2ef276872c8a076f6796240df8831e47_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2ef276872c8a076f6796240df8831e47_JaffaCakes118
Size

847KB
MD5

2ef276872c8a076f6796240df8831e47
SHA1

61550211cbc8dbd5b6d705710062caec2440888b
SHA256

989033a84bcb21cb7a6a33e27c21e5070682ad5cc3f856e9759c63ef9c98245a
SHA512

c77d71f07a4dc313d3b6476ce342fd9db8f2dea9ba0c749e219aac50837992e51633cc92f31cf8f6217227e3b75d487b7d990fdf05f7800bd0a8429c6ac37ff0
SSDEEP

24576:TAXOkCxyH7kigol6/MCOEPB/USuyHEpQ+Q:0fCMbwolyMx1fp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ef276872c8a076f6796240df8831e47_JaffaCakes118

Files

2ef276872c8a076f6796240df8831e47_JaffaCakes118
.exe windows:5 windows x86 arch:x86

38ee242474d6d68b3a594405d38ad8e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetPath
SetICMProfileA
EngPlgBlt
CreateDCW
GdiQueryTable
TranslateCharsetInfo
DdEntry13
EngQueryEMFInfo
PlayEnhMetaFileRecord
CreateColorSpaceW
GetICMProfileA
SetICMProfileW
GdiFullscreenControl
EngAlphaBlend
CreateHalftonePalette
CreatePolyPolygonRgn
GdiValidateHandle

wintrust

CryptCATGetAttrInfo
CryptSIPGetRegWorkingFlags
OpenPersonalTrustDBDialog
CryptSIPCreateIndirectData
WVTAsn1SpcIndirectDataContentDecode
WVTAsn1SpcSpOpusInfoDecode
WVTAsn1SpcMinimalCriteriaInfoDecode
CryptCATPutCatAttrInfo
SoftpubCleanup
WVTAsn1CatMemberInfoEncode
CryptSIPVerifyIndirectData
HTTPSFinalProv
WTHelperCertIsSelfSigned
WintrustAddActionID
WTHelperIsInRootStore
SoftpubDllUnregisterServer
CryptSIPPutSignedDataMsg
CryptCATGetCatAttrInfo
CryptCATCDFEnumCatAttributes
GenericChainCertificateTrust

odbccp32

SQLCreateDataSourceW
SQLInstallDriverManager
SQLRemoveDefaultDataSource
SQLInstallTranslatorExW
SQLInstallTranslator
SQLManageDataSources
SQLInstallTranslatorW
SQLInstallTranslatorEx
SQLRemoveDSNFromIni
SQLLoadDataSourcesListBox
SQLConfigDriverW
SQLRemoveTranslator
SQLGetInstalledDriversW
SQLCreateDataSource
SQLLoadDriverListBox
SQLInstallDriverExW
SQLValidDSN
SQLWriteDSNToIni
SQLGetInstalledDrivers
SQLSetConfigMode

kernel32

RtlCaptureContext
GetModuleHandleExW
SetHandleCount
SetCommMask
SetConsoleCursorPosition
WaitNamedPipeW
SetConsoleTextAttribute
SetSystemPowerState
ReadFileEx
GetTickCount
VirtualAlloc
LoadLibraryA
GetProcAddress
GetConsoleWindow
LZCreateFileW
LocalHandle
GetNumaAvailableMemoryNode
WriteConsoleOutputA
DeleteFiber
AddLocalAlternateComputerNameA
IsValidCodePage
GetModuleFileNameW
SetFilePointerEx
GetCalendarInfoA

mapi32

UNKOBJ_Free@8
HrSetOmiProvidersFlagsInvalid
LpValFindProp@12
cmc_act_on
MAPIOpenLocalFormContainer
UlFromSzHex@4
MAPIAllocateMore
FtSubFt@16
BMAPIGetReadMail
MAPILogoff
UlPropSize@4
MNLS_lstrcpyW@8
UFromSz@4
FPropContainsProp@12
IsBadBoundedStringPtr@8
MAPILogonEx
PRProviderInit
cmc_list
UlRelease@4
HrAddColumns@16
HrDispatchNotifications@4
ScLocalPathFromUNC@12
MAPIUninitialize

Sections

.text
Size: 731KB - Virtual size: 731KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38ee242474d6d68b3a594405d38ad8e0

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

wintrust

odbccp32

kernel32

mapi32

Sections

.text Size: 731KB - Virtual size: 731KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 4KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 731KB - Virtual size: 731KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 4KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB