26233708747f4b7e1c53a46ce2616e01_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26233708747f4b7e1c53a46ce2616e01_JaffaCakes118
Size

51KB
MD5

26233708747f4b7e1c53a46ce2616e01
SHA1

0a009dc1308be1741f70d3f4b36df0abd4066064
SHA256

130927ce2dab9ebdb91cb1f2ca12ceb01ac285de5bc461d12024d97d39a8ee74
SHA512

369ceacb4dab386ef2e435f7d5e2de18a01d0115bb0292e3f473a134f66b62c410c6b52b22fbcb6edcf90e2a15c68b69bbf346ddf01530f2b14e4eab8e4fd13f
SSDEEP

1536:+FA8MuRw2Og9gwY8maSFmhRpEc2j1binFFCz0OzSQyz1P:Od+2OrD8PQhB2FFCz0OzVyx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26233708747f4b7e1c53a46ce2616e01_JaffaCakes118

Files

26233708747f4b7e1c53a46ce2616e01_JaffaCakes118
.exe windows:5 windows x86 arch:x86

23a92c668e566f75cd86f61e7434f25e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

DllInstall
GopherCreateLocatorW
UnlockUrlCacheEntryFileA
InternetCrackUrlA
FreeUrlCacheSpaceW
FindFirstUrlCacheEntryA
InternetFindNextFileA
InternetGetLastResponseInfoA
SetUrlCacheEntryInfoA
InternetShowSecurityInfoByURLA
FtpGetFileSize
DeleteIE3Cache
GopherFindFirstFileA
FindFirstUrlCacheEntryExA
GetUrlCacheHeaderData
InternetTimeFromSystemTime
InternetCreateUrlA
InternetConnectW
FindNextUrlCacheEntryExW
IsHostInProxyBypassList
PrivacySetZonePreferenceW
FindFirstUrlCacheGroup
SetUrlCacheEntryGroup
GetUrlCacheConfigInfoW
FtpSetCurrentDirectoryA
InternetSecurityProtocolToStringA
InternetClearAllPerSiteCookieDecisions

kernel32

VirtualAlloc
GlobalAddAtomW
SetThreadAffinityMask
_hread
SetThreadContext
GetCurrentThread
Heap32Next
GetACP
GetStartupInfoW
SetFileShortNameA
GetConsoleCommandHistoryLengthA
OpenWaitableTimerA
EnumUILanguagesW
SystemTimeToFileTime
HeapCompact
lstrcpyW
SetFileAttributesW
LoadLibraryA
BindIoCompletionCallback
GetProfileStringA
FindNextVolumeMountPointW
Thread32First
_lcreat
SetFileAttributesA
CreateDirectoryA
SetLastError
InitializeCriticalSection
WriteConsoleA
WaitForSingleObjectEx
CreateWaitableTimerW
SetHandleContext
SetUserGeoID

mapi32

FBadSortOrderSet@4
SwapPword@8
DeinitMapiUtil@0
FBadRestriction@4
ScMAPIXFromCMC
BMAPIDetails
UNKOBJ_ScCOAllocate@12
UlAddRef@4
HrComposeMsgID@24
WrapStoreEntryID@24
HrValidateIPMSubtree@20
BMAPIGetAddress
FBadRow@4
cmc_logon
MAPIAdminProfiles@8
UNKOBJ_ScAllocate@12
HrDecomposeEID@28
MAPIAllocateMore
FBadPropTag@4
OpenIMsgSession@12
MNLS_CompareStringW@24
ScInitMapiUtil@4
UlFromSzHex@4
OpenIMsgOnIStg@44
UlPropSize@4
SetAttribIMsgOnIStg@16
MAPIAddress
RTFSync@12

rasman

RasDeviceGetInfo
RasAddNotification
RasCompressionSetInfo
RasReferenceCustomCount
RasPortRetrieveUserData
RasPortSetFramingEx
RasPortConnectComplete
RasGetHConnFromEntry
RasRegisterPnPEvent
RasPortListen
RasPortGetInfo
RasRpcDeviceEnum
RasGetFramingCapabilities
RasRequestNotification
RasRpcGetCountryInfo
RasPortClearStatistics
RasAddConnectionPort
RasPortSend
RasBundleGetStatistics
RasInitialize
RasSetCalledIdInfo
RasSecurityDialogSend
RasSetDeviceConfigInfo
RasSetCommSettings
RasGetDevConfigEx

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23a92c668e566f75cd86f61e7434f25e

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

mapi32

rasman

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 880B

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 880B

.rsrc
Size: 8KB - Virtual size: 7KB