dede71fd6ea9da4afcefdc7b04f779c2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dede71fd6ea9da4afcefdc7b04f779c2_JaffaCakes118
Size

135KB
MD5

dede71fd6ea9da4afcefdc7b04f779c2
SHA1

84616229ba4220cfb492f4a3fa3f1c8faa1c86a1
SHA256

f98607fe796ae6315dd0fec26d7edbf341695808d8f38ab6812917d4edd2b09c
SHA512

53b0cfac6e89f690f889776d95995316f39faccdf4febd92032c82fc74c1e7c2c95d8c52db6c040f0e043e3a2fb495f49def2c1f946c811ee069faba4bc5e6cd
SSDEEP

3072:JapuMa7Z+EYAzxKvkDzk1KwlS0Xwj15xfefsV0:spuMagE5x9s1KOa15xfcy0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dede71fd6ea9da4afcefdc7b04f779c2_JaffaCakes118

Files

dede71fd6ea9da4afcefdc7b04f779c2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f3e9010f3530977781802badc5c607b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapi32

HrValidateIPMSubtree@20
OpenStreamOnFile@24
OpenTnefStream@28
OpenTnefStreamEx@32
MAPIAddress
MAPIOpenLocalFormContainer
ScCopyNotifications@16
BMAPISaveMail
UNKOBJ_ScAllocate@12
GetTnefStreamCodepage@12
ScBinFromHexBounded@12
SwapPlong@8
MAPIOpenFormMgr
UFromSz@4
MNLS_IsBadStringPtrW@8
FBadProp@4
MAPIAllocateBuffer
UNKOBJ_ScAllocateMore@16
UlFromSzHex@4
DeregisterIdleRoutine@4
MAPIUninitialize@0
FixMAPI@0
MAPIDetails
LpValFindProp@12
MNLS_WideCharToMultiByte@32
ScRelocNotifications@20
HrDispatchNotifications@4
WrapStoreEntryID@24
OpenTnefStream
FGetComponentPath@20
IsBadBoundedStringPtr@8
MapStorageSCode@4
BMAPISendMail
EnableIdleRoutine@8
HrEntryIDFromSz@12

kernel32

EnumCalendarInfoW
CreateTapePartition
LZCopy
CreateFileA
DeleteCriticalSection
GlobalGetAtomNameW
GetFullPathNameA
SetComputerNameExW
UnmapViewOfFile
BuildCommDCBAndTimeoutsA
LoadLibraryExW
FormatMessageA
EnterCriticalSection
SetProcessWorkingSetSize
lstrcpyn
GetCurrentDirectoryA
WriteConsoleA
CompareStringW
SetCommTimeouts
SetConsoleCursorPosition
FlushInstructionCache
GetEnvironmentStringsA
VerifyConsoleIoHandle
FindActCtxSectionStringW
SetTermsrvAppInstallMode
GetStringTypeExW
SetProcessPriorityBoost
SetComputerNameW
SetFileValidData
MapUserPhysicalPages
FoldStringW
EnumSystemLocalesW
GetTempPathW
WriteProfileSectionW
WTSGetActiveConsoleSessionId
GetLogicalDrives
DeleteVolumeMountPointW
HeapSize
lstrcmpi
RemoveLocalAlternateComputerNameA
GetProcessTimes
GetTapeStatus
VirtualProtect
EnumerateLocalComputerNamesA
LoadLibraryA
VirtualAlloc
RaiseException
CreateMemoryResourceNotification
RtlZeroMemory
GetBinaryTypeA
FindFirstFileExA
GetThreadContext
FindAtomA
SetTapeParameters
GetComputerNameExW
CloseConsoleHandle
CancelDeviceWakeupRequest
SetLastError
SetThreadPriority
GetProcessIoCounters
ExpandEnvironmentStringsA
SuspendThread
lstrlenW
DuplicateHandle
EndUpdateResourceA
MoveFileA
LeaveCriticalSection
GetTickCount
GetVolumeNameForVolumeMountPointW
SetSystemPowerState
GetSystemDirectoryW
GetStdHandle
GetDateFormatA
WriteConsoleW
SetConsoleTitleA
CancelWaitableTimer
QueryDosDeviceW
LZInit
Beep
SetThreadLocale
GetProfileStringA
FileTimeToSystemTime
GetConsoleAliasExesLengthA
SetConsoleOutputCP

glmf32

glsNumulv
glsHeaderiv
glsGetConsti
glsGetCommandAttrib
glsHeaderubz
glsBinary
glsEndCapture
glsCommandString
glsNumus
glsLongLow
glsHeaderGLRCi
glsGetCommandFunc
glsUTF8toUCS4z
__glsString_appendChar
glsGetHeaderi
glsGetLayerf
__glsString_init
glsNumi
glsChannel
glsGetAllContexts
glsHeaderfv
glsNumiv
glsFlush
glsReadFunc
glsReadPrefix
glsUnreadFunc
glsEndObj
glsDeleteReadPrefix
glsNumbv
glsError
glsGetGLRCi
glsGetStreamCRC32
glsAppRef

