4c74930238b59e30f76e6a71435321d3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4c74930238b59e30f76e6a71435321d3_JaffaCakes118
Size

1.4MB
MD5

4c74930238b59e30f76e6a71435321d3
SHA1

c953db4c419dc9c54c348d94e3d8571030063c11
SHA256

95c0ca2bdda5a9df35976a4ddd5f041a0026f18b26a12f9f28cf5dbbf0e9fc15
SHA512

3139cc1e5e8f3f9e1bc581bac9416d31510564964eeac038c82c365ba76e70658812570d6431397a919e1aaff7de1323f1478fcb46fe517b9c9e6f0192334f4e
SSDEEP

24576:Fui913/S5G6KL0paE0mjx1yZPHpFfT2Y1L+A2ggyRm+sjeohSdD9E:FuM1q5G6z+3dpF2Y1L+A2ggyRmDj5hF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c74930238b59e30f76e6a71435321d3_JaffaCakes118

Files

4c74930238b59e30f76e6a71435321d3_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

48b0e1d5f25aad5c838def27a23ae379

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msoe.pdb

Imports

atl

ord11
ord15
ord31
ord30
ord26
ord27
ord32
ord16
ord21
ord10

msoert2

UlStripWhitespace
UlStripWhitespaceW
StreamSubStringMatch
_MSG
CreateLogFile
DeleteTempFileOnShutdownEx
CleanupFileNameInPlaceA
GenerateUniqueFileName
IDrawText
PszFromANSIStreamA
FIsHTMLFile
CreateStreamOnHFile
IsDigit
StrToUintA
FBuildTempPath
WriteStreamToFile
CrackNotificationPackage
CreateEnumFormatEtc
FIsEmptyW
HrStreamToByte
HrCreateTridentMenu
HrCheckTridentMenu
HrGetBodyElement
fGetBrowserUrlEncoding
UpdateRebarBandColors
CreateInfoWindow
LoadMappedToolbarBitmap
strtrimW
IUnknownList_CreateInstance
StrTokEx
CchFileTimeToDateTimeW
HrGetElementImpl
HrGetStreamSize
IsHttpUrlA
SetWindowLongPtrAthW
PszDupW
FMissingCert
FIsSpaceA
CleanupFileNameInPlaceW
PszDupLenA
MessageBoxInstW
PszToANSI
HrStreamSeekSet
FIsEmptyA
PszToUnicode
GetExePath
MessageBoxInst
CenterDialog
PszSkipWhiteA
HrSetDirtyFlagImpl
HrLPSZCPToBSTR
HrIStreamWToBSTR
CreateStreamOnHFileW
FIsHTMLFileW
HrCopyStream
HrRewindStream
CopyRegistry
WriteStreamToFileHandle
CreateTempFile
BrowseForFolder
CreateNotify
DoHotMailWizard
ReplaceChars
WriteStreamToFileW
CreateDataObject
CchFileTimeToDateTimeSz
PszEscapeMenuStringA
SetIntlFont
HrIsStreamUnicode
GetHtmlCharset
HrSafeGetStreamSize
HrGetCertKeyUsage
PVGetCertificateParam
SzGetCertificateEmailAddress
CryptAllocFunc
CryptFreeFunc
PszDupA
FIsValidFileNameCharW
OpenFileStream
FBuildTempPathW
PszAllocA
HrLPSZToBSTR
ReplaceCharsW

