341a2a86178449e9d04a32979eaf31d9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

341a2a86178449e9d04a32979eaf31d9_JaffaCakes118
Size

361KB
MD5

341a2a86178449e9d04a32979eaf31d9
SHA1

9e34cf5b16393fc6613504ece8b9d7be621abd68
SHA256

64c489589081d60eceb9e79bc9360b5e71d510b2e14e42a67d7ec882d44d95dc
SHA512

34accafb8b8d72238924d436e58170c6d165c1624052581c8d311fe9a8b5f931c7b2ce624e3472d500e75181746f1de08d7b44c6ec5f9879eac6638f773376d1
SSDEEP

6144:oEBvv4am3bGQ4SJxZeP/2o02G9iB6KYg02oua8+vyUGj/YdCxWvk45kRBZh7DV/8:oGmCQ40zeP/b02G0YgE+7UGjwdCUcyka

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
341a2a86178449e9d04a32979eaf31d9_JaffaCakes118

Files

341a2a86178449e9d04a32979eaf31d9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6d9f933f137e7be58e2ed6446e551b2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapi32

FreeProws@4
MAPILogon
WrapStoreEntryID@24
FtAddFt@16
CloseIMsgSession@4
MAPIUninitialize@0
MNLS_CompareStringW@24
FBadRow@4
FBinFromHex@8
MNLS_IsBadStringPtrW@8
__ValidateParameters@8
OpenTnefStream
FBadRowSet@4
HrAllocAdviseSink@12
HrAddColumns@16
ScCountProps@12
FPropContainsProp@12
FtMulDwDw@8
FtDivFtBogus@20
cmc_send_documents
BuildDisplayTable@40
HrDecomposeEID@28
MAPILogonEx@20
BMAPIGetAddress
cmc_free
HrSetOmiProvidersFlagsInvalid
FtMulDw@12
cmc_query_configuration
HrSetOneProp@8
WrapCompressedRTFStream@12
FBadEntryList@4
SzFindCh@8
HrGetOmiProvidersFlags@8
UlFromSzHex@4
UNKOBJ_FreeRows@8

kernel32

GetSystemInfo
_lcreat
ReleaseActCtx
LZCloseFile
GetEnvironmentVariableW
DeleteVolumeMountPointA
GetDriveTypeA
IsValidLocale
GetConsoleHardwareState
CommConfigDialogW
GetSystemTimeAdjustment
_lread
LoadLibraryA
VirtualAlloc
RestoreLastError
GlobalFindAtomW
lstrcmpiA
Heap32ListNext
HeapCreate
FormatMessageA
ReadDirectoryChangesW
LocalFree
NlsGetCacheUpdateCount
WriteConsoleOutputAttribute
PulseEvent
InitializeCriticalSection
ExpandEnvironmentStringsW
WriteProfileSectionW
SetConsoleCursorInfo
GetBinaryType
RegisterWaitForSingleObjectEx
GlobalFindAtomA
GlobalUnlock
GetModuleHandleExA
BeginUpdateResourceW
GetModuleFileNameW
GetDateFormatA
DebugSetProcessKillOnExit
SetClientTimeZoneInformation
FindResourceW

msi

MsiSetFeatureAttributesW
MsiGetComponentStateW
MsiDatabaseGenerateTransformA
MsiNotifySidChangeW
MsiOpenPackageExW
MsiLocateComponentW
MsiRecordSetStringA
MsiRecordGetStringA
MsiProcessAdvertiseScriptA
MsiRecordGetStringW
MsiDatabaseApplyTransformW
MsiUseFeatureW
MsiQueryFeatureStateW
MsiEnumRelatedProductsA
MsiSetFeatureAttributesA
MsiGetProductInfoFromScriptA
MsiGetProductCodeFromPackageCodeA
MsiEnumProductsA
MsiSourceListAddSourceW
MsiConfigureProductW
MsiDatabaseApplyTransformA
MsiEnumComponentCostsW
MsiIsProductElevatedW
MsiEnumClientsW
MsiQueryFeatureStateFromDescriptorA
MsiGetDatabaseState
MsiOpenProductA
MsiSourceListForceResolutionA
MsiGetFileHashW
MsiEnumRelatedProductsW
MsiPreviewDialogA
MsiSourceListForceResolutionW
MsiSourceListAddSourceA
MsiGetFileVersionW

