3af8f3a0c1b865e07a71fdc9c9791654_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3af8f3a0c1b865e07a71fdc9c9791654_JaffaCakes118
Size

44KB
MD5

3af8f3a0c1b865e07a71fdc9c9791654
SHA1

20bbee70ed74d126cbc269ccc76d0d2df5510b39
SHA256

87a7fcdd1ce81cd170e745b37a47190535617a9c9733c15ece61e0818ed77d67
SHA512

8d4ea046fe9879727f71501b4985393470344d9699fc20bec02eefaedbfedf5ab0c0afbb9a2250cf6b940619a1c78e962510ea8953a5369e43bdcbec9dbbe730
SSDEEP

768:SDKkU3SWRHk3qiTY+zbP8x5aNqrale9TI+kfsJjWE6dnd0Jmk:Ss3HRH8fTYQQ7vf8+/0dKmk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3af8f3a0c1b865e07a71fdc9c9791654_JaffaCakes118

Files

3af8f3a0c1b865e07a71fdc9c9791654_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bca2c90f7eb1a4e1a45ad462a3b0a962

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtAlertResumeThread
ZwOpenProcessToken
RtlQueryInformationActiveActivationContext
ZwCreatePagingFile
NtTraceEvent
ZwWriteRequestData
RtlxUnicodeStringToOemSize
ZwSetSystemEnvironmentValue
RtlAllocateAndInitializeSid
RtlInitNlsTables
wcsncpy
ZwQueryMultipleValueKey
ZwStartProfile
strlen
RtlAcquirePebLock
_wcslwr
NtOpenThreadTokenEx
RtlFindClearBits
NtRequestPort
ZwSetContextThread
CsrIdentifyAlertableThread
_CIsin
RtlCreateActivationContext
RtlActivateActivationContextUnsafeFast
NtSetSystemTime
RtlGetDaclSecurityDescriptor
RtlSetAttributesSecurityDescriptor
ZwInitializeRegistry
memmove
NtSaveKey
NtQueryQuotaInformationFile
RtlTraceDatabaseLock
RtlUnicodeStringToAnsiSize
RtlRaiseStatus
RtlAddRefActivationContext
RtlGetLengthWithoutTrailingPathSeperators
RtlClearAllBits
isalpha
NtQueryInformationToken
RtlDestroyHeap
RtlDeleteTimerQueueEx
ZwQueryInformationProcess
NtClose
LdrVerifyImageMatchesChecksum
ZwCreateToken
_ui64toa
RtlDestroyHandleTable
RtlDeregisterWait
NtQueryDirectoryObject
NtSuspendThread
LdrInitShimEngineDynamic
RtlSubAuthoritySid
RtlCompactHeap
RtlTimeToElapsedTimeFields
RtlUnicodeStringToOemString
NtFreeUserPhysicalPages
NtQuerySystemEnvironmentValue
ZwStopProfile
RtlAddAccessDeniedObjectAce
RtlUpcaseUnicodeStringToAnsiString
RtlDeleteResource
RtlUpcaseUnicodeStringToCountedOemString
NtTerminateJobObject
ZwReplyPort
RtlFindClearRuns
RtlAddAccessAllowedAce
RtlAddAuditAccessObjectAce
RtlQueryProcessDebugInformation
RtlOemStringToUnicodeSize

