f048d23119a6f8b21ac0c40d2468557d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f048d23119a6f8b21ac0c40d2468557d_JaffaCakes118
Size

70KB
MD5

f048d23119a6f8b21ac0c40d2468557d
SHA1

2b1de0dc4db07e5b545f82af3c4930d2568a11b8
SHA256

3b8a815579a895c5c4b8a79612850f8ae8a79660d5e238bc0317faf1a5545f05
SHA512

61c4d25adb334dfd49586666cb25e515aa8d9c4da77b702090311fd9ffea739828fcc98b2d26ff9545fe7e70158e8b0483197371d3ec964b259b422157c7ae43
SSDEEP

1536:fVAA4COyjdDmKs7aImKNGL13e4uWiURZPf5boJbksbLFP2ZqpJk8A:djTmKs7aXKcL1ORxURxBU30qi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f048d23119a6f8b21ac0c40d2468557d_JaffaCakes118

Files

f048d23119a6f8b21ac0c40d2468557d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e791000b6e391e506e530fc7bc36105c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileSectionNamesW
GetProcAddress
LockResource
GetEnvironmentStringsW
MulDiv
GetStartupInfoW
GetConsoleSelectionInfo
SignalObjectAndWait
EnumTimeFormatsA
GetCurrentProcessId
ReadConsoleInputExA
IsDBCSLeadByte
GetGeoInfoW
GetCommMask
IsDebuggerPresent
FormatMessageW
CommConfigDialogA
ReadConsoleOutputCharacterA
SetLocaleInfoA
FatalExit
PrepareTape
VirtualAlloc
FindNextVolumeA
lstrcpynW
SetErrorMode
VerifyVersionInfoA
IsProcessorFeaturePresent
SetStdHandle
FileTimeToSystemTime
GetConsoleKeyboardLayoutNameA
AddRefActCtx
GetCompressedFileSizeW
DeactivateActCtx
HeapUnlock
FreeResource
SetConsoleInputExeNameA
SetThreadContext
WriteConsoleOutputCharacterA
SetComputerNameExA
GetProfileStringA
VirtualFree
EndUpdateResourceA
SetVolumeMountPointA
SetLastConsoleEventActive
LocalFileTimeToFileTime
GetNextVDMCommand
WTSGetActiveConsoleSessionId
GetEnvironmentVariableW
GetFileAttributesA
GetSystemWindowsDirectoryW
GetConsoleAliasesW
ReplaceFile
lstrcpy
QueryInformationJobObject
SetConsoleDisplayMode
GetFileAttributesExW
ZombifyActCtx
WriteConsoleInputW
SetCommState
GetOEMCP
IsValidLocale
EnumCalendarInfoExA
SetConsoleActiveScreenBuffer
SetComPlusPackageInstallStatus
GetConsoleWindow
GetPrivateProfileIntW
ReadConsoleInputExW
SetCommTimeouts
SetFileApisToANSI
DosPathToSessionPathW
LoadLibraryA
SetUnhandledExceptionFilter
ExpungeConsoleCommandHistoryW
GlobalSize
GetCommProperties
VirtualLock
OpenMutexW

authz

AuthzAccessCheck
AuthzInitializeContextFromSid
AuthziFreeAuditParams
AuthzFreeHandle
AuthziModifyAuditEvent
AuthziInitializeAuditParamsWithRM
AuthziLogAuditEvent
AuthzFreeAuditEvent
AuthziModifyAuditQueue
AuthzOpenObjectAudit
AuthziInitializeAuditParams
AuthziModifyAuditEventType
AuthziInitializeAuditQueue
AuthzInitializeObjectAccessAuditEvent
AuthziInitializeAuditEvent
AuthziFreeAuditEventType
AuthziInitializeAuditParamsFromArray
AuthziInitializeAuditEventType
AuthziAllocateAuditParams
AuthzFreeResourceManager
AuthzCachedAccessCheck
AuthzInitializeResourceManager
AuthzGetInformationFromContext
AuthzInitializeContextFromAuthzContext
AuthzAddSidsToContext
AuthzFreeContext
AuthziFreeAuditQueue
AuthzInitializeContextFromToken

