38689796e7f0ac67096ad6b4cf8a7e9d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38689796e7f0ac67096ad6b4cf8a7e9d_JaffaCakes118
Size

398KB
MD5

38689796e7f0ac67096ad6b4cf8a7e9d
SHA1

27079a99ca791f5afea26153cd3fe5966ef68189
SHA256

e016efb0d590e1c9a269ab52f0eb738de32d72a2224c9e9935a8103cbff3f8dd
SHA512

e6ed3824927e20db60ce2527acce9f40a748a35c61f13c6daab2f07293795d27f971f672ccb0edd6a22e39709cfcb06952c705f88f8cbd296ee6d61e985529c7
SSDEEP

6144:nAeQHFmTFi0+RDVvfyxgZZ4hI7PpgpI2etgBNkPVctz5JhzLpuZlFF0BG4DY:n4lPjfyxyZqGhg2j2SdQVzLkn0BG4DY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38689796e7f0ac67096ad6b4cf8a7e9d_JaffaCakes118

Files

38689796e7f0ac67096ad6b4cf8a7e9d_JaffaCakes118
.exe windows:8 windows x86 arch:x86

a1da76e2f7df4f4adcd4481d92c8c212

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msacm32

acmFormatSuggest
acmDriverDetailsW
acmFormatTagDetailsA
acmFormatDetailsW
acmStreamClose
acmFormatTagEnumW
acmFilterTagDetailsA
acmFormatTagEnumA
acmDriverPriority
acmDriverAddW
acmFormatChooseW
acmStreamPrepareHeader
acmStreamUnprepareHeader
acmDriverAddA

netapi32

NetShareEnum

setupapi

SetupGetStringFieldW

ole32

CoInitializeSecurity

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

kernel32

LocalFree
PrepareTape
SetFilePointer
GlobalAlloc
GetDiskFreeSpaceExW
CreateEventW
TerminateThread
CreateDirectoryW
ReadFile
InitializeCriticalSection
LockFile
UnhandledExceptionFilter
HeapFree
CompareStringW
WriteTapemark
GetTimeZoneInformation
FileTimeToSystemTime
FindVolumeMountPointClose
GetCurrentProcessId
SetTapeParameters
BackupWrite
GetFileSize
FindNextFileW
GetProcAddress
GetProcessHeap
GetDateFormatW
FileTimeToLocalFileTime
DeleteCriticalSection
VerSetConditionMask
Sleep
SetEndOfFile
HeapSize
VirtualFree
GetVersionExW
WaitForSingleObject
GetCompressedFileSizeW
LockResource
VirtualAlloc
CloseHandle
MoveFileExW
HeapAlloc
SetCurrentDirectoryW
CreateSemaphoreW
GetLocalTime

mapi32

MAPIOpenFormMgr
BMAPISaveMail
MAPIDeleteMail
BMAPIResolveName
BMAPIReadMail
cmc_logon
DllCanUnloadNow
BMAPIFindNext
cmc_query_configuration
MAPILogon
MAPIInitialize
BMAPIGetReadMail
MAPISendMail
MAPIAdminProfiles
MAPILogoff
GetTnefStreamCodepage
MAPIResolveName
BMAPIDetails
cmc_list
cmc_read
MAPISendDocuments
MAPIAllocateBuffer
MAPIOpenLocalFormContainer

user32

SetCursor
GetCursorPos
GetParent
GetSysColor
LockSetForegroundWindow
UnhookWindowsHookEx
IsWindow
GetWindowTextW
SetParent
ClientToScreen
KillTimer
LoadStringW
GetSystemMetrics
ScreenToClient
ShowWindow
UnregisterClassW
GetDlgItem
DestroyWindow
FlashWindow
GetWindow
GetAsyncKeyState
LoadMenuW
SetWindowLongW
SendMessageW
GetMenuItemID
GetMonitorInfoW
GetKeyState

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

gdi32

CreateBitmap
SelectObject
GetObjectW
CreateCompatibleBitmap

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_GetIcon
ImageList_AddMasked

msorcl32

DllMain
SQLBrowseConnect
SQLForeignKeys
SQLDescribeCol
SQLColAttributes
SQLCancel
SQLSpecialColumns
SQLConnect
SQLDisconnect
SQLSetConnectOption
SQLParamData
SQLRowCount
SQLSetScrollOptions
SQLGetData
SQLSetPos
SQLFreeEnv
SQLSetCursorName
SQLFreeStmt
SQLProcedures

ntdll

NtSetQuotaInformationFile
wcscspn
iswctype

advapi32

RegConnectRegistryW
OpenProcessToken
CloseEncryptedFileRaw
AddAccessAllowedAce
GetUserNameW
GetSecurityDescriptorDacl
LookupPrivilegeValueW
ReportEventW
DeleteAce
RegRestoreKeyW
SetFileSecurityW
InitializeSecurityDescriptor
GetTokenInformation
CheckTokenMembership
RegUnLoadKeyW
RegCreateKeyExW
RegReplaceKeyW
RegEnumKeyExW
RegCloseKey
OpenSCManagerW
RegFlushKey

comdlg32

GetSaveFileNameW

Sections

.text
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1da76e2f7df4f4adcd4481d92c8c212

Headers

DLL Characteristics

File Characteristics

Imports

msacm32

netapi32

setupapi

ole32

shell32

kernel32

mapi32

user32

mpr

gdi32

comctl32

msorcl32

ntdll

advapi32

comdlg32

Sections

.text Size: 254KB - Virtual size: 254KB

.data Size: 46KB - Virtual size: 46KB

.rsrc Size: 96KB - Virtual size: 720KB

.text
Size: 254KB - Virtual size: 254KB

.data
Size: 46KB - Virtual size: 46KB

.rsrc
Size: 96KB - Virtual size: 720KB