msoeacct

HrCreateAccountManager
ValidEmailAddress

inetcomm

HrAthGetFileNameW
MimeOleCreateSecurity
MimeOleAlgStrengthFromSMimeCap
MimeEditDocumentFromStream
MimeOleGetCertsFromThumbprints
MimeEditViewSource
MimeOleAlgNameFromSMimeCap
MimeOleClearDirtyTree
MimeOleSetBodyPropW
MimeOleParseRfc822AddressW
RichMimeEdit_CreateInstance
MimeOleGetPropertySchema
MimeOleParseRfc822Address
MimeOleSMimeCapGetHashAlg
MimeOleSetCompatMode
MimeOleGetAllocator
MimeOleCreateBody
MimeOleCreateHashTable
CreateIMAPTransport2
MimeOleUnEscapeStringInPlace
MimeOleDecodeHeader
MimeOleGetPropA
MimeOleCreatePropertySet
CreateRangeList
MimeOleCreateMessageParts
CreatePOP3Transport
MimeOleGenerateMID
CreateSMTPTransport
MimeOleStripHeaders
HrAthGetFileName
MimeOleSMimeCapInit
MimeOleSMimeCapAddSMimeCap
MimeOleSMimeCapAddCert
MimeOleSMimeCapGetEncAlg
MimeOleGetCodePageCharset
MimeOleSetDefaultCharset
MimeOleFindCharset
MimeOleGetCharsetInfo
MimeOleGetCodePageInfo
MimeOleGetBodyPropA
MimeOleCreateMessage
MimeOleCreateVirtualStream
MimeOleGetBodyPropW
MimeOleSetBodyPropA
HrGetAttachIconByFile
HrGetAttachIcon
HrFreeAttachData
HrAttachDataFromBodyPart
HrAttachDataFromFile
HrDoAttachmentVerb
MimeOleGetFileInfoW
CreateNNTPTransport
MimeOleInetDateToFileTime
MimeOleSMimeCapsFull

advapi32

RegCloseKey
CryptAcquireContextA
RegDeleteValueA
RegOpenKeyA
RevertToSelf
AllocateAndInitializeSid
FreeSid
ImpersonateLoggedOnUser
OpenThreadToken
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueA
RegDeleteKeyA
RegEnumKeyA
RegEnumValueA
CloseServiceHandle
EnumServicesStatusA
OpenSCManagerA
GetTokenInformation
OpenProcessToken
EqualSid

gdi32

CreateFontIndirectA
GetObjectA
GetDeviceCaps
CreateSolidBrush
SetBkColor
DeleteObject
GetTextMetricsA
SelectObject
RestoreDC
SetBkMode
SaveDC
DeleteDC
BitBlt
TextOutA
TextOutW
CreateCompatibleBitmap
CreateCompatibleDC
PatBlt
LineTo
MoveToEx
CreatePen
SetTextAlign
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
Polyline
CreateFontA
GetTextExtentPointA
SelectPalette
RealizePalette
GetPixel
StretchBlt
EnumFontFamiliesExA
Rectangle
Ellipse
SetWindowExtEx
SetWindowOrgEx
CreateMetaFileA
SetViewportOrgEx
SetMapMode
LPtoDP
Polygon
GetTextExtentPoint32A
ExtTextOutA
SetTextColor

kernel32

HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
InterlockedExchange
VirtualQuery
UnhandledExceptionFilter
GetOEMCP
GetCPInfo
SetFilePointer
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
VirtualProtect
FlushFileBuffers
GetProcessHeap
GetWindowsDirectoryA
HeapSize
CreateDirectoryA
GetShortPathNameW
GetShortPathNameA
GetSystemDefaultLangID
GetUserDefaultLangID
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
RtlUnwind
HeapReAlloc
GetEnvironmentStringsW
lstrcmpiA
lstrcpynA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
ExpandEnvironmentStringsA
GetSystemDirectoryA
lstrlenA
GetACP
SystemTimeToFileTime
GetSystemTime
lstrlenW
LoadLibraryExA
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceA
LeaveCriticalSection
lstrcmpA
EnterCriticalSection
FindClose
FindFirstFileA
GetCurrentThreadId
GetLocaleInfoA
GetModuleFileNameA
DeleteCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalSize
GlobalFree
GlobalAlloc
InterlockedIncrement
InterlockedDecrement
LocalFree
CompareFileTime
WideCharToMultiByte
LocalAlloc
GetSystemTimeAsFileTime
FormatMessageA
MultiByteToWideChar
MulDiv
GetLocaleInfoW
GetUserDefaultLCID
RtlMoveMemory
CloseHandle
CreateMutexA
SetErrorMode
Sleep
GetTickCount
ReleaseMutex
WaitForSingleObject
IsDBCSLeadByte
GlobalReAlloc
IsBadReadPtr
GetCurrentProcessId
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
OpenFile
DeleteFileA
GetTempFileNameA
GetTempPathA
FormatMessageW
GetProfileIntA
FlushInstructionCache
GetCurrentProcess
GetCurrentThread
GetModuleHandleA
IsBadWritePtr
FileTimeToSystemTime
FileTimeToLocalFileTime
IsBadStringPtrA
GetVersion
MoveFileA
GetDiskFreeSpaceA
FindNextFileA
GetDriveTypeA
ExitProcess
GetExitCodeProcess
CreateProcessA
SetThreadPriority
SetEvent
CreateThread
CreateEventA
IsDBCSLeadByteEx
SetLastError
GetFileAttributesA
GetEnvironmentVariableA
CreateFileA
GetSystemInfo
GetCommandLineA
HeapAlloc
HeapFree

