1603c9ada02303fc2e856bedd2e22967_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1603c9ada02303fc2e856bedd2e22967_JaffaCakes118
Size

46KB
MD5

1603c9ada02303fc2e856bedd2e22967
SHA1

7d663f578a0620eafb65a0f6e23caeb9af514f6e
SHA256

c34df7a6c4389450a5c2e1674911cea968cab0fa259a1ef57b5d1ce9f10ffcde
SHA512

64eaa93377c47221be9c7f63d1985b399cc67851f0e2581fc66fcc04dbe0a5fc11bff00e16af70528948dd6db8e3093d4744ba8f7f16e0a41d7408b9c59d20be
SSDEEP

768:uVJaHDxBXd3/fwSrFmdfAOMsXT/5k7JUzY5ZDnmDf5mJdADmiWGVx:sJaHDHiSfOMsXbUJUumDf5mJdAKiHx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1603c9ada02303fc2e856bedd2e22967_JaffaCakes118

Files

1603c9ada02303fc2e856bedd2e22967_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5bb16c0270d74f9918568e3b7d2f0772

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RegisterConsoleVDM
ExitProcess
GetConsoleCommandHistoryA
TransmitCommChar
lstrcpynW
OutputDebugStringW
GetDateFormatW
InterlockedIncrement
WriteFileGather
LoadLibraryA
VirtualAlloc
GetFileSizeEx
SetProcessAffinityMask
RestoreLastError
VerifyVersionInfoW
LZOpenFileW
SetConsoleOutputCP
GetEnvironmentVariableA
SetConsoleInputExeNameW
UnregisterConsoleIME
RemoveDirectoryW
BuildCommDCBAndTimeoutsA
GetEnvironmentStrings
GetVolumePathNamesForVolumeNameA
SetConsoleCP
IsBadWritePtr
CreateNamedPipeA
GetACP
GlobalFree
Module32NextW
PeekConsoleInputW
FormatMessageA
FreeUserPhysicalPages
GetExitCodeProcess
GetModuleHandleA
GetDiskFreeSpaceA
GetProcessHeaps

mapi32

FBadProp@4
BMAPISendMail
HrValidateIPMSubtree@20
FreeProws@4
MAPIDeinitIdle@0
HrGetOmiProvidersFlags
UNKOBJ_ScSzFromIdsAlloc@20
GetOutlookVersion
CloseIMsgSession@4
MNLS_CompareStringW@24
ScCountProps@12
cmc_look_up
HrDecomposeEID@28
MAPIAdminProfiles@8
UFromSz@4
FBadEntryList@4
PropCopyMore@16
SzFindCh@8
MAPILogonEx
CreateTable@36
SwapPlong@8
UNKOBJ_Free@8
cmc_act_on
MAPISendMail
SzFindSz@8
SzFindLastCh@8
HrAllocAdviseSink@12
BMAPIDetails
ScUNCFromLocalPath@12
ScMAPIXFromSMAPI
UNKOBJ_COFree@8
BMAPIReadMail
__CPPValidateParameters@8
ScBinFromHexBounded@12
HexFromBin@12

dssenh

CPSetProvParam
CPAcquireContext
CPDestroyHash
CPSetKeyParam
CPGetHashParam
CPGenKey
CPExportKey
CPGetKeyParam
CPDecrypt
CPImportKey
CPHashData
CPHashSessionKey
CPSetHashParam
CPSignHash
CPDuplicateHash
CPCreateHash
CPGenRandom
CPDeriveKey
CPGetUserKey
CPEncrypt
CPReleaseContext
CPVerifySignature
CPDestroyKey
CPGetProvParam
CPDuplicateKey

winmm

midiOutReset
waveOutGetVolume
midiInPrepareHeader
mmioOpenW
midiInUnprepareHeader
mmioRenameA
timeGetSystemTime
midiInGetErrorTextA
mixerOpen
mciGetErrorStringA
midiOutPrepareHeader
mod32Message
waveOutGetDevCapsA
aux32Message
midiStreamRestart
midiStreamProperty
midiOutSetVolume
waveOutReset
DrvGetModuleHandle
midiInGetID
midiInAddBuffer
waveOutGetPosition
midiInGetDevCapsA
midiOutGetErrorTextW
joyGetDevCapsA
mixerSetControlDetails
mixerGetLineInfoA
mciLoadCommandResource
waveInOpen
waveOutGetDevCapsW
mmioSetBuffer
joyGetDevCapsW

adsldpc

ADSISetSearchPreference
FreeADsStr
LdapGetSyntaxOfAttributeOnServer
LdapCacheAddRef
LdapAttributeFree
SchemaGetClassInfoByIndex
ADsGetLastError
ADsDeleteDSObject
LdapGetNextPageS
LdapTypeToAdsTypeDNWithString
ADsEncodeBinaryData
LdapReadAttribute2
?SetExclaimnationDisabler@CLexer@@QAEXH@Z
LdapTypeToAdsTypeGeneralizedTime
SchemaGetClassInfo
GetSyntaxOfAttribute
InitObjectInfo
SchemaClose
AllocADsStr
ADsEnumClasses
LdapMsgFree
LdapInitializeSearchPreferences
LdapCrackUserDNtoNTLMUser2
FreeADsMem
LdapDeleteS
ADsDeleteClassDefinition
ADsGetObjectAttributes
LdapIsClassNameValidOnServer
FreeObjectInfo
ADsCloseSearchHandle
AdsTypeToLdapTypeCopyConstruct
ADsGetColumn
AdsTypeFreeAdsObjects
ReadServerSupportsIsADControl

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bb16c0270d74f9918568e3b7d2f0772

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mapi32

dssenh

winmm

adsldpc

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB