitrator_Free_Size_Ex

mapi32

UNKOBJ_ScCOReallocate@12
IsBadBoundedStringPtr@8
FEqualNames@8
CreateIProp@24
MAPILogon
HrSetOneProp@8
ScInitMapiUtil@4
HrAllocAdviseSink@12
cmc_send
BMAPIReadMail

rpcns4

RpcNsProfileEltRemoveW
RpcNsMgmtEntryInqIfIdsW
RpcNsBindingUnexportW
RpcNsMgmtInqExpAge
RpcNsBindingImportBeginA
RpcNsGroupMbrInqNextW
RpcNsGroupMbrInqNextA
RpcNsGroupDeleteW
RpcNsGroupMbrInqBeginW
RpcNsMgmtSetExpAge
RpcNsMgmtBindingUnexportA
RpcNsBindingExportPnPA
RpcNsProfileEltInqNextW
RpcNsBindingImportBeginW
RpcNsProfileEltAddW
I_RpcReBindBuffer
RpcNsEntryExpandNameA
RpcNsMgmtEntryCreateW
RpcNsProfileEltInqBeginA
RpcNsProfileEltInqBeginW
RpcNsBindingLookupBeginA

msvcp60

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
wcsrtombs
?pos_format@?$_Mpunct@G@std@@QBE?AUpattern@money_base@2@XZ
?opfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE_NXZ
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIXZ
wctype
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?_Stinit@?1??_Init@?$basic_filebuf@GU?$char_traits@G@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@23@@Z@4HA
??4?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??_F?$numpunct@D@std@@QAEXXZ

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb97fd568800e96039461ae428d6148d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

setupapi

mapi32

rpcns4

msvcp60

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 20KB - Virtual size: 38KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 292B

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 20KB - Virtual size: 38KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 292B