ole32

OleSetClipboard
DoDragDrop
CoTaskMemRealloc
PropVariantCopy
CoDisconnectObject
PropVariantClear
CoUninitialize
CreateStreamOnHGlobal
StringFromGUID2
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemFree
OleSaveToStream
CoGetMalloc
CoTaskMemAlloc
OleInitialize
OleUninitialize
CreateOleAdviseHolder
OleRun
WriteClassStm
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
ReadClassStm
ReleaseStgMedium
CLSIDFromString
CoCreateInstance
CoInitialize

user32

WinHelpA
CheckRadioButton
DrawTextExA
SetMenuDefaultItem
IsDialogMessageA
GetAsyncKeyState
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawFocusRect
FindWindowExA
GetMessageA
PostThreadMessageA
GetMessagePos
GetCursorPos
CharLowerA
TranslateAcceleratorA
GetNextDlgTabItem
GetSubMenu
IsMenu
ModifyMenuA
UnionRect
PtInRect
GetClassInfoExA
RegisterClassExA
IntersectRect
EqualRect
SetWindowRgn
UnregisterClassA
IsIconic
UpdateWindow
RemoveMenu
GetWindowDC
RegisterClipboardFormatA
GetMenuStringA
CheckMenuRadioItem
SetParent
DrawEdge
ActivateKeyboardLayout
ClientToScreen
GetDlgCtrlID
GetKeyboardLayoutList
ReleaseCapture
SetCapture
AdjustWindowRectEx
CopyRect
LoadMenuA
GetCapture
GetWindowPlacement
SetWindowPlacement
WindowFromPoint
IsChild
GetKeyState
LoadAcceleratorsA
GetForegroundWindow
CheckMenuItem
DeleteMenu
PostQuitMessage
LoadImageA
DestroyIcon
EnumWindows
GetClassNameA
GetSysColorBrush
FillRect
InflateRect
GetDlgItemInt
SetDlgItemInt
GetDlgItemTextW
SendDlgItemMessageW
SetDlgItemTextW
MessageBeep
CreateDialogParamA
KillTimer
PeekMessageA
TranslateMessage
DispatchMessageA
SetTimer
SystemParametersInfoA
MoveWindow
RegisterWindowMessageA
SetForegroundWindow
GetDlgItemTextA
InsertMenuItemA
SendDlgItemMessageA
GetSystemMetrics
GetMenu
GetMenuItemInfoA
InsertMenuA
IsWindowUnicode
SetDlgItemTextA
CheckDlgButton
CreatePopupMenu
AppendMenuA
GetMenuItemCount
SetMenuItemInfoA
DestroyMenu
OffsetRect
SetPropA
IsDlgButtonChecked
LoadIconA
GetDC
DrawTextA
ReleaseDC
SetWindowTextA
DialogBoxParamA
SetActiveWindow
EnableWindow
EnumThreadWindows
IsWindowEnabled
GetActiveWindow
GetLastActivePopup
IsWindowVisible
GetWindowThreadProcessId
GetWindow
MapWindowPoints
TrackPopupMenuEx
PostMessageA
SetFocus
GetClassInfoA
RegisterClassA
CreateWindowExA
BeginPaint
EndPaint
DefWindowProcA
DestroyWindow
EnableMenuItem
GetWindowRect
ScreenToClient
SetRect
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetPropA
GetSysColor
CallWindowProcA
GetClientRect
SetWindowPos
InvalidateRect
ShowWindow
SetWindowLongA
RemovePropA
LoadCursorA
SetCursor
IsWindow
GetWindowLongA
GetParent
SendMessageA
CharNextA
GetFocus
MessageBoxA
EndDialog
CharPrevA
GetDesktopWindow
LoadStringA
DrawStateA
GetUpdateRect
IsZoomed
WaitForInputIdle
IsCharAlphaA
IsCharAlphaNumericA
GetMenuItemID
SendMessageW
GetMenuState
TrackPopupMenu
RedrawWindow
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
AdjustWindowRect
SetMenu
CharUpperA
EnumChildWindows
LoadStringW
LoadBitmapA
GetDoubleClickTime
ValidateRect
DrawIconEx
DrawFrameControl

