ff4dfc774ce83ec9ba14fbfec507c7dc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ff4dfc774ce83ec9ba14fbfec507c7dc_JaffaCakes118
Size

869KB
MD5

ff4dfc774ce83ec9ba14fbfec507c7dc
SHA1

64e180059f27295678b07d84fb9db5c9eac46eb6
SHA256

c921ed633a7c7b8d9091c7a397c793383f1676d8cc0cbbea8e8b26b1225e5415
SHA512

9aa1f92878d88100917e9e6ec75d6d0c093ebfe95e540eddbbe7c097bec9353e97ef49005917a6b1e21bed44cd6004d2062daf6ce43f7eca8c6966f44e5d5f21
SSDEEP

12288:r4Pz2SRFVZvIpyyiHZTu0usb9s6SOtIhH6zCSxh92Xdm4nub8WRVD3Bh7cGlmy3:UZRFH+8Z71rgHYCSf4XdRE8WjD3Bhb3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff4dfc774ce83ec9ba14fbfec507c7dc_JaffaCakes118

Files

ff4dfc774ce83ec9ba14fbfec507c7dc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8c1ecc99315e8ee3a0fdbe0ae9e06960

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwQueryBootEntryOrder
RtlSetHeapInformation
RtlFreeHandle
CsrCaptureMessageMultiUnicodeStringsInPlace
ZwSecureConnectPort
NtModifyBootEntry
ZwReleaseMutant
RtlFreeThreadActivationContextStack
_snwprintf
RtlLeaveCriticalSection
DbgUiIssueRemoteBreakin
ZwOpenEvent
DbgPrint
_ultow
strlen
RtlFindClearBits
NtCreateJobSet
iswxdigit
LdrQueryImageFileExecutionOptions
ZwSetEaFile
CsrCaptureMessageBuffer
RtlImageRvaToVa
NtCreateTimer
NtCreateFile
ZwLoadKey
RtlAnsiCharToUnicodeChar
NtCancelTimer
ZwUnloadKey
ZwCreateKeyedEvent
RtlAddAccessAllowedAce
RtlCreateHeap
ZwDisplayString
RtlTraceDatabaseDestroy
RtlUpcaseUnicodeString
RtlEqualComputerName
ZwYieldExecution
ZwEnumerateBootEntries
RtlRaiseException
floor
RtlSplay
NtCreateToken
RtlGetNtProductType
CsrCaptureMessageString
NtSetHighWaitLowEventPair
_CIcos
RtlAddAuditAccessAceEx
RtlMultiByteToUnicodeN
_CIlog
ZwSuspendProcess
RtlUnicodeStringToAnsiSize
RtlLargeIntegerShiftLeft
NtMapUserPhysicalPages
NtNotifyChangeKey
NtRequestPort
NtSetBootOptions
RtlSelfRelativeToAbsoluteSD
NtTestAlert
RtlNumberGenericTableElements
RtlInitializeGenericTable
ceil
NtCompactKeys
NtWaitLowEventPair
strcspn
RtlDelete
NtSetLdtEntries
ZwSetThreadExecutionState
RtlInsertElementGenericTable
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
NtSetThreadExecutionState
NtAcceptConnectPort
NtSuspendThread
sqrt
ZwSetQuotaInformationFile
ZwQuerySystemInformation
NtImpersonateThread
ZwReplyPort

