c8791d64e0d98cd116a784376887e23f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8791d64e0d98cd116a784376887e23f_JaffaCakes118
Size

46KB
MD5

c8791d64e0d98cd116a784376887e23f
SHA1

c1f955b3aee002ec447bd0b2b303b9025c413e91
SHA256

8305836f43c122d758e2df8b41c4c0eb8626df3d91282507f0e11dc1c595417b
SHA512

46e3db8814fdbe5134aa46382b362f4ae98a80a302c3289534a27428b231d6816959ff8d96d79a7c21c02e815d9d71090565ae4f719c42ecf58db01b673b262c
SSDEEP

768:kiXZhA9hWnhS89u4ygMR9FhFG2Oo6fXnqeJy4pPjYHaBjxDJpZ4K9fBn+0Zug:k2hA9hWhzPygM7F/GomnA4B0aRxDJH4h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8791d64e0d98cd116a784376887e23f_JaffaCakes118

Files

c8791d64e0d98cd116a784376887e23f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ae93830404a0eb4debb6256c1f041af4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msctf

TF_CreateCategoryMgr
TF_GetThreadMgr
TF_CreateInputProcessorProfiles
TF_InvalidAssemblyListCacheIfExist
TF_CreateThreadMgr
TF_CreateLangBarMgr
TF_GetThreadFlags
TF_IsCtfmonRunning
TF_RunInputCPL
TF_CreateDisplayAttributeMgr
TF_CreateLangBarItemMgr
TF_GetGlobalCompartment
TF_PostAllThreadMsg
DllGetClassObject
TF_InitSystem
TF_CreateCicLoadMutex
TF_UninitSystem

comdlg32

GetOpenFileNameW
PageSetupDlgA
GetOpenFileNameA
ChooseFontW
ReplaceTextW
ChooseColorW
GetSaveFileNameA
LoadAlterBitmap
WantArrows
GetFileTitleA
ChooseFontA
PrintDlgExW
PrintDlgExA
dwLBSubclass
PrintDlgW
ChooseColorA
ReplaceTextA
GetFileTitleW
FindTextW
FindTextA
dwOKSubclass
PrintDlgA
CommDlgExtendedError
Ssync_ANSI_UNICODE_Struct_For_WOW
GetSaveFileNameW

duser

GetGadgetRect
FindGadgetFromPoint
GetGadgetTicket
PeekMessageExA
SetGadgetOrder
GetGadgetBufferInfo
UtilGetColor
DUserSendEvent
DUserBuildGadget
RemoveGadgetProperty
RegisterGadgetMessageString
SetGadgetStyle
GetActionTimeslice
UnregisterGadgetMessageString
FindGadgetMessages
GetGadget
GetGadgetMessageFilter
GetGadgetRootInfo
ForwardGadgetMessage
WaitMessageEx
DeleteHandle
LookupGadgetTicket
GetGadgetCenterPoint
DUserGetAlphaPRID
GetStdColorBrushF
SetGadgetFillF
SetGadgetBufferInfo
GetGadgetProperty
BuildInterpolation
AddGadgetMessageHandler
GetGadgetStyle
GetGadgetAnimation
SetGadgetRect
DUserRegisterGuts
SetGadgetScale

mapistub

OpenIMsgOnIStg@44
OpenIMsgSession@12
WrapCompressedRTFStream@12
__CPPValidateParameters@8
FixMAPI
BMAPISaveMail
LpValFindProp@12
MAPIInitIdle@4
GetOutlookVersion@0
UNKOBJ_ScCOAllocate@12
FixMAPI@0
cmc_look_up
FtgRegisterIdleRoutine@20
FGetComponentPath@20
FBadRglpNameID@8
HrValidateParameters@8
SwapPword@8
MAPILogonEx@20
HrValidateIPMSubtree@20
WrapCompressedRTFStream
MAPISaveMail
LAUNCHWIZARD
HrAddColumns@16
FBadRow@4
ScMAPIXFromSMAPI
ScMAPIXFromCMC
OpenStreamOnFile@24
ScRelocNotifications@20
IsBadBoundedStringPtr@8
UlRelease@4
SzFindCh@8
MAPIOpenLocalFormContainer@4
UNKOBJ_ScAllocateMore@16
FtMulDwDw@8
MapStorageSCode@4
BMAPIGetAddress
InstallFilterHook@4

ntdll

RtlDecompressFragment
NtSetInformationFile
RtlStringFromGUID
PfxInsertPrefix
ZwOpenKeyedEvent
ZwNotifyChangeMultipleKeys
NtCreateIoCompletion
_ltoa
LdrLoadDll
RtlQueryInformationActiveActivationContext
NtQueryInformationAtom
RtlEnumerateGenericTable
ZwAccessCheckByType
_snwprintf
RtlAbortRXact
wcsrchr
ZwIsProcessInJob
RtlCreateAndSetSD
RtlEnumerateGenericTableAvl
RtlpNotOwnerCriticalSection
RtlEqualComputerName
ZwReadFileScatter
NtTerminateJobObject
_allshl
RtlDeleteAce
RtlMapSecurityErrorToNtStatus
ZwQuerySystemEnvironmentValueEx
RtlValidSecurityDescriptor
RtlQueryAtomInAtomTable
RtlAddCompoundAce
NtOpenObjectAuditAlarm
iscntrl
RtlQuerySecurityObject
NtQueryInformationProcess
ZwQueryBootEntryOrder
RtlSelfRelativeToAbsoluteSD2
ZwQueryObject
RtlCreateTimer

kernel32

GetExitCodeProcess
VirtualAlloc
EraseTape
PostQueuedCompletionStatus
VirtualAllocEx
GetDateFormatA
GetSystemTime
GetFullPathNameW
IsValidLocale
GetUserDefaultLCID
EnterCriticalSection
CreateNamedPipeW
FreeConsole
OpenJobObjectA
RtlUnwind
LeaveCriticalSection
WriteConsoleInputW
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ClearCommError
GetConsoleAliasExesW
GetStringTypeA
DebugActiveProcess
RtlMoveMemory
GetProfileSectionA
WaitForMultipleObjectsEx
QueryDosDeviceA
GetConsoleScreenBufferInfo
GetDriveTypeA
lstrlen
GlobalFindAtomA
SetMailslotInfo
WriteConsoleInputA
GetVersion
IsDebuggerPresent
VerifyVersionInfoW
FindFirstFileA
EnumSystemLanguageGroupsA
LoadLibraryA
ConvertThreadToFiber
EndUpdateResourceW
GetFileAttributesExA
GetPrivateProfileSectionNamesW
DuplicateHandle
GetStartupInfoW
FreeEnvironmentStringsW
IsValidCodePage

lz32

LZRead
CopyLZFile
LZDone
LZOpenFileA
LZOpenFileW
LZInit
LZCloseFile
LZClose
GetExpandedNameA
LZStart
LZSeek

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae93830404a0eb4debb6256c1f041af4

Headers

DLL Characteristics

File Characteristics

Imports

msctf

comdlg32

duser

mapistub

ntdll

kernel32

lz32

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 64KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 64KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB