JaffaCakes118_f8005c5f2a898706373c737bc71f1a8f

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_f8005c5f2a898706373c737bc71f1a8f
Size

253KB
MD5

f8005c5f2a898706373c737bc71f1a8f
SHA1

db7698b2ff8e0ae51b0cb307a0bc6ffa9e8a5115
SHA256

20cf6b98820d85f473b1ad706195867de939cd15c31ec402c0da36f18a3e9cff
SHA512

009097e7b2608a5279b008481ab162fa2410443678347f27b83289d692dc0121838572c9bf4858b3aaa02737cff22bdf42c9ccb3d6ad060153e1119fc7305ed6
SSDEEP

6144:BEgNxXrL1q9OqXzeTqZX0hxJJ++DqdyBRurN3svrPoc5By8W7:eQ9BqEqlEhxP++W4BRZ7oyhW7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_f8005c5f2a898706373c737bc71f1a8f

Files

JaffaCakes118_f8005c5f2a898706373c737bc71f1a8f
.exe windows:4 windows x86 arch:x86

5ba3c94481c8da5afce4bedd8a89e177

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyW
GetModuleHandleW
GetCurrentProcess
GetModuleFileNameW
GetExitCodeProcess
GetStartupInfoW
GetLastError
GetCurrentProcessId
LocalFree
LoadLibraryW
FreeLibrary
MultiByteToWideChar
CreateEventW
SetEvent
WaitForSingleObject
lstrlenW
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStartupInfoA
Sleep
lstrcpynW
GetVersionExW
lstrcmpA
GetProcAddress
LoadLibraryA

advapi32

RegConnectRegistryW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
CreateProcessAsUserW
SetTokenInformation
SetSecurityInfo
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetUserNameW
GetSecurityDescriptorDacl
GetSecurityInfo
DuplicateTokenEx
OpenProcessToken

mapistub

MAPIInitialize
MAPISaveMail
FGetComponentPath
MAPISendDocuments
ScMAPIXFromSMAPI
MAPILogon
MAPIDetails
cmc_list
OpenTnefStream
PRProviderInit
MAPIReadMail
cmc_look_up
cmc_send
BMAPISendMail
MAPIResolveName

mssip32

DllRegisterServer

Sections

CODE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 3KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 104KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 107KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ba3c94481c8da5afce4bedd8a89e177

Headers

File Characteristics

Imports

kernel32

advapi32

mapistub

mssip32

Sections

CODE Size: 3KB - Virtual size: 3KB

.edata Size: 2KB - Virtual size: 242KB

.text Size: 18KB - Virtual size: 20KB

.edata Size: 3KB - Virtual size: 305KB

.rdata Size: 2KB - Virtual size: 50KB

.edata Size: 104KB - Virtual size: 180KB

.data Size: 6KB - Virtual size: 259KB

.edata Size: 107KB - Virtual size: 201KB

.rsrc Size: 5KB - Virtual size: 4KB

CODE
Size: 3KB - Virtual size: 3KB

.edata
Size: 2KB - Virtual size: 242KB

.text
Size: 18KB - Virtual size: 20KB

.edata
Size: 3KB - Virtual size: 305KB

.rdata
Size: 2KB - Virtual size: 50KB

.edata
Size: 104KB - Virtual size: 180KB

.data
Size: 6KB - Virtual size: 259KB

.edata
Size: 107KB - Virtual size: 201KB

.rsrc
Size: 5KB - Virtual size: 4KB