msdtcprx

DllGetClassObject
ShutDownCM
DTC_XaCommit
DTC_XaForget
?GetDtcLogPath@@YGHKPAG@Z
?Create@CNameService@@SGJPAPAV1@@Z
DTC_XaPrepare
DllGetDTCUtilObject
DllGetDTCConnectionManager
DTC_XaOpen
ContactToNameObject
DTC_XaStart
DTC_XaClose
DTC_XaRecover
DTC_XaComplete
DllGetDTCProxy
DTC_XaEnd
?RemoveDtc@@YGJPAG00@Z
?InstallDtcClient@@YGJPAGKK@Z
DllGetTransactionManagerCore
DTC_XaRollback
?CreateInstance@CTmProxyCore@@SGJPAPAV1@PAUIUnknown@@@Z

msvcirt

?rdbuf@ios@@QBEPAVstreambuf@@XZ
??_Giostream@@UAEPAXI@Z
?sh_none@filebuf@@2HB
??4stdiostream@@QAEAAV0@AAV0@@Z
?egptr@streambuf@@IBEPADXZ
?tellg@istream@@QAEJXZ
??4Iostream_init@@QAEAAV0@ABV0@@Z
?bitalloc@ios@@SAJXZ
??_7ostream@@6B@
??_8iostream@@7Bistream@@@
??4ostream_withassign@@QAEAAV0@ABV0@@Z
?str@strstreambuf@@QAEPADXZ
??4ofstream@@QAEAAV0@ABV0@@Z
??1exception@@UAE@XZ
??0ofstream@@QAE@XZ
?get@istream@@QAEAAV1@PAEHD@Z
?flags@ios@@QBEJXZ
?eof@ios@@QBEHXZ
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
??6ostream@@QAEAAV0@PBE@Z
??5istream@@QAEAAV0@PAC@Z
?get@istream@@QAEAAV1@AAD@Z
??_Dostrstream@@QAEXXZ
??0stdiostream@@QAE@ABV0@@Z
?pcount@ostrstream@@QBEHXZ
??0ostream_withassign@@QAE@XZ
?endl@@YAAAVostream@@AAV1@@Z
??1ios@@UAE@XZ
??_7filebuf@@6B@
??_Eostream_withassign@@UAEPAXI@Z
??4streambuf@@QAEAAV0@ABV0@@Z
??_7istrstream@@6B@

user32

DdeQueryConvInfo
GetThreadDesktop
GetUserObjectInformationA
DrawTextW
ShowStartGlass
SwitchDesktop
LoadAcceleratorsW
RealChildWindowFromPoint
RegisterClassExW
CharUpperA
SetCursor
DdeCreateStringHandleW
DdeConnectList
WindowFromDC
GetWindowDC
CallMsgFilterW
GetWindow
EmptyClipboard
GetMonitorInfoW
ChangeClipboardChain
WCSToMBEx
GetNextDlgGroupItem
IMPQueryIMEW
ClipCursor
OpenInputDesktop
IsIconic
GetProgmanWindow
GetMessagePos
SetWindowsHookW
DestroyCaret
BroadcastSystemMessageW
DeferWindowPos
GetWindowTextLengthA
ReleaseCapture
DrawCaptionTempA
SetScrollRange
IMPGetIMEW
SetClipboardViewer
RegisterLogonProcess
EnumWindows
LoadMenuIndirectW
DdeFreeStringHandle
SetWindowWord
InsertMenuItemW
GetLayeredWindowAttributes

Sections

.text
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 319KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 206KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d9f933f137e7be58e2ed6446e551b2c

Headers

DLL Characteristics

File Characteristics

Imports

mapi32

kernel32

msi

msdtcprx

msvcirt

user32

Sections

.text Size: 334KB - Virtual size: 334KB

.rdata Size: 319KB - Virtual size: 319KB

.data Size: 206KB - Virtual size: 1.6MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 334KB - Virtual size: 334KB

.rdata
Size: 319KB - Virtual size: 319KB

.data
Size: 206KB - Virtual size: 1.6MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB