2835151c3d98067e05022d71aef97afa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2835151c3d98067e05022d71aef97afa_JaffaCakes118
Size

864KB
MD5

2835151c3d98067e05022d71aef97afa
SHA1

08691940e3b30ae2279df40418ec776343bb7d23
SHA256

82a6b13fe354c934550e972432c60df741240268c4cc567355633a3de9780ad5
SHA512

c2308431e76657fd59a28c2544c930c53d1669844f6a8143c1fe296ca50c34856ad67076124da28c61fec4dc56644bf876c7cb2e9a9b9b0107491b511a56e071
SSDEEP

24576:FC3vGDckN06bu0/HpZTvHUR7lpBMMMCZSpR9:I/GDco7uQHzHURJpBMMMCZSpR9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2835151c3d98067e05022d71aef97afa_JaffaCakes118

Files

2835151c3d98067e05022d71aef97afa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f78f6fa3be237bbd1740236ea5ffc430

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VerSetConditionMask
VirtualAlloc
GetBinaryTypeA
WritePrivateProfileSectionW
CreateSemaphoreW
WriteConsoleOutputCharacterW
CancelWaitableTimer
PurgeComm
GetCPInfoExW
MultiByteToWideChar
GetConsoleCommandHistoryW
IsBadHugeReadPtr
WriteProfileStringA
GetCurrentThread
ResetEvent
GetConsoleCursorMode
EnumSystemLocalesW
GetVersionExW
GetVDMCurrentDirectories
CreateJobObjectA
LZSeek
GetStringTypeExW
LeaveCriticalSection
SetMailslotInfo
GetFileAttributesExW
GlobalReAlloc
EnterCriticalSection
lstrcat
GetConsoleAliasExesA
SetConsoleInputExeNameW
GetProcAddress
LoadLibraryA
GetSystemWow64DirectoryW
SetEvent
BackupSeek
SetConsoleCtrlHandler
InterlockedPushEntrySList
RegisterConsoleIME
DeleteCriticalSection
GetConsoleCommandHistoryA
LoadLibraryExA
CopyFileExW
ConvertFiberToThread
MapViewOfFileEx
GetEnvironmentStringsA
UnlockFile
LocalLock
GetConsoleFontSize
ScrollConsoleScreenBufferA

mapistub

MNLS_lstrcpyW@8
FPropExists@8
MAPIFreeBuffer@4
FPropCompareProp@12
CchOfEncoding@4
MAPIFindNext
MAPISaveMail
SzFindSz@8
MAPIUninitialize
EnableIdleRoutine@8
HrComposeMsgID@24
MAPILogonEx
BMAPISaveMail
FBadRglpNameID@8
FBadRglpszW@8
CloseIMsgSession@4
PropCopyMore@16
cmc_free
LAUNCHWIZARD
ScGenerateMuid@4
BMAPISendMail
LpValFindProp@12
ScRelocNotifications@20
ScLocalPathFromUNC@12
MNLS_lstrcmpW@8
SzFindCh@8
OpenTnefStream@28
MAPIGetDefaultMalloc@0
UNKOBJ_Free@8
MAPIDetails
cmc_list
GetTnefStreamCodepage@12
PpropFindProp@12
HrEntryIDFromSz@12
ScCopyProps@16
OpenTnefStreamEx@32
FGetComponentPath@20
SwapPword@8

mfcsubs

?MakeUpper@CString@@QAEXXZ
?FormatMessageW@CString@@QAAXPBGZZ
?Lock@CSyncObject@@UAEHK@Z
?GetCount@CMapStringToPtr@@QBEHXZ
?SpanIncluding@CString@@QBE?AV1@PBG@Z
?InsertAt@CStringArray@@QAEXHPBGH@Z
??0CMapStringToPtr@@QAE@H@Z
?CompareNoCase@CString@@QBEHPBG@Z
?LockBuffer@CString@@QAEPAGXZ
??YCString@@QAEABV0@PBG@Z
?AfxLoadString@@YGHIPAGI@Z
?CopyBeforeWrite@CString@@IAEXXZ
?Empty@CString@@QAEXXZ
?Left@CString@@QBE?AV1@H@Z
?LoadStringW@CString@@QAEHI@Z
?TrimLeft@CString@@QAEXXZ
?GetData@CStringArray@@QBEPBVCString@@XZ
??H@YG?AVCString@@PBGABV0@@Z
?SetAtGrow@CStringArray@@QAEXHPBG@Z
?SetSize@CStringArray@@QAEXHH@Z
??9@YG_NPBGABVCString@@@Z
??M@YG_NABVCString@@PBG@Z
?GetAt@CString@@QBEGH@Z
?FreeExtra@CStringArray@@QAEXXZ
?AfxA2WHelper@@YGPAGPAGPBDH@Z
??_7CSyncObject@@6B@
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
?SetAt@CMapStringToPtr@@QAEXPBGPAX@Z
??0CString@@QAE@ABV0@@Z
??4CPlex@@QAEAAU0@ABU0@@Z
?Format@CString@@QAAXPBGZZ
?InitHashTable@CMapStringToPtr@@QAEXIH@Z
?Collate@CString@@QBEHPBG@Z
??ACStringArray@@QAEAAVCString@@H@Z
??N@YG_NABVCString@@0@Z
?FreeAssoc@CMapStringToPtr@@IAEXPAUCAssoc@1@@Z
?AllocBuffer@CString@@IAEXH@Z

