f9afbe57177902f033616ee9f20d100f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9afbe57177902f033616ee9f20d100f_JaffaCakes118
Size

47KB
MD5

f9afbe57177902f033616ee9f20d100f
SHA1

4812c797c3face12a46802914d62e761ea3e65c4
SHA256

2bfef24c0eb5193b7941261f35b9653c98252bd86c8723ff9ac0c32e4ae8ac5d
SHA512

0ba58122e95f9e55f8d1c54fb4ef5311cb2e9bfebbcec39bab3a31dcb951f7164ef1b50e05a505a37b5b22bcd19197f45dbb99cff7eb487bf2a6c1075a744732
SSDEEP

768:TycSKgnZ5HrFK5to9Xe0hg2cDBmEP5RJSy2vMSBYxcPL3hokDe3FnN6G0hDoE:vS/BrFKkXhgdoEP5RWESBKo3KkDo0GQn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9afbe57177902f033616ee9f20d100f_JaffaCakes118

Files

f9afbe57177902f033616ee9f20d100f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

19a9a4a444e3da36f85f0d156d18eebe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??_Gbad_cast@@UAEPAXI@Z
_wmkdir
ispunct
_mbsrchr
__CxxRegisterExceptionObject
__p__fmode
?_query_new_mode@@YAHXZ
freopen
clock
wscanf
_wstati64
__unguarded_readlc_active
atan
_write
perror
_i64tow
_mbcasemap
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
iswdigit
mbtowc
_finite
_mbsninc
_wstat64
iswcntrl
_clearfp
_CIsinh
_futime
_wctime64
_inpw
_execvp
_atodbl
_wspawnl
strcoll
_getdcwd
_wcstoui64
_execl
abort
sinh
_snwprintf
__iscsym
__p__dstbias
??_7exception@@6B@
_mbctype
??0bad_typeid@@QAE@PBD@Z
__threadhandle
??0bad_cast@@QAE@ABV0@@Z
_msize
_mbsstr
tmpfile
swscanf
_resetstkoflw
_mbsncpy
_wexecve
_setsystime
_CItanh
_safe_fprem
_setmaxstdio
_wcsnset
_wcstoi64
??3@YAXPAX@Z
_mbctombb
_scalb
_ismbcalnum
_ismbstrail
strspn
_cputs
srand
_wmktemp
_exit
atof
vsprintf
_setjmp3
_wspawnlp
_findnext64
time

adsldpc

ConvertU2TrusteeToSid
ADSIOpenDSObject
ADSIFreeColumn
BuildADsPathFromLDAPPath2
LdapIsClassNameValidOnServer
LdapControlsFree
ADsCloseSearchHandle
ADSIGetNextColumnName
ADsExecuteSearch
AllocADsStr
LdapAddExtS
ADsGetNextColumnName
LdapModDnS
FreeObjectInfo
ADSIGetFirstRow
LdapTypeToAdsTypeDNWithString
intcmp
LdapAddS
LdapTypeToAdsTypeDNWithBinary
?SetAtDisabler@CLexer@@QAEXH@Z
LdapCompareExt
BuildLDAPPathFromADsPath
GetLDAPTypeName
AdsTypeToLdapTypeCopyDNWithString
ADsSetObjectAttributes
ReadServerSupportsIsADControl
ADsDeleteAttributeDefinition
LdapReadAttributeFast
ADSICloseDSObject
ADsWriteClassDefinition
LdapModifyS
LdapGetValuesLen
??1CLexer@@QAE@XZ
LdapValueFree
FindSearchTableIndex
LdapReadAttribute2
ADSIGetNextRow
LdapcSetStickyServer
BuildADsPathFromParent
LdapTypeCopyConstruct

kernel32

lstrlenA
_hread
GetFileInformationByHandle
LockFile
HeapCompact
GetMailslotInfo
GetThreadSelectorEntry
IsProcessorFeaturePresent
FindVolumeClose
InitializeCriticalSectionAndSpinCount
GetConsoleKeyboardLayoutNameW
MapUserPhysicalPagesScatter
GetCurrentDirectoryA
GetSystemDirectoryA
GetCPInfo
WriteFile
LoadLibraryA
LZStart
DeleteFileA
Process32Next
SetupComm
GetLogicalDrives
EnumCalendarInfoA
VirtualAlloc
SearchPathA
GetConsoleAliasesLengthA
GetTickCount
GetModuleHandleW
GetNamedPipeHandleStateA
AddConsoleAliasW
SetConsoleInputExeNameA
GetModuleHandleA
InterlockedDecrement
TransactNamedPipe
UnregisterWaitEx
GetStartupInfoW

oleaut32

SafeArrayUnlock
VarDateFromI2
VarPow
VarFormatDateTime
BstrFromVector
RegisterTypeLib
VARIANT_UserMarshal
VarR4FromUI2
VarI2FromUI4
VarUI2FromI2
VarDateFromI4
VarBoolFromDisp
VarI8FromI2
SafeArrayGetIID
VarDecSub
VarI2FromDisp
VarI4FromUI2
VarI8FromDate
GetRecordInfoFromTypeInfo
VariantCopy
SafeArrayRedim
VarR8FromI1
LHashValOfNameSysA
VarDateFromDec
VarR8FromI8
OleCreatePictureIndirect

crtdll

_ismbbprint
_beep
_mbstrlen
atan2
_fpclass
_CIexp
_heapset
??2@YAPAXI@Z
_strupr
_ismbcl1
_mbsbtype
isalnum
__pxcptinfoptrs
_osmajor_dll
_mbctoupper
_sys_errlist
_jn
_abnormal_termination
_dup
_getdrive
_swab
strftime
fclose
_creat
_mbsdec
_scalb
_setjmp

shell32

SHGetMalloc

mapi32

EncodeID@12
UlRelease@4
MAPILogon
WrapCompressedRTFStream
UFromSz@4
MAPIUninitialize@0
BMAPISendMail
FtSubFt@16
HrComposeEID@28
IsBadBoundedStringPtr@8
LpValFindProp@12
ScCountProps@12
HrEntryIDFromSz@12
cmc_send_documents
HrDecomposeMsgID@24
UNKOBJ_ScSzFromIdsAlloc@20
OpenStreamOnFile@24
MNLS_lstrlenW@4
cmc_read
CbOfEncoded@4
MAPIOpenFormMgr
GetAttribIMsgOnIStg@12
HrGetOmiProvidersFlags@8
UNKOBJ_ScAllocate@12
GetOutlookVersion
CreateIProp@24
FBadRglpszW@8
ScLocalPathFromUNC@12
MAPILogonEx
ScCopyProps@16
HrSetOmiProvidersFlagsInvalid

user32

MessageBoxA
EndDialog

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19a9a4a444e3da36f85f0d156d18eebe

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

adsldpc

kernel32

oleaut32

crtdll

shell32

mapi32

user32

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 3KB - Virtual size: 23KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 23KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB