2f0f04ba3e4cf1175ef8329bcb9021be_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f0f04ba3e4cf1175ef8329bcb9021be_JaffaCakes118
Size

40KB
MD5

2f0f04ba3e4cf1175ef8329bcb9021be
SHA1

0ca00ae37ecfc1828c0204c6b4e0cc0b39ca560b
SHA256

c6416f2882040efe50c235240fdea3d7bd353fda279559d48e9c24358b54d04c
SHA512

b7b33436c2861f9744484008f618b2dcb45da3424b8eaf17a65a5c3f37179bfc0b33327c4617df3a4a8ed72094e62fce5b102b66f7dfcff56b0838c0e952a0a5
SSDEEP

768:MM8qUjmYlKcSkqex3CtNWjxy7VeVB/AAnqqoMXUdtx6p4z4Bi0wXMsa:MM8qUjm6KcShO3CnIy7gVBfnqqoac6pp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f0f04ba3e4cf1175ef8329bcb9021be_JaffaCakes118

Files

2f0f04ba3e4cf1175ef8329bcb9021be_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8428208e3763f55482ced8f900576d03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalWire
PostQueuedCompletionStatus
GetConsoleAliasA
HeapReAlloc
GlobalAlloc
VirtualAlloc
FindNextVolumeA
GetModuleFileNameA
GetLogicalDriveStringsA
ActivateActCtx
SetLastError
SetConsoleCP
GetConsoleMode
_lopen
GetModuleHandleA
SetSystemPowerState
GetACP
GetOEMCP
WriteConsoleOutputAttribute
GetStartupInfoA
lstrlenA
DeleteCriticalSection
VirtualFree
LCMapStringW
CreatePipe
GetVolumeNameForVolumeMountPointA
FillConsoleOutputCharacterA
GetCommConfig
LoadLibraryA
_lcreat
DosPathToSessionPathA
PurgeComm
GlobalDeleteAtom
GetSystemWow64DirectoryA
GetProcessWorkingSetSize
SetThreadPriority
SuspendThread
InterlockedExchangeAdd

inetcomm

HrSaveAttachToFile
MimeEditCreateMimeDocument
MimeOleCreateHashTable
MimeOleSMimeCapRelease
MimeOleSMimeCapsToDlg
EssSignCertificateEncodeEx
MimeOleGetAllocator
MimeOleSMimeCapGetEncAlg
MimeOleGetFileInfoW
MimeOleParseRfc822Address
MimeOleGetBodyPropA
MimeOleCreateSecurity
MimeOleCreateByteStream
MimeOleConvertEnrichedToHTML
MimeOleOpenFileStream
MimeOleStripHeaders
HrDoAttachmentVerb
MimeOleParseMhtmlUrl
HrAttachDataFromBodyPart
MimeOleFileTimeToInetDate
MimeOleGetFileExtension
EssSignCertificateDecodeEx
MimeOleAlgStrengthFromSMimeCap
CreatePOP3Transport
MimeOleAlgNameFromSMimeCap
CreateSMTPTransport
MimeGetAddressFormatW
EssReceiptRequestDecodeEx
HrGetAttachIconByFile
MimeOleClearDirtyTree
HrAttachDataFromFile
MimeOleSetPropW
CreateNNTPTransport
MimeOleSMimeCapsFromDlg
EssSecurityLabelEncodeEx

crtdll

wcscoll
_findfirst
fabs
labs
strrchr
_statusfp
perror
_spawnle
_winminor_dll
_isatty
strspn
_gcvt
_getdrives
_tzname
_ctype
__isascii
iswcntrl
wscanf
wcscat
_wcsset
_c_exit
islower
_wcsicoll
_toupper
_ftime
_cpumode_dll
_ultow
_mbstok

msdart

?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
?TryReadLock@CReaderWriterLock3@@QAE_NXZ
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
?ReadOrWriteLock@CFakeLock@@QAE_NXZ
?IsReadLocked@CSmallSpinLock@@QBE_NXZ
?_ExtractKey@CLKRLinearHashTable@@ABE?BKPBX@Z
?SetSpinCount@CReaderWriterLock3@@QAE_NG@Z
?_ExtractKey@CLKRHashTable@@ABE?BKPBX@Z
?_TryLock@CSmallSpinLock@@AAE_NXZ
?IsReadLocked@CLKRLinearHashTable@@QBE_NXZ
?ReadOrWriteUnlock@CCritSec@@QAEX_N@Z
??1CLockedSingleList@@QAE@XZ
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
?SetTableLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
IrtlTrace
?ReadUnlock@CReaderWriterLock@@QAEXXZ
?_Expand@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
??0CLKRHashTableStats@@QAE@XZ
??0CFakeLock@@QAE@XZ
?GetSpinCount@CReaderWriterLock2@@QBEGXZ
?TryWriteLock@CSpinLock@@QAE_NXZ
?SetDefaultSpinCount@CCritSec@@SGXG@Z
?ConvertSharedToExclusive@CLKRHashTable@@QBEXXZ
?Unlock@CLockedSingleList@@QAEXXZ
MPInitializeCriticalSection
?sm_wDefaultSpinCount@CCritSec@@1GA
mpMalloc
?IsWriteLocked@CLKRLinearHashTable@@QBE_NXZ
?IsWinNT4@CMdVersionInfo@@SAHXZ
?GetDefaultSpinCount@CSmallSpinLock@@SGGXZ
?Push@CSingleList@@QAEXQAVCSingleListEntry@@@Z
?FindRecord@CLKRLinearHashTable@@QBE?AW4LK_RETCODE@@PBX@Z
?_H1@CLKRLinearHashTable@@CGKKK@Z

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8428208e3763f55482ced8f900576d03

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

inetcomm

crtdll

msdart

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 3KB - Virtual size: 3KB