01c272195a68c69fe01c3b7915086de3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

01c272195a68c69fe01c3b7915086de3_JaffaCakes118
Size

853KB
MD5

01c272195a68c69fe01c3b7915086de3
SHA1

21f15043f3378364b458ac6bb1aca7f2ff03cb03
SHA256

f06cd00c2372ac744ffa29b9c116ef4d19c08f2dbe9bdd1e883c8fd75aae82ad
SHA512

1156f736b58cd622af1ba84e10bdce34dd94c164585fdec8407ca1b514cacf3508d8241fc5e8e074f6d761c4305a63e76bca10174c39c12cce37e8c0360b2128
SSDEEP

24576:YWQe/yEPP5VKs/QI2AR0PMIK7z7jF/9x2n9+j:YWBV348R00x1z2n9+j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01c272195a68c69fe01c3b7915086de3_JaffaCakes118

Files

01c272195a68c69fe01c3b7915086de3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

31d0ec84f65aba08277703bbea36c745

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cmutil

?Init@CRandom@@QAEXK@Z
?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
?GPPS@CIniW@@QBEPAGPBG00@Z
?GetFile@CIniW@@QBEPBGXZ
CmEndOfStrW
?GetSection@CIniA@@QBEPBDXZ
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBD@Z
?CIni_SetFile@CIniW@@KGXPAPAGPBG@Z
CmStrrchrW
?CIni_SetFile@CIniA@@KGXPAPADPBD@Z
??1CIniW@@QAE@XZ
CmStrCatAllocW
?SetHInst@CIniA@@QAEXPAUHINSTANCE__@@@Z
?SetPrimaryFile@CIniA@@QAEXPBD@Z
?GetSection@CIniW@@QBEPBGXZ
?GetHInst@CIniW@@QBEPAUHINSTANCE__@@XZ
GetOSVersion
?Banner@CmLogFile@@QAEXXZ
SzToWz
CmMoveMemory
??0CRandom@@QAE@XZ
?SetICSDataPath@CIniW@@QAEXPBG@Z
?SetRegPath@CIniW@@QAEXPBG@Z
ReleaseBold
SzToWzWithAlloc

odbctrac

TraceSQLGetDiagRec
TraceSQLGetCursorNameW
FireVSDebugEvent
TraceSQLConnectW
TraceSQLGetDiagFieldW
TraceSQLSetCursorNameW
TraceSQLSetParam
TraceSQLDescribeParam
TraceSQLSetConnectAttr
TraceSQLExecDirectW
TraceSQLSetStmtAttrW
TraceSQLGetFunctions
TraceVersion
TraceSQLColumnPrivilegesW
TraceVSControl
TraceSQLFreeEnv
TraceSQLForeignKeys
TraceSQLColAttributes
TraceSQLDriversW
TraceSQLConnect
TraceSQLGetDescFieldW

mapi32

WrapProgress@20
GetTnefStreamCodepage
HrDecomposeMsgID@24
FGetComponentPath
cmc_send
MAPIOpenLocalFormContainer
FPropExists@8
DeinitMapiUtil@0
cmc_query_configuration
BuildDisplayTable@40
MAPILogoff
HrComposeEID@28
BMAPIGetAddress
HexFromBin@12
cmc_list
MAPISaveMail
CloseIMsgSession@4
FtAddFt@16
MNLS_lstrcpyW@8

kernel32

CompareStringA
AddRefActCtx
TerminateJobObject
InitializeCriticalSection
IsSystemResumeAutomatic
VirtualAlloc
IsValidCodePage
BeginUpdateResourceA
GetCurrencyFormatW
WaitNamedPipeW
InterlockedExchangeAdd
ReadConsoleInputExW
IsBadCodePtr
ReadConsoleOutputW
DeactivateActCtx
LoadLibraryA
EnumLanguageGroupLocalesW
PrepareTape
AddLocalAlternateComputerNameW
GetFileTime

crypt32

CryptVerifyCertificateSignatureEx
CertVerifyTimeValidity
CertAddEncodedCertificateToSystemStoreA
CertGetIntendedKeyUsage
CertCreateSelfSignCertificate
CryptRegisterDefaultOIDFunction
CertDuplicateCRLContext
I_CertSyncStore
CryptMsgSignCTL
CryptFreeOIDFunctionAddress
RegOpenHKCUKeyExU
CryptVerifyDetachedMessageSignature
CryptGetOIDFunctionAddress
CertEnumCTLsInStore
I_CryptFreeLruCache
CertFindCTLInStore

winsta

ServerLicensingSetPolicy
ServerLicensingGetAvailablePolicyIds
WinStationNameFromLogonIdW
WinStationCloseServer
WinStationOpenServerW
ServerLicensingOpenA
WinStationEnumerate_IndexedW
WinStationEnumerateLicenses
WinStationEnumerateW
WinStationQueryInformationA
_WinStationNotifyLogon
WinStationSetInformationA
WinStationActivateLicense
_WinStationUpdateClientCachedCredentials
_WinStationGetApplicationInfo
ServerLicensingUnloadPolicy
ServerLicensingLoadPolicy
_WinStationAnnoyancePopup
ServerQueryInetConnectorInformationA

Sections

.text
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31d0ec84f65aba08277703bbea36c745

Headers

DLL Characteristics

File Characteristics

Imports

cmutil

odbctrac

mapi32

kernel32

crypt32

winsta

Sections

.text Size: 752KB - Virtual size: 752KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 5KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 752KB - Virtual size: 752KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 5KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB