45ac8d242ecae4f3b99129d907243a50_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

45ac8d242ecae4f3b99129d907243a50_JaffaCakes118
Size

119KB
MD5

45ac8d242ecae4f3b99129d907243a50
SHA1

542684927d40b05c4122aaa2672c3bc90d17c9a9
SHA256

f8a5d33e89b86bcebdfe5afd50079afbe3a6124e39646bac8ca1acce0fb5a449
SHA512

0a2d66733bff4be0f3fe0effc95230bc1839d7a593d2262503720d5061bbe3480e1a014f24640cb37afdef747eed4d471c36581b2bd561514f66ca015a68bd11
SSDEEP

3072:blWN9BQBImKeaKEGC2VasEkuwhPodgP49YF6Qei:/CmK7GC2VHEH6YgWa6Qe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45ac8d242ecae4f3b99129d907243a50_JaffaCakes118

Files

45ac8d242ecae4f3b99129d907243a50_JaffaCakes118
.dll windows:5 windows x86 arch:x86

30c09501e3984f576b15b41a8c4eb484

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ismsmtp.pdb

Imports

msvcrt

wcslen
calloc
wcscmp
_except_handler3
__doserrno
_beginthreadex
wcscat
_wcsicmp
_wcsnicmp
wcscpy
free
wcsncpy
wcschr
swprintf
wcsstr
sprintf
swscanf
_initterm
_adjust_fdiv
realloc
malloc
strtoul

atl

ord30

ntdll

RtlEnumerateGenericTable
RtlInitializeGenericTable
RtlLookupElementGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable

ismserv.exe

DoLogUnhandledError
DsGetEventConfig
DoLogEventAndTrace
DoLogOverride

w32topl

ToplPScheduleValid
ToplScheduleMerge
ToplIsToplException
ToplScheduleDuration
ToplScheduleImport
ToplScheduleExportReadonly
ToplScheduleCacheDestroy
ToplScheduleCacheCreate

wldap32

ord147
ord118
ord12
ord13
ord41
ord79
ord142
ord18
ord208
ord223
ord14
ord139
ord191
ord27
ord133
ord36
ord135
ord16
ord206
ord224
ord26
ord77
ord157
ord10
ord21
ord40
ord194
ord73
ord145
ord140

kernel32

GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetThreadPriority
GetCurrentThread
GetExitCodeThread
lstrcpyA
LoadLibraryA
GetProcAddress
FreeLibrary
WaitForMultipleObjects
GetFileAttributesW
CreateDirectoryW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
CreateEventA
SetEvent
WaitForSingleObject
GetLastError
Sleep
EnterCriticalSection
DeleteCriticalSection
CloseHandle
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection

advapi32

RegQueryValueExW
RegOpenKeyA
RegNotifyChangeKeyValue
RegQueryValueExA
RegCloseKey

rpcrt4

RpcStringFreeW
UuidToStringA
RpcStringFreeA
UuidCreate
UuidToStringW
UuidFromStringW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
StringFromGUID2

oleaut32

SysAllocStringLen
VariantInit
SysFreeString
SafeArrayAllocDescriptor
SafeArrayDestroyDescriptor
SysAllocString
VariantClear

activeds

ord4
ord3
ord6
ord7

ntdsapi

DsGetRdnW
DsUnquoteRdnValueW

Exports

Exports

IsmFreeConnectionSchedule
IsmFreeConnectivity
IsmFreeMsg
IsmFreeSiteCostInfo
IsmFreeTransportServers
IsmGetConnectionSchedule
IsmGetConnectivity
IsmGetTransportServers
IsmQuerySitesByCost
IsmReceive
IsmRefresh
IsmSend
IsmShutdown
IsmStartup

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30c09501e3984f576b15b41a8c4eb484

Headers

File Characteristics

PDB Paths

Imports

msvcrt

atl

ntdll

ismserv.exe

w32topl

wldap32

kernel32

advapi32

rpcrt4

ole32

oleaut32

activeds

ntdsapi

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 52KB

.data Size: 60KB - Virtual size: 60KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 53KB - Virtual size: 52KB

.data
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB