28492c55dcd0b25d11a36ba877fd6415_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28492c55dcd0b25d11a36ba877fd6415_JaffaCakes118
Size

398KB
MD5

28492c55dcd0b25d11a36ba877fd6415
SHA1

7f50b144452610e133300dc0979c83cb46f0eab8
SHA256

288e96b7e7b8d23e0d703a49a43452b57a1b7ca54d479e60c9f13e282473b76b
SHA512

a7c1ce43e73660d284de87bea248e83a729443fecb910cb3306ea9ce5b704e89232abee6a29cc0088f165c91982adcb677656d08f316292795b47abf8f0ac0e3
SSDEEP

6144:E7WtfTMmllsyPn4mRY7i4/mE3ScODOu4VlqqcFsLuGAZNGq5pr/4EKUP6LbCk6/5:E79mV34dSvR4HJcFsLuGeIq5qF6/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28492c55dcd0b25d11a36ba877fd6415_JaffaCakes118

Files

28492c55dcd0b25d11a36ba877fd6415_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e0317d391369d8a62ee55a5cc2566fb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

netapi32

NetShareGetInfo
NetApiBufferFree
NetWkstaGetInfo

ntdll

towupper
iswctype
NtQueryQuotaInformationFile

comdlg32

GetSaveFileNameW
GetFileTitleW

mapi32

BMAPIAddress
MAPIAllocateMore
ScMAPIXFromSMAPI
BMAPIDetails
BMAPISaveMail
MAPIFreeBuffer
MAPILogonEx
GetOutlookVersion
LAUNCHWIZARD
HrGetOmiProvidersFlags
BMAPIResolveName
DllGetClassObject
cmc_look_up
HrSetOmiProvidersFlagsInvalid
WrapCompressedRTFStream
MAPIInitialize
RTFSync

syssetup

AsrFreeContext
AsrAddSifEntryW

advapi32

CloseServiceHandle
RegOpenKeyExW
EncryptFileW
RegQueryValueExA
RegUnLoadKeyW
RegRestoreKeyW
RegDeleteValueW
OpenServiceW
EqualSid
SetFileSecurityW
CloseEncryptedFileRaw
RegCloseKey
GetSecurityDescriptorDacl
AllocateAndInitializeSid
ControlService
RegSaveKeyW
RegisterEventSourceW
RegConnectRegistryW
DeleteAce
RegFlushKey
AddAccessAllowedAce

setupapi

SetupOpenInfFileW
SetupCloseInfFile

msacm32

acmDriverEnum
acmFormatChooseA
acmDriverMessage
acmDriverOpen
XRegThunkEntry
acmFilterEnumA
acmStreamPrepareHeader
acmFormatTagDetailsW
acmFormatTagEnumA
acmFilterTagEnumA
acmGetVersion
acmMetrics
acmStreamClose
acmFormatTagDetailsA

ole32

CoInitializeSecurity
CoUninitialize
CoInitializeEx

mpr

WNetCancelConnection2W

kernel32

VirtualAlloc
GetCurrentThread
GetVersionExW
SetFileTime
GetComputerNameW
SetLastError
RemoveDirectoryW
SetFileAttributesW
LockResource
MoveFileExW
BackupRead
FormatMessageW
DeleteFileW
GetDateFormatW
LocalFree
GetTimeFormatW
ReadFile
GetProcessHeap
EnterCriticalSection
CloseHandle
FlushFileBuffers
VirtualFree
GetCurrentProcess
SetFileShortNameW
CreateThread
GetStartupInfoW
GetDriveTypeW
ExpandEnvironmentStringsW
FindFirstVolumeMountPointW
WriteTapemark
CreateHardLinkW
GetLocalTime
PrepareTape
SetUnhandledExceptionFilter
GlobalAlloc
GetCompressedFileSizeW
SetErrorMode
GetPrivateProfileStringW
HeapAlloc
GetExitCodeThread
ReleaseMutex
GetUserDefaultLCID
LocalFileTimeToFileTime
GetNumberFormatW
VerifyVersionInfoW
CreateDirectoryW
GetLastError
GetVolumePathNameW
GetVersionExW
LockFile
UnhandledExceptionFilter
CompareStringW
HeapSize
WideCharToMultiByte
SetEvent
SystemTimeToTzSpecificLocalTime
FindNextVolumeMountPointW

rpcrt4

UuidToStringW

comctl32

ImageList_ReplaceIcon
PropertySheetW

shell32

SHGetSpecialFolderLocation
SHGetFileInfoW
ExtractIconExW
SHGetMalloc

gdi32

Polygon
CreateCompatibleBitmap
GetTextExtentPoint32W
CreateBitmap
BitBlt
Rectangle
SelectObject
CreateFontIndirectW

user32

GetSysColor
RemoveMenu
WindowFromPoint
UnregisterClassW
wvsprintfW
SetWindowLongW
InvalidateRect
DestroyIcon
GetParent
MapDialogRect
GetFocus
GetDesktopWindow
GetClientRect
IsWindowVisible
LoadBitmapW
EnableMenuItem
SetActiveWindow
CopyRect
GetMenuItemID
IsCharAlphaNumericW
InvalidateRgn
GetCursorPos
GetCapture
DrawFocusRect
GetNextDlgGroupItem
LoadCursorW
SetCursor
FlashWindow
EnableWindow
GetDC
GetMenu
GetMenuItemCount
LoadIconW
SetTimer
GetWindowTextW
CreateIconIndirect
SendMessageW

msorcl32

SQLProcedures
SQLDescribeCol
SQLSetPos
SQLTransact
SQLGetConnectOption
SQLAllocConnect
SQLGetStmtOption
SQLGetInfo
SQLSetConnectOption
SQLColAttributes
SQLGetTypeInfo
SQLExecute
SQLExecDirect
SQLFreeStmt
SQLNativeSql
SQLNumParams
SQLRowCount
SQLBrowseConnect
SQLProcedureColumns
SQLConnect
SQLSetScrollOptions
SQLFreeConnect
SQLPrepare
SQLCancel
SQLError

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 732KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0317d391369d8a62ee55a5cc2566fb4

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

ntdll

comdlg32

mapi32

syssetup

advapi32

setupapi

msacm32

ole32

mpr

kernel32

rpcrt4

comctl32

shell32

gdi32

user32

msorcl32

Sections

.text Size: 251KB - Virtual size: 251KB

.data Size: 52KB - Virtual size: 51KB

.rsrc Size: 94KB - Virtual size: 732KB

.text
Size: 251KB - Virtual size: 251KB

.data
Size: 52KB - Virtual size: 51KB

.rsrc
Size: 94KB - Virtual size: 732KB