msvcrt40

_spawnvpe
?getline@istream@@QAEAAV1@PAEHD@Z
_spawnv
_mbsset
??_7iostream@@6B@
fwscanf
??5istream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
?delbuf@ios@@QBEHXZ
_mbsnbicoll
_wexeclp
__p__environ
??_7istream_withassign@@6B@
_wspawnlpe
_mbctohira
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
_findnext
?getline@istream@@QAEAAV1@PACHD@Z
_flushall
_strset
_open_osfhandle
_adj_fprem1
strtol
_stricmp
?sh_write@filebuf@@2HB
??_7fstream@@6B@
_strcmpi
??6ostream@@QAEAAV0@D@Z
_mbsnbicmp
iswascii
wcsncpy
_wfindnext
_fstat
?setb@streambuf@@IAEXPAD0H@Z
??_Eofstream@@UAEPAXI@Z
wcsspn
_adj_fdivr_m16i
??_7streambuf@@6B@
wcscoll

urlmon

CreateAsyncBindCtxEx
DllRegisterServerEx
IsLoggingEnabledA
HlinkGoForward
GetClassFileOrMime
IsJITInProgress
GetMarkOfTheWeb
CreateURLMonikerEx
URLDownloadToCacheFileA
URLDownloadToFileW
HlinkSimpleNavigateToMoniker
CopyBindInfo
RevokeBindStatusCallback
DllInstall
FindMediaType
URLOpenStreamA
PrivateCoInstall
CopyStgMedium
URLOpenBlockingStreamA
UrlMkSetSessionOption
DllRegisterServer
RevokeFormatEnumerator
URLOpenStreamW
UrlMkGetSessionOption
FindMimeFromData

mpr

WNetConnectionDialog2
WNetSetLastErrorA
WNetPropertyDialogA
WNetSetConnectionW
WNetAddConnection3A
WNetCancelConnectionA
I_MprSaveConn
WNetPasswordChangeNotify
WNetGetPropertyTextW
WNetGetUserW
WNetGetUniversalNameA
WNetConnectionDialog1A
WNetGetConnection3A
WNetGetProviderNameA
WNetGetHomeDirectoryW
MultinetGetErrorTextW
WNetLogonNotify
WNetDirectoryNotifyW
WNetAddConnection2A
WNetGetConnection2A
WNetGetConnection2W
WNetDirectoryNotifyA
WNetOpenEnumW
WNetPropertyDialogW
WNetAddConnectionA
WNetGetProviderTypeW
WNetSetLastErrorW
WNetDisconnectDialog1W
WNetGetConnectionW
WNetConnectionDialog1W
MultinetGetConnectionPerformanceA
MultinetGetConnectionPerformanceW
WNetGetNetworkInformationA
WNetAddConnectionW
WNetGetUniversalNameW

lz32

LZSeek
LZStart
LZDone
LZRead
LZCopy
LZCreateFileW
LZClose
CopyLZFile
LZOpenFileA
LZInit
GetExpandedNameA
LZCloseFile
GetExpandedNameW
LZOpenFileW

query

?Add@CWorkQueue@@QAEXPAVPWorkItem@@@Z
?Close@CPipeClient@@IAEXXZ
?GetSZParam@CMachineAdmin@@QAEHPBGPAGK@Z
?_FindGroupListAnchor@CDbNestingNode@@AAEPAVCDbProjectListAnchor@@XZ
?MakeICommand@@YGJPAPAUIUnknown@@PBG1PAU1@@Z
?AddRef@CFwPropertyMapper@@UAGKXZ
?SetCD@CCatState@@QAEXPBG@Z
?SetBSTR@CAllocStorageVariant@@QAEXPAGAAVPMemoryAllocator@@@Z
?LokUpdate@CCatStateInfo@@QAEHXZ
?ReadProperty@COLEPropManager@@QAEHABVCFullPropSpec@@AAUtagPROPVARIANT@@@Z
FsCiShutdown
?GetFloat@CMemDeSerStream@@UAEMXZ
?EnumerateProperty@CPidLookupTable@@QAEHAAVCFullPropSpec@@AAI@Z
?Clone@CRestriction@@QBEPAV1@XZ
?InitializeForRead@CDynStream@@QAEXXZ
?Marshall@CDbColId@@QBEXAAVPSerStream@@@Z
?AllocAndCopyWString@CDbCmdTreeNode@@SGPAGPBG@Z
?ReadProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@PAEPAI@Z
?IsRunningAsSystem@CImpersonateSystem@@SGHXZ
??0CDbSelectNode@@QAE@XZ
??1CDbPropBaseRestriction@@QAE@XZ
?VT_VARIANT_LT@@YGHABUtagPROPVARIANT@@0@Z
??0CEventLog@@QAE@PBG0@Z
??0CGenericCiProxy@@QAE@AAVCSharedNameGen@@KK@Z
??0CMachineAdmin@@QAE@PBGH@Z

msvfw32

ICClose
ICDrawBegin
GetSaveFileNamePreviewW
ICLocate
ICGetInfo
GetOpenFileNamePreviewA
ICCompressorChoose
ICInstall
DrawDibChangePalette
ICRemove
ICMThunk32
ICCompressorFree
DrawDibStop
ICSeqCompressFrameEnd
ICCompress
MCIWndRegisterClass
DrawDibBegin
ICSeqCompressFrameStart
ICSeqCompressFrame
ICImageDecompress
DrawDibClose
ICOpen
DrawDibProfileDisplay
GetSaveFileNamePreviewA
VideoForWindowsVersion
ICImageCompress
StretchDIB
DrawDibSetPalette
DrawDibDraw

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3e9010f3530977781802badc5c607b6

Headers

DLL Characteristics

File Characteristics

Imports

mapi32

kernel32

glmf32

msvcrt40

urlmon

mpr

lz32

query

msvfw32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 91KB - Virtual size: 218KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 960B

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 91KB - Virtual size: 218KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 960B