0dec4a3748dca1e3632b309d00ecf7c1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0dec4a3748dca1e3632b309d00ecf7c1_JaffaCakes118
Size

69KB
MD5

0dec4a3748dca1e3632b309d00ecf7c1
SHA1

91f9484c6a576f1270b6eae4e3a14c263fd23cae
SHA256

831a0b8d9920428caa557cd93ecabd71aab0b72a6f5fd0def76876608f80a194
SHA512

5e7c7e85d233c976c9588bf752dd1d1af1776228d1f8a0a51a88fd2732a9f4553bed2be90302717f975adf7edbe2f3b577291fdcf31d79d201dfd76c9210dfc7
SSDEEP

1536:Hc2TPNU/a5yYi+M4ma+PPYCOM6bcXpsc7Ao55:rPNTymM/gCK7gAo55

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dec4a3748dca1e3632b309d00ecf7c1_JaffaCakes118

Files

0dec4a3748dca1e3632b309d00ecf7c1_JaffaCakes118
.exe windows:1 windows x86 arch:x86

05f7e78030aef0493af433ac4e2ed757

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VarI2FromUI4
VarFormatCurrency
VarR8FromI2
RevokeActiveObject
SafeArrayUnlock
OleTranslateColor
VarI4FromI2
LPSAFEARRAY_Unmarshal
VarUI1FromDec
VarXor
VarBstrFromDec
QueryPathOfRegTypeLib
VarI8FromDisp
VarFormat
SafeArrayGetDim

kernel32

GetConsoleScreenBufferInfo
LoadLibraryA
WriteProfileStringA
ExitProcess
SetFileValidData
FindFirstVolumeMountPointA
GetDiskFreeSpaceW
_llseek
GetSystemDirectoryW
HeapCreate
GetProcessWorkingSetSize
EndUpdateResourceW
WritePrivateProfileSectionA
VirtualAlloc
GetStartupInfoA
DefineDosDeviceW
EnumSystemLocalesW
GetConsoleWindow
OutputDebugStringA
GetDiskFreeSpaceExW
GetCurrentThread
GlobalLock
GetComputerNameA

msvcirt

?cin@@3Vistream_withassign@@A
??1logic_error@@UAE@XZ
??0ofstream@@QAE@PBDHH@Z
?tie@ios@@QBEPAVostream@@XZ
??4streambuf@@QAEAAV0@ABV0@@Z
??_7strstream@@6B@
??_7ostream@@6B@
?get@istream@@QAEAAV1@PAEHD@Z
??0stdiostream@@QAE@ABV0@@Z
__dummy_export
??5istream@@QAEAAV0@AAG@Z
?dbp@streambuf@@QAEXXZ
?tie@ios@@QAEPAVostream@@PAV2@@Z
?oct@@YAAAVios@@AAV1@@Z
??4istrstream@@QAEAAV0@ABV0@@Z
??0ifstream@@QAE@HPADH@Z
?width@ios@@QAEHH@Z
?binary@filebuf@@2HB
??0exception@@QAE@ABQBD@Z
?overflow@stdiobuf@@UAEHH@Z

mapi32

HrThisThreadAdviseSink@8
HrGetOmiProvidersFlags@8
cmc_read
ChangeIdleRoutine@28
MAPIAllocateMore
HrSetOneProp@8
UFromSz@4
FGetComponentPath@20
ScMAPIXFromSMAPI
MAPIOpenLocalFormContainer
FBadSortOrderSet@4
MAPIAllocateBuffer
UNKOBJ_Free@8
CreateTable@36
PRProviderInit
FtgRegisterIdleRoutine@20
MAPIFindNext

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05f7e78030aef0493af433ac4e2ed757

Headers

File Characteristics

Imports

oleaut32

kernel32

msvcirt

mapi32

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 158KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 158KB

.rsrc
Size: 1KB - Virtual size: 1KB