msdart

?GetDefaultSpinAdjustmentFactor@CCritSec@@SGNXZ
?GetSpinCount@CReaderWriterLock@@QBEGXZ
MpHeapDestroy
?_FindRecord@CLKRLinearHashTable@@ABE?AW4LK_RETCODE@@PBXK@Z
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
?FindKey@CLKRHashTable@@QBE?AW4LK_RETCODE@@KPAPBX@Z
?MpHeapCompact@@YAKPAX@Z
?_TryReadLockRecursive@CReaderWriterLock3@@AAE_NXZ
??4CSmallSpinLock@@QAEAAV0@ABV0@@Z
?ReadOrWriteUnlock@CCritSec@@QAEX_N@Z
?WriteLock@CSmallSpinLock@@QAEXXZ
?ReadOrWriteLock@CSpinLock@@QAE_NXZ
?ReadLock@CLKRHashTable@@QBEXXZ
?InsertTail@CDoubleList@@QAEXQAVCListEntry@@@Z
?_RemoveThisFromGlobalList@CLKRHashTable@@AAEXXZ
_DllMain@12
??4CReaderWriterLock@@QAEAAV0@ABV0@@Z
?_CalcKeyHash@CLKRHashTable@@ABEKK@Z
?TryReadLock@CReaderWriterLock2@@QAE_NXZ
?IsReadUnlocked@CSpinLock@@QBE_NXZ
?_H1@CLKRLinearHashTable@@CGKKK@Z
?_ExtractKey@CLKRHashTable@@ABE?BKPBX@Z
?ConvertSharedToExclusive@CCritSec@@QAEXXZ
MpHeapCreate
?_DeleteKey@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@KK@Z
??0CReaderWriterLock@@QAE@XZ
?IsReadLocked@CSpinLock@@QBE_NXZ
?InsertHead@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?IsWriteUnlocked@CReaderWriterLock2@@QBE_NXZ
?sm_wDefaultSpinCount@CSpinLock@@1GA
?TryWriteLock@CReaderWriterLock@@QAE_NXZ
?HeadNode@CLockedDoubleList@@QBEQBVCListEntry@@XZ
?GetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGNXZ
?_RemoveThisFromGlobalList@CLKRLinearHashTable@@AAEXXZ
?_LockSpin@CSpinLock@@AAEXXZ
?IsWriteUnlocked@CFakeLock@@QBE_NXZ
?ValidSignature@CLKRHashTable@@QBE_NXZ
?SetSpinCount@CSpinLock@@QAE_NG@Z

kernel32

GetTimeFormatW
SetUserGeoID
GetTempFileNameA
GetFileAttributesW
SetConsolePalette
RemoveDirectoryA
FindNextVolumeMountPointW
GetCPInfo
GlobalSize
SetThreadUILanguage
IsDebuggerPresent
GetConsoleAliasW
GetBinaryType
ExitProcess
VirtualAlloc
IsBadStringPtrA
DeleteFileA
EnumResourceLanguagesA
GetConsoleCharType
RegisterWaitForSingleObject
FindCloseChangeNotification
OpenWaitableTimerA
LZOpenFileA
lstrcmp
SetConsoleWindowInfo
GetConsoleHardwareState
GetLocaleInfoW
GetCalendarInfoA
GetOEMCP
GlobalAlloc
FileTimeToDosDateTime
GlobalLock
GetConsoleAliasA
LoadLibraryA
GetNumaProcessorNode
OpenConsoleW
WriteConsoleOutputAttribute
EnumTimeFormatsA
GlobalMemoryStatusEx
MapViewOfFile
CreateFiberEx
LocalAlloc
GetProfileIntW
IsBadCodePtr
ReadConsoleA
GetUserGeoID
SetSystemTimeAdjustment
CreateMutexA
UnregisterWait
VDMOperationStarted
GetNumberOfConsoleFonts
SetComputerNameExA

mapi32

HrSetOmiProvidersFlagsInvalid
ScCopyNotifications@16
MAPIResolveName
cmc_send
GetTnefStreamCodepage
UNKOBJ_ScAllocateMore@16
MAPIInitIdle@4
MAPIAddress
FtgRegisterIdleRoutine@20
MAPILogon
MAPIOpenLocalFormContainer
HrAddColumns@16
UNKOBJ_FreeRows@8
ScCountProps@12
SzFindSz@8
MAPIAdminProfiles
MAPIFreeBuffer
UlFromSzHex@4
BMAPISaveMail
MAPIFreeBuffer@4
DeregisterIdleRoutine@4
IsBadBoundedStringPtr@8
cmc_act_on
GetOutlookVersion@0
GetOutlookVersion
FDecodeID@12
FtDivFtBogus@20
FBadEntryList@4
MAPILogoff
BMAPIReadMail
MAPIDeinitIdle@0
MAPIOpenLocalFormContainer@4

dmime

DllGetClassObject

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bca2c90f7eb1a4e1a45ad462a3b0a962

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msdart

kernel32

mapi32

dmime

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 7KB - Virtual size: 25KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 7KB - Virtual size: 25KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B