kernel32

GlobalSize
GetProcessTimes
Thread32Next
GetTempFileNameA
RtlCaptureContext
GetTimeFormatW
SetCommMask
GetProcessVersion
CreateHardLinkW
SetThreadLocale
GetCurrentProcessId
CreateDirectoryExW
GetAtomNameA
CopyFileExW
DeleteFileA
Process32Next
GetProcessId
_llseek
GetModuleHandleA
GetProcessAffinityMask
GetTapeStatus
DeleteTimerQueueTimer
UnlockFileEx
ResetEvent
CreateTimerQueue
SetPriorityClass
InitAtomTable
GetProcessWorkingSetSize
lstrcmpW
WriteFileEx
SetCriticalSectionSpinCount
AddLocalAlternateComputerNameA
VirtualAlloc
SetConsoleMaximumWindowSize
GetPrivateProfileStringW
TlsFree
GetCurrencyFormatA
FindFirstFileExW
ReplaceFile
DeleteTimerQueue
HeapSize
DeleteFiber
SetFileApisToANSI
WriteConsoleOutputA
LoadLibraryA
GetConsoleAliasesA
GlobalHandle
ContinueDebugEvent

msisip

MsiSIPVerifyIndirectData
MsiSIPRemoveSignedDataMsg
MsiSIPIsMyTypeOfFile
MsiSIPGetSignedDataMsg
MsiSIPPutSignedDataMsg
MsiSIPCreateIndirectData

clusapi

CreateClusterResource
OpenCluster
EvictClusterNode
OpenClusterNetInterface
OpenClusterResource
ClusterRegDeleteValue
DeleteClusterResource
SetClusterGroupName
CreateClusterGroup
ClusterGroupEnum
ClusterControl
ClusterResourceGetEnumCount
ClusterGroupControl
AddClusterResourceDependency
CreateClusterResourceType
RemoveClusterResourceNode
ClusterNodeControl
OnlineClusterGroup
RestoreClusterDatabase
ClusterRegCloseKey
ClusterGetEnumCount
GetClusterResourceNetworkName
ClusterRegDeleteKey
PauseClusterNode
SetClusterNetworkPriorityOrder

wininet

HttpAddRequestHeadersA
InternetQueryOptionW
FtpCommandW
InternetGoOnlineW
CreateUrlCacheContainerA
InternetSetPerSiteCookieDecisionA
HttpOpenRequestA
UnlockUrlCacheEntryFileW
InternetCloseHandle
DeleteUrlCacheGroup
RetrieveUrlCacheEntryFileA
ShowX509EncodedCertificate
InternetGetConnectedState
InternetSetCookieA
InternetAlgIdToStringA
GopherCreateLocatorW
UnlockUrlCacheEntryFile
InternetTimeToSystemTimeW
GopherOpenFileW
GetUrlCacheGroupAttributeA
FindFirstUrlCacheEntryExA
InternetSetCookieExA
InternetSetDialStateW
GetUrlCacheEntryInfoExW
CommitUrlCacheEntryA
FtpRemoveDirectoryA
InternetOpenW
InternetSetPerSiteCookieDecisionW
FindFirstUrlCacheContainerW
FtpGetFileSize
RegisterUrlCacheNotification

mapi32

ScCopyNotifications@16
LaunchWizard@20
HrComposeMsgID@24
cmc_query_configuration
MAPIFreeBuffer@4
MAPIResolveName
HrDecomposeMsgID@24
HrValidateParameters@8
MAPIAllocateMore
ScCountProps@12
MAPISendMail
MAPIOpenLocalFormContainer
FtMulDwDw@8
FGetComponentPath
ScInitMapiUtil@4
MNLS_lstrcmpW@8
GetTnefStreamCodepage
HrAddColumns@16
FtgRegisterIdleRoutine@20
MAPILogon
UlRelease@4
GetTnefStreamCodepage@12
WrapStoreEntryID@24
UNKOBJ_ScCOAllocate@12
UlAddRef@4
OpenIMsgSession@12
EnableIdleRoutine@8
HrSetOmiProvidersFlagsInvalid@4
HrGetOmiProvidersFlags@8
GetAttribIMsgOnIStg@12
OpenTnefStreamEx

Sections

.text
Size: 537KB - Virtual size: 537KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 322KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c1ecc99315e8ee3a0fdbe0ae9e06960

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

msisip

clusapi

wininet

mapi32

Sections

.text Size: 537KB - Virtual size: 537KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 322KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 537KB - Virtual size: 537KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 322KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B