msi

MsiViewGetErrorW
DllGetClassObject
MsiPreviewDialogW
MsiProvideAssemblyW
MsiEnumFeaturesA
MsiPreviewBillboardW
MsiGetFileSignatureInformationW
MsiGetComponentPathA
MsiCollectUserInfoA
MsiGetProductCodeFromPackageCodeA
MsiApplyPatchA
MsiAdvertiseProductExA
MsiQueryProductStateA
MsiDoActionW
MsiReinstallFeatureA
MsiCreateAndVerifyInstallerDirectory
MsiIsProductElevatedW
MsiGetFeatureUsageA
MsiGetProductPropertyW
MsiGetComponentStateW
MsiProcessAdvertiseScriptA
MsiConfigureProductW
MsiRecordGetStringW
MsiDatabaseGetPrimaryKeysW
MsiOpenDatabaseA
MsiSummaryInfoGetPropertyA
MsiSetExternalUIW
MsiQueryProductStateW
MsiCollectUserInfoW
MsiQueryFeatureStateW
MsiDatabaseApplyTransformW
MsiViewGetErrorA
MsiEnumComponentCostsW
MsiEnumProductsW
MsiDatabaseGenerateTransformA
MsiProvideQualifiedComponentExA
MsiEnumProductsA

olecli32

GenEnumFormat
LeGetData
OleSetData
ErrShow
OleIsDcMeta
WEP
BmQueryBounds
OleCreateFromFile
ObjQueryName
ConnectDlgProc
DibGetData
OleUpdate
LeSetData
OleQuerySize
OleRenameClientDoc
PbDraw
ErrExecute
LeRelease
OleQueryProtocol
MfRelease
DibDraw
LeSetUpdateOptions
OleSetLinkUpdateOptions
CheckNetDrive
OleExecute

mfcsubs

??4CString@@QAEABV0@D@Z
?Find@CString@@QBEHG@Z
??0CString@@QAE@PBE@Z
?Lookup@CMapStringToPtr@@QBEHPBGAAPAX@Z
?ElementAt@CStringArray@@QAEAAVCString@@H@Z
?FormatV@CString@@IAEXPBGPAD@Z
??BCSyncObject@@QBEPAXXZ
?GetAt@CStringArray@@QBE?AVCString@@H@Z
??_FCMapStringToPtr@@QAEXXZ
?MakeUpper@CString@@QAEXXZ
?SpanExcluding@CString@@QBE?AV1@PBG@Z
?Collate@CString@@QBEHPBG@Z
?Lock@CCriticalSection@@QAEHXZ
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
?CompareNoCase@CString@@QBEHPBG@Z
?Compare@CString@@QBEHPBG@Z
?HashKey@CMapStringToPtr@@QBEIPBG@Z
?SetAt@CString@@QAEXHG@Z
??M@YG_NPBGABVCString@@@Z
??9@YG_NPBGABVCString@@@Z
??N@YG_NABVCString@@PBG@Z
?RemoveAt@CStringArray@@QAEXHH@Z
??M@YG_NABVCString@@0@Z
?FreeExtra@CString@@QAEXXZ
??H@YG?AVCString@@ABV0@PBG@Z
?Copy@CStringArray@@QAEXABV1@@Z
??H@YG?AVCString@@ABV0@G@Z
?GetUpperBound@CStringArray@@QBEHXZ
??0CString@@QAE@XZ
?AfxLoadString@@YGHIPAGI@Z
?SetAtGrow@CStringArray@@QAEXHPBG@Z
?GetBufferSetLength@CString@@QAEPAGH@Z
??4CString@@QAEABV0@PBD@Z
??1CCriticalSection@@UAE@XZ

wmasf

ASFGetRootObject
ASFCreateStreamSelector
ASFWriteHeaderToFile
ASFGUIDToCodecID
ASFGetHeaderObject
ASFFindRootObject
ASFGetStreamPropertiesObject
ASFCreateLibrary
ASFCreateIOMonitor
ASFFindStreamPropertiesObject
ASFCreateIndexMakerFileSink
ASFCreateIndexMaker
ASFGUIDFromCodecID
ASFReadHeaderFromFile
ASFFindHeaderObject

shlwapi

PathRelativePathToW
PathCombineA
SHCreateShellPalette
AssocQueryStringA
PathIsFileSpecW
PathGetArgsW
PathIsRootW
SHRegOpenUSKeyA
PathCommonPrefixW
PathUndecorateA
PathIsRootA
PathQuoteSpacesW
UrlEscapeA
PathFindNextComponentW
SHStrDupW
SHDeleteKeyW
SHRegSetPathW
StrToInt64ExW
PathIsNetworkPathA
SHGetInverseCMAP
PathSearchAndQualifyA
StrFormatKBSizeA
StrStrIW
SHRegisterValidateTemplate
SHRegCreateUSKeyW
PathRemoveExtensionA
AssocQueryStringW
SHDeleteValueW
StrCmpNIA
DelayLoadFailureHook
PathStripPathW
PathIsUNCServerShareW
StrCSpnIA
ChrCmpIA
SHOpenRegStream2W
PathIsLFNFileSpecA
SHRegSetUSValueW
PathIsLFNFileSpecW
SHSetValueA
PathIsUNCServerA