pdh

PdhGetFormattedCounterArrayA
PdhGetCounterInfoW
PdhGetDefaultPerfObjectHW
PdhAdd009CounterA
PdhGetLogFileTypeA
PdhExpandCounterPathW
PdhEnumLogSetNamesW
PdhEnumLogSetNamesA
PdhGetRawCounterValue
PdhEnumObjectItemsHW
PdhExpandWildCardPathW
PdhGetDefaultPerfCounterA
PdhTranslateLocaleCounterA
PdhConnectMachineW
PdhGetLogFileSize
PdhSetCounterScaleFactor
PdhEnumMachinesA
PdhBrowseCountersA
PdhGetDefaultPerfCounterHW
PdhLookupPerfIndexByNameW
PdhValidatePathW
PdhParseInstanceNameA
PdhMakeCounterPathW
PdhExpandCounterPathA
PdhSelectDataSourceW
PdhCollectQueryData
PdhExpandWildCardPathHW
PdhLookupPerfNameByIndexA
PdhVerifySQLDBW
PdhEnumMachinesHA
PdhEnumObjectItemsA
PdhGetDllVersion
PdhParseCounterPathA
PdhFormatFromRawValue
PdhExpandWildCardPathA
PdhEnumObjectsHW
PdhGetLogFileTypeW
PdhEnumObjectsW
PdhGetCounterTimeBase
PdhIsRealTimeQuery
PdhOpenLogW
PdhBrowseCountersW
PdhLookupPerfNameByIndexW

winmm

mciSetDriverData
joyGetDevCapsW
mci32Message
midiStreamPosition
mmioStringToFOURCCW
mciDriverNotify
joyGetPos
midiOutCachePatches
midiOutGetVolume
WOW32DriverCallback
waveOutSetPitch
mciGetDeviceIDA
mixerGetDevCapsA
waveInGetErrorTextA
mod32Message
waveOutWrite
OpenDriver
waveInOpen
midiInReset
midiStreamOut
timeGetSystemTime
mmioClose
joyGetNumDevs
mmioSeek
midiOutGetErrorTextW
mciLoadCommandResource
mmioWrite
midiInGetID
mmioRead
waveOutClose
mmioSendMessage
DrvGetModuleHandle
mciSendStringA
waveInClose
auxOutMessage
mixerGetDevCapsW
mixerSetControlDetails
midiStreamOpen

dsauth

StoreBeginSearch
StoreCreateObjectVA
StoreCollectAttributes
DhcpDsGetRoot
StoreSetSearchOneLevel
StoreEndSearch
DhcpEnumServersDS
DhcpDsEnumServers
DhcpDsCleanupDS
DhcpAddServerDS
StoreInitHandle
DhcpDsAddServer
StoreGetHandle
DhcpDsInitDS
DhcpDsGetLists
DhcpDsSetLists
StoreDeleteObject
StoreSearchGetNext
StoreSetSearchSubTree
DhcpDsGetAttribs
StoreCleanupHandle
DhcpDsValidateService
DhcpDeleteServerDS
DhcpDsDelServer

advapi32

CryptAcquireContextW
RegEnumValueA
QueryServiceConfigW
BackupEventLogA
ElfOldestRecord
AddUsersToEncryptedFile
RegSetValueW
LsaCreateAccount
OpenBackupEventLogW
RegDeleteKeyW
FileEncryptionStatusW
WmiDevInstToInstanceNameA
LsaGetRemoteUserName
AreAllAccessesGranted
WmiQuerySingleInstanceMultipleA
I_ScSetServiceBitsA
WmiSetSingleInstanceW
GetServiceKeyNameW
TraceMessage
ClearEventLogA
QueryTraceA
LsaLookupNames
GetSecurityDescriptorGroup
GetAccessPermissionsForObjectW
CredRenameA
WmiFreeBuffer

odpdx32

ConfigDSNW

Sections

.text
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 314KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 377KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f78f6fa3be237bbd1740236ea5ffc430

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mapistub

mfcsubs

pdh

winmm

dsauth

advapi32

odpdx32

Sections

.text Size: 169KB - Virtual size: 168KB

.rdata Size: 314KB - Virtual size: 313KB

.data Size: 377KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 984B

.text
Size: 169KB - Virtual size: 168KB

.rdata
Size: 314KB - Virtual size: 313KB

.data
Size: 377KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 984B