dbb2abcf21ed6c225f300ab40e45de54_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dbb2abcf21ed6c225f300ab40e45de54_JaffaCakes118
Size

869KB
MD5

dbb2abcf21ed6c225f300ab40e45de54
SHA1

6e588c577a32c4d8857e01bccbdb1442809437c8
SHA256

e026f485e3387819ead8d4b6d7cc69c3061a9ab0fd57f800d03ff5bf16454f12
SHA512

7c37caed798ba456fafc0eeab2b332718a503f399ce6b64699bc1dcf5ba69d8eefc15fea4d97e13ae30fd1cc9942dce546d6aa81ad02219acaf47253ebc66f32
SSDEEP

24576:h8sVTrNDywHwDLLmc7wZM3kHXrNxC6OWQ:is1NDCLbqM0HXvC6R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbb2abcf21ed6c225f300ab40e45de54_JaffaCakes118

Files

dbb2abcf21ed6c225f300ab40e45de54_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e78df484584dead3a6ac7c9f8d1d8e44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VarCyMulI4
VarCyInt
LPSAFEARRAY_UserUnmarshal
SysAllocString
VarUI8FromBool
VarI1FromBool
VarCyFromUI2
VarI8FromUI8
OleCreateFontIndirect
VarI1FromUI4
DispGetParam
VarI1FromI2
VarUI2FromR4
VarMonthName
VarDateFromStr
VarUI4FromUI2
SafeArrayCreate
SetErrorInfo
VarDecFix
VarUI1FromStr
SafeArrayGetElemsize
VarUI4FromI8
OACreateTypeLib2
VarR4FromUI1
SafeArrayAllocData
RegisterActiveObject
VarI4FromUI1
VarDecRound
VarR8FromI2
VarSub
LHashValOfNameSys
VarDecNeg
BstrFromVector

iphlpapi

NhpAllocateAndGetInterfaceInfoFromStack
_PfTestPacket@20
InternalGetIpAddrTable
InternalSetIfEntry
_PfGetInterfaceStatistics@16
InternalCreateIpForwardEntry
SetIpStatistics
CreateIpNetEntry
AllocateAndGetIpAddrTableFromStack
_PfSetLogBuffer@28
EnableRouter
RestoreMediaSense
NhGetInterfaceNameFromDeviceGuid
IcmpSendEcho2
GetTcpStatisticsEx
InternalSetIpNetEntry
GetInterfaceInfo
GetUniDirectionalAdapterInfo
GetIpErrorString
IcmpCloseHandle
CreateIpForwardEntry
IcmpCreateFile
GetAdapterOrderMap
CreateProxyArpEntry
NTPTimeToNTFileTime
Icmp6SendEcho2
_PfRemoveFilterHandles@12
GetAdaptersAddresses
do_echo_rep
GetIpStatistics
GetUdpStatistics
GetIfTable
GetPerAdapterInfo
_PfMakeLog@4
GetFriendlyIfIndex
SetTcpEntry
Icmp6CreateFile
UnenableRouter
GetBestInterface

kernel32

SetSystemTime
LoadLibraryA
LZCopy
HeapSetInformation
GetFileSize
SuspendThread
SetCalendarInfoA
FillConsoleOutputCharacterA
IsBadReadPtr
FindAtomW
TlsAlloc
SetConsoleTitleW
CreateActCtxA
GetPrivateProfileIntW
GetPrivateProfileSectionNamesA
GetModuleHandleA
LocalSize
BaseUpdateAppcompatCache
CancelTimerQueueTimer
SetEnvironmentVariableA
GetLocaleInfoW
GetModuleHandleW
SetComputerNameW
GlobalAlloc
GetEnvironmentStringsA
EraseTape
RtlUnwind
DuplicateConsoleHandle
ReadConsoleOutputCharacterW
CompareStringW
GetVolumeNameForVolumeMountPointA
SetCurrentDirectoryA
InterlockedExchangeAdd
SetLastError
DeleteFileA
VirtualAlloc
GetConsoleCommandHistoryW
RaiseException
SetComputerNameExA

ssdpapi

FindServicesCallback
DeregisterNotification
FindServicesCancel
SsdpStartup
SsdpCleanup
GetNextService
FindServicesClose
FindServices
DHSetICSInterfaces
CleanupCache
DHSetICSOff
RegisterNotification
DeregisterService
FreeSsdpMessage
RegisterService
GetFirstService

sqlunirl

_ExtractIconEx_@20
_FindFirstFile_@8
_CallWindowProc@20
_RegOpenKeyEx_@20
_MoveFileEx_@12
_GetToolsFilePath@16
_UnregisterClass_@8
_LookupAccountSid_@28
_GetCurrentHwProfile_@4
_CreateMDIWindow_@40
_ResetDC_@8
_LoadLibrary@4
_NDdeShareDel_@12
_TabbedTextOut_@32
_GetProfileInt_@12
_GetClassInfoEx_@12
_GetCharacterPlacement_@24
_SendNotifyMessage_@16
_EnumResourceTypes_@12
_GetGlyphOutline_@28
_GetTextExtentExPoint_@28
_LoadLibraryEx_@12
_FindNextFile_@8
_GetEnhMetaFileDescription_@12
newMultiByteFromWideCharEx
_GetWindowTextLength@4

mapistub

GetOutlookVersion
OpenIMsgSession@12
FBadColumnSet@4
HrIStorageFromStream@16
MAPIAdminProfiles
ScCopyProps@16
cmc_read
CloseIMsgSession@4
HrDecomposeEID@28
MAPIOpenFormMgr@8
MAPIOpenLocalFormContainer
MAPISaveMail
ScInitMapiUtil@4
BMAPISaveMail
ScMAPIXFromCMC
MNLS_CompareStringW@24
cmc_act_on
MAPIAddress
MAPIInitialize
SetAttribIMsgOnIStg@16
HrGetOmiProvidersFlags@8
FGetComponentPath@20
MAPIDeleteMail
EncodeID@12
FreePadrlist@4

gdi32

DdEntry54
DdEntry23
OffsetClipRgn
GdiCreateLocalEnhMetaFile
CreateFontIndirectW
Ellipse
EndDoc
DdEntry53
DdEntry43
CreateEllipticRgn
BRUSHOBJ_pvGetRbrush
SelectClipRgn
GetOutlineTextMetricsW
GdiEntry1
CreateEllipticRgnIndirect
SetWorldTransform
FrameRgn
CreateBitmap
EndPage
FixBrushOrgEx
GetEUDCTimeStampExW
GdiIsMetaPrintDC
AnyLinkedFonts
GdiDrawStream
CreateColorSpaceA

Sections

.text
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e78df484584dead3a6ac7c9f8d1d8e44

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

iphlpapi

kernel32

ssdpapi

sqlunirl

mapistub

gdi32

Sections

.text Size: 209KB - Virtual size: 208KB

.rdata Size: 409KB - Virtual size: 408KB

.data Size: 512B - Virtual size: 1.7MB

.rsrc Size: 248KB - Virtual size: 248KB

.reloc Size: 1024B - Virtual size: 884B

.text
Size: 209KB - Virtual size: 208KB

.rdata
Size: 409KB - Virtual size: 408KB

.data
Size: 512B - Virtual size: 1.7MB

.rsrc
Size: 248KB - Virtual size: 248KB

.reloc
Size: 1024B - Virtual size: 884B