shlwapi

SHRegGetValueW
ord158
StrChrA
PathRemoveBackslashW
StrStrIW
PathStripPathW
PathAddExtensionW
PathIsRootA
PathIsContentTypeW
SHCreateShellPalette
SHGetValueW
SHSetValueW
PathCombineW
ord125
ord80
ord306
ord52
ord75
ord98
ord335
ord403
ord112
ord49
ord100
ord96
ord81
ord437
ord318
ord116
ord57
ord69
ord303
ord302
ord136
ord176
ord99
ord77
ord310
ord311
ord55
ord131
ord147
ord56
ord60
ord79
ord146
ord37
ord143
ord299
ord59
ord130
ord128
ord95
ord74
ord138
ord215
ord36
ord376
ord61
ord65
ord341
ord313
ord340
ord107
ord432
SHQueryInfoKeyA
SHEnumKeyExA
StrToIntExA
StrStrW
StrNCatW
wvnsprintfA
PathCombineA
PathFindExtensionA
PathFindFileNameA
StrFormatByteSizeA
PathCanonicalizeA
PathRemoveBackslashA
PathIsDirectoryA
SHCopyKeyA
PathGetArgsA
PathRemoveArgsA
PathUnquoteSpacesA
StrDupW
PathFindExtensionW
StrRChrIW
StrCatBuffW
StrCmpNIW
SHAutoComplete
UrlApplySchemeW
StrStrIA
SHRegGetBoolUSValueA
PathRemoveExtensionW
PathCompactPathExW
PathAppendA
PathIsDirectoryW
PathFileExistsW
PathFindFileNameW
PathIsFileSpecW
StrDupA
PathIsURLW
PathRemoveFileSpecA
PathRemoveFileSpecW
UrlUnescapeA
SHDeleteValueA
SHSetValueA
StrCmpW
StrCSpnW
StrCSpnA
StrCmpIW
SHQueryValueExA
PathFileExistsA
StrToIntA
wnsprintfW
StrCmpNIA
UrlEscapeA
StrCpyNW
PathAddBackslashA
SHGetValueA
StrStrA
SHDeleteKeyA
StrCatBuffA
wnsprintfA

oleaut32

SysAllocString
OleCreatePropertyFrame
SetErrorInfo
LoadRegTypeLi
VariantChangeType
SafeArrayAccessData
SafeArrayUnaccessData
SysReAllocString
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SafeArrayGetElement
VariantClear
SysAllocStringLen
SysFreeString
VariantInit

Exports

Exports

BMAPIAddress
BMAPIDetails
BMAPIFindNext
BMAPIGetAddress
BMAPIGetReadMail
BMAPIReadMail
BMAPIResolveName
BMAPISaveMail
BMAPISendMail
CoStartOutlookExpress
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FIsDefaultMailConfiged
FIsDefaultNewsConfiged
ImportMailStoreToGUID
ImportNewsListToGUID
MAPIAddress
MAPIDeleteMail
MAPIDetails
MAPIFindNext
MAPIFreeBuffer
MAPILogoff
MAPILogon
MAPIReadMail
MAPIResolveName
MAPISaveMail
MAPISendDocuments
MAPISendMail
SetDefaultMailHandler
SetDefaultNewsHandler

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 155KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

48b0e1d5f25aad5c838def27a23ae379

Headers

File Characteristics

PDB Paths

Imports

atl

msoert2

msoeacct

inetcomm

advapi32

gdi32

kernel32

ole32

user32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 44KB - Virtual size: 63KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 57KB - Virtual size: 57KB

.text Size: 155KB - Virtual size: 156KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 44KB - Virtual size: 63KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 57KB - Virtual size: 57KB

.text
Size: 155KB - Virtual size: 156KB