cmutil

??1CIniA@@QAE@XZ
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBG@Z
??1CIniW@@QAE@XZ
?SetParams@CmLogFile@@QAEJHKPBD@Z
?CIniA_GetEntryFromReg@CIniA@@IBEPAEPAUHKEY__@@PBD1KK@Z
?GetRegPath@CIniW@@QBEPBGXZ
??0CIniA@@QAE@PAUHINSTANCE__@@PBD111@Z
?SetPrimaryFile@CIniW@@QAEXPBG@Z
GetOSVersion
WzToSz
??1CmLogFile@@QAE@XZ
?SetEntry@CIniW@@QAEXPBG@Z
CmFree
?SetSection@CIniW@@QAEXPBG@Z
ReleaseBold
??_FCIniW@@QAEXXZ
?SetEntry@CIniA@@QAEXPBD@Z
CmStrTrimW
?GPPS@CIniA@@QBEPADPBD00@Z
?LoadEntry@CIniA@@IBEPADPBD@Z
?WPPB@CIniW@@QAEXPBG0H@Z
?CIni_SetFile@CIniW@@KGXPAPAGPBG@Z
?SetFile@CIniA@@QAEXPBD@Z
CmStrCpyAllocA
CmStripPathAndExtW
?GetHInst@CIniW@@QBEPAUHINSTANCE__@@XZ
?SetEntryFromIdx@CIniW@@QAEXK@Z
?GPPB@CIniW@@QBEHPBG0H@Z
CmFmtMsgA

msvcrt

_wenviron
_CIpow
_wexecl
fputc
_findnext
_strtoi64
__p__environ
time
_mbctokata
_mbstrlen
__crtLCMapStringW
abort
sscanf
__unDNameEx
??_E__non_rtti_object@@UAEPAXI@Z
_getwche
__set_app_type
_ecvt
bsearch
__p__commode
_pclose
exit
_cwprintf
wcsrchr
_wtmpnam
wcspbrk
free
_ismbbkprint
_wfdopen
_ui64tow
__getmainargs
??_7bad_typeid@@6B@
fmod
vswprintf
__RTCastToVoid
??_7bad_cast@@6B@
_CIlog
??_7exception@@6B@
_wspawnlpe
_setmode
puts
_heapset
__winitenv

rasadhlp

AcsHlpNbConnection
WSAttemptAutodialName
WSAttemptAutodialAddr
WSNoteSuccessfulHostentLookup

mapistub

UNKOBJ_ScSzFromIdsAlloc@20
HrGetOmiProvidersFlags
WrapProgress@20
SwapPword@8
ScDupPropset@16
BMAPISendMail
SzFindLastCh@8
BMAPIResolveName
OpenTnefStreamEx@32
SetAttribIMsgOnIStg@16
HrSetOmiProvidersFlagsInvalid@4
MAPIResolveName
FBadRow@4
HrAddColumnsEx@20
WrapCompressedRTFStream
MAPIFindNext
LAUNCHWIZARD
cmc_logon
HrAddColumns@16
HrSetOmiProvidersFlagsInvalid
MAPIOpenLocalFormContainer@4
OpenTnefStreamEx
MAPIAdminProfiles@8
OpenTnefStream
MAPISendMail
IsBadBoundedStringPtr@8
FBadEntryList@4
ScGenerateMuid@4
MNLS_WideCharToMultiByte@32
OpenIMsgSession@12
FBinFromHex@8
__CPPValidateParameters@8
FGetComponentPath@20
FixMAPI
LpValFindProp@12
FBadRglpszW@8
MAPIAllocateBuffer
BuildDisplayTable@40
EnableIdleRoutine@8
MAPIAddress
OpenIMsgOnIStg@44
HrAllocAdviseSink@12
ScCountNotifications@12
ScLocalPathFromUNC@12
CchOfEncoding@4

credui

CredUICmdLinePromptForCredentialsA
CredUIPromptForCredentialsA
CredUIParseUserNameW
CredUIParseUserNameA
DllGetClassObject
CredUIStoreSSOCredW
CredUIReadSSOCredA
CredUIInitControls
CredUIPromptForCredentialsW
CredUIConfirmCredentialsW
CredUICmdLinePromptForCredentialsW
CredUIConfirmCredentialsA
CredUIStoreSSOCredA
CredUIReadSSOCredW

user32

MessageBoxW
EndDialog

shell32

SHGetMalloc

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e791000b6e391e506e530fc7bc36105c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

authz

msi

olecli32

mfcsubs

wmasf

shlwapi

cmutil

msvcrt

rasadhlp

mapistub

credui

user32

shell32

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 25KB - Virtual size: 75KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 25KB - Virtual size: 75KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B