ce11935225b74429e8a2e6d939c65d4d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ce11935225b74429e8a2e6d939c65d4d_JaffaCakes118
Size

138KB
MD5

ce11935225b74429e8a2e6d939c65d4d
SHA1

0bd64e911fbe5f548d878233413fad1b6e54d44e
SHA256

36149f94b430b7b40b1a412594ee7a9f83013f4510c901862f6e6b7b1c9c80e4
SHA512

2e86daf08d93b8db28c2e808134aa0dea7c69334b0ddafa733d69572195fba5d51a53a8c1053204b423fc3e125ba42777fdfb7468dd515d8ae51c5394ee642f4
SSDEEP

3072:+c3gFaXpW5PPdOshML2Miphm/zoC9+YhYtNMJ3/v:+ITXpW5PPdxhMqpPOEtGP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce11935225b74429e8a2e6d939c65d4d_JaffaCakes118

Files

ce11935225b74429e8a2e6d939c65d4d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d585ddde8dad995cf371c205ccaff9df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

_global_unwind2
wcslen
?str@ostrstream@@QAEPADXZ
_wstati64
_mbschr
_stricmp
atan2
iscntrl
_filelengthi64
??0logic_error@@QAE@ABV0@@Z
_winminor
_rmdir
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
??_8strstream@@7Bostream@@@
??5istream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
_jn
??_Eostrstream@@UAEPAXI@Z
tan
_read
strtoul
_fstati64
??4ios@@IAEAAV0@ABV0@@Z
iswupper
__mb_cur_max
??0stdiostream@@QAE@ABV0@@Z
??_8istream@@7B@
?lockc@ios@@KAXXZ
__p__osver
??_Ebad_cast@@UAEPAXI@Z
ldiv
??1strstream@@UAE@XZ
_strerror

mapistub

ScCountNotifications@12
cmc_list
cmc_logon
UNKOBJ_FreeRows@8
FBadColumnSet@4
HrComposeEID@28
GetAttribIMsgOnIStg@12
MAPISendMail
CreateTable@36
ScMAPIXFromCMC
ScBinFromHexBounded@12
RTFSync
HexFromBin@12
MAPISaveMail
MAPIReadMail
FBadSortOrderSet@4
OpenStreamOnFile@24
FtDivFtBogus@20
UNKOBJ_ScCOAllocate@12
GetTnefStreamCodepage@12
PRProviderInit
cmc_logoff
MNLS_CompareStringW@24
MAPIAdminProfiles
MAPIFreeBuffer
BMAPIDetails
HrAllocAdviseSink@12
MAPIAdminProfiles@8
ScRelocNotifications@20
MAPIGetDefaultMalloc@0
ScCopyProps@16
PropCopyMore@16
SzFindSz@8
LAUNCHWIZARD
MNLS_WideCharToMultiByte@32
MAPIFindNext
WrapStoreEntryID@24

kernel32

CopyFileExW
LocalAlloc
GetProcessShutdownParameters
GlobalLock
GetVolumePathNameA
LoadLibraryA
AllocConsole
GetConsoleFontSize
FindResourceExA
GetModuleFileNameW
SetConsoleOS2OemFormat
lstrcpy
SetLocaleInfoA
WriteFileGather
PrivMoveFileIdentityW
FindFirstVolumeA
AddConsoleAliasW
VerLanguageNameA
EnumSystemGeoID
UpdateResourceA
ReadFileEx
EnumSystemLocalesW
SetLocaleInfoW
HeapLock
GetHandleInformation
ReleaseSemaphore
FindVolumeMountPointClose
GetStartupInfoW
DeleteTimerQueue
GetCompressedFileSizeA
SystemTimeToFileTime
UnlockFileEx
SetHandleInformation
DeleteFileA
GetCommandLineA
IsValidCodePage
VirtualAlloc
GetTickCount
GetAtomNameA
FreeResource
GetThreadLocale
LoadLibraryExA
GetModuleHandleExA
GlobalAlloc
FindCloseChangeNotification

dhcpcsvc

DhcpStaticRefreshParams
DhcpRequestParams
DhcpDelPersistentRequestParams
DhcpLeaseIpAddressEx
DhcpNotifyConfigChange
DhcpAcquireParametersByBroadcast
DhcpRenewIpAddressLease
DhcpCApiCleanup
DhcpDeRegisterOptions
DhcpReleaseParameters
DhcpUndoRequestParams
DhcpAcquireParameters
DhcpEnumClasses
DhcpReleaseIpAddressLease
McastRenewAddress
McastRequestAddress
DhcpReleaseIpAddressLeaseEx
DhcpCApiInitialize
McastEnumerateScopes
DhcpRequestOptions
DhcpFallbackRefreshParams
DhcpRemoveDNSRegistrations
DhcpRegisterOptions
DhcpHandlePnPEvent
McastGenUID
DhcpOpenGlobalEvent
DhcpPersistentRequestParams
DhcpLeaseIpAddress
McastReleaseAddress
DhcpRegisterParamChange

user32

IsIconic
EndDeferWindowPos
DefFrameProcW
PostThreadMessageA
GetPropA
TranslateAccelerator
ScreenToClient
OemToCharA
CsrBroadcastSystemMessageExW
SendMessageTimeoutA
GetScrollPos
SendInput
TabbedTextOutW
GetWindowTextLengthA
GetCursor
TranslateAcceleratorW
InitializeLpkHooks
DdeInitializeA
InternalGetWindowText
GetClassInfoExA
GetRawInputDeviceList
FindWindowExW
GetMenuItemRect
DrawMenuBarTemp
PrintWindow

ir41_qc

AllocInstanceData
CompressFramesInfo
CompressEnd
DllMain
FreeInstanceData
CompressBegin
Compress
SetScalability

shlwapi

PathIsNetworkPathA
UrlEscapeW
PathSearchAndQualifyW
StrSpnA
PathAddBackslashA
PathParseIconLocationA
SHDeleteValueA
StrFormatByteSizeA
PathRemoveArgsA
PathIsUNCW
SHQueryInfoKeyA
SHDeleteOrphanKeyW
PathUndecorateA
StrCmpNW
StrToIntA
HashData
PathRemoveBackslashW
PathFindOnPathW
StrChrIW
PathIsContentTypeW
SHRegQueryUSValueW
StrStrW
PathCompactPathExA
SHDeleteEmptyKeyA
SHQueryValueExW
PathCommonPrefixW

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d585ddde8dad995cf371c205ccaff9df

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

mapistub

kernel32

dhcpcsvc

user32

ir41_qc

shlwapi

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 104KB - Virtual size: 240KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 200B

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 104KB - Virtual size: 240KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 200B