0426c750b77e4b4838c639a11780fce2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0426c750b77e4b4838c639a11780fce2_JaffaCakes118
Size

868KB
MD5

0426c750b77e4b4838c639a11780fce2
SHA1

64d10236409201f201e2628dc7a230ca799113ac
SHA256

4af14bc1f5c7eca8d4dea85e64ed3ae437781e30478293325bd9d46fbddd3835
SHA512

ebb380f8b22280afb7a2730ee727bfcd90e1dbe3a2623f7ea6c9d78a7ff9454fa6f80364c27b57f2926c3e8b29c955761dbaa967566caac5f8c12f916b0402e2
SSDEEP

24576:rQLSiJRR1iD3ufIW8a74hV5LDEP2a35d8vFtO:ULSMz1izufn8aX354O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0426c750b77e4b4838c639a11780fce2_JaffaCakes118

Files

0426c750b77e4b4838c639a11780fce2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d01aad1c2b128c23099eb71b077b3755

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapi32

cmc_list
ScCreateConversationIndex@16
OpenIMsgSession@12
MAPIUninitialize@0
FtSubFt@16
MNLS_CompareStringW@24
BMAPIGetAddress
MNLS_lstrcmpW@8
BMAPIDetails
MAPIAllocateBuffer@8
FtgRegisterIdleRoutine@20
MAPIFreeBuffer@4
MAPIOpenLocalFormContainer@4
cmc_query_configuration
UNKOBJ_FreeRows@8
MAPIAllocateBuffer
ScCopyProps@16
HrSetOmiProvidersFlagsInvalid
MAPIOpenFormMgr
MAPIOpenFormMgr@8
BMAPIReadMail
SetAttribIMsgOnIStg@16
LPropCompareProp@8
HrGetOmiProvidersFlags@8
MAPIAdminProfiles@8

msvcrt40

??5istream@@QAEAAV0@AAO@Z
asin
_isctype
??_7exception@@6B@
_mbstok
_mbslen
??0strstream@@QAE@PADHH@Z
_getche
??4istream@@IAEAAV0@ABV0@@Z
?binary@filebuf@@2HB
??0ofstream@@QAE@ABV0@@Z
?x_curindex@ios@@0HA
_spawnvpe
??0__non_rtti_object@@QAE@ABV0@@Z
??_Gbad_typeid@@UAEPAXI@Z
_wcsupr
??6ostream@@QAEAAV0@G@Z
?read@istream@@QAEAAV1@PADH@Z
??_Eexception@@UAEPAXI@Z
getwchar
setlocale
_findfirst
?allocate@streambuf@@IAEHXZ
_mbsnset
?lockptr@ios@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?flush@ostream@@QAEAAV1@XZ
_beginthreadex
_CIsinh
?open@ofstream@@QAEXPBDHH@Z
??_Gios@@UAEPAXI@Z
_ftime
_strnicmp
_chsize
_dup
_adj_fptan
_strlwr
_ismbbalnum
_ismbstrail
??_8strstream@@7Bistream@@@
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
_sleep
_y0
?endl@@YAAAVostream@@AAV1@@Z
getc
??_Estreambuf@@UAEPAXI@Z
??0ostrstream@@QAE@PADHH@Z
_heapadd
_fstat
_global_unwind2
strxfrm
_heapchk
_mbsstr
??_Gistream@@UAEPAXI@Z
??1ofstream@@UAE@XZ
strncmp
tmpnam
_pipe
__p__winver
_inpw
__argc
_abnormal_termination
?setmode@fstream@@QAEHH@Z
?setlock@streambuf@@QAEXXZ
_endthreadex
??1strstream@@UAE@XZ
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
??0ostream_withassign@@QAE@XZ
wcsncpy
??1istream_withassign@@UAE@XZ
labs
?bad@ios@@QBEHXZ
??6ostream@@QAEAAV0@N@Z
?blen@streambuf@@IBEHXZ
isgraph
_wspawnlp
?underflow@stdiobuf@@UAEHXZ
??_Eistream@@UAEPAXI@Z
_wcsicoll
_wexeclp
?sbumpc@streambuf@@QAEHXZ
?width@ios@@QAEHH@Z
?get@istream@@QAEAAV1@PACHD@Z
?getint@istream@@AAEHPAD@Z
?ends@@YAAAVostream@@AAV1@@Z
_adj_fdiv_m16i
_wputenv
strcpy
_setsystime
__p__pgmptr
_CItan
_memicmp
??0iostream@@IAE@XZ
_CIfmod
__p__timezone
_mkdir
wcstol
??1bad_cast@@UAE@XZ
qsort
??_7iostream@@6B@
__p__fmode
_wexecve
malloc
_execlp
_fputchar
wcsftime
_chmod
?lockbuf@ios@@QAAXXZ
_wspawnve
sinh
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
_jn

kernel32

SetSystemPowerState
PurgeComm
VirtualFree
GetCurrencyFormatW
GetWriteWatch
UTRegister
GetWindowsDirectoryW
GetThreadContext
LZCreateFileW
RequestWakeupLatency
GetMailslotInfo
GetLastError
TransactNamedPipe
Heap32First
CreateConsoleScreenBuffer
Process32FirstW
GetDiskFreeSpaceExA
CreateFileA
GenerateConsoleCtrlEvent
GetSystemWindowsDirectoryA
IsBadCodePtr
GetConsoleAliasA
GetFileAttributesExW
GetPrivateProfileSectionW
ResetEvent
SetComputerNameExA
WriteConsoleOutputAttribute
WaitForSingleObjectEx
RegisterWowBaseHandlers
InterlockedExchange
RemoveVectoredExceptionHandler
GetConsoleTitleA
FindFirstFileA
FindResourceExW
SetConsoleInputExeNameW
PeekConsoleInputA
OutputDebugStringW
SetProcessPriorityBoost
WaitForMultipleObjectsEx
GlobalAddAtomA
IsSystemResumeAutomatic
IsDebuggerPresent
FatalAppExitA
IsBadHugeReadPtr
GetEnvironmentStringsW
GlobalUnlock
SetSystemTimeAdjustment
GetVersion
MoveFileWithProgressW
GetBinaryTypeA
VirtualAlloc
GetCurrentThread
GetUserDefaultLangID
GlobalFindAtomA
GlobalReAlloc
EnumTimeFormatsA
FlushViewOfFile
EnumDateFormatsW
FindCloseChangeNotification
SetFilePointer
GetDefaultCommConfigA
LZDone
LoadLibraryA
FileTimeToSystemTime
RegisterWaitForInputIdle
EscapeCommFunction
HeapCreate
SetTapeParameters
CreateFileW
QueryPerformanceCounter
FreeResource
SetComputerNameExW
Module32Next
GetCurrentConsoleFont

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d01aad1c2b128c23099eb71b077b3755

Headers

DLL Characteristics

File Characteristics

Imports

mapi32

msvcrt40

kernel32

Sections

.text Size: 183KB - Virtual size: 183KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 173KB - Virtual size: 2.1MB

.rsrc Size: 504KB - Virtual size: 504KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 183KB - Virtual size: 183KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 173KB - Virtual size: 2.1MB

.rsrc
Size: 504KB - Virtual size: 504KB

.reloc
Size: 1024B - Virtual size: 1024B