89cf434a801c3b724ff289d9c7dbe342_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

89cf434a801c3b724ff289d9c7dbe342_JaffaCakes118
Size

867KB
MD5

89cf434a801c3b724ff289d9c7dbe342
SHA1

65fd23c020ddd926ff8a6542271e878e8b60f6ac
SHA256

816230c93f9bf671d73e4c4a4a95ec515ec6886d20539ef6fc47fdd41cc27783
SHA512

b2da0359cac2f4bfeb4f339d0d2fa12f32ab43607a88d65ca60a51c98e86b81a6b03b2961646c397cb7f9fc8deb89aea8628413943587b2b0745a1db15afad21
SSDEEP

24576:ryjSw0kgdqP3smWGZgYlGBI1i7I0n1aY6KDq:mmw0k9conOI1ik0n1+KD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89cf434a801c3b724ff289d9c7dbe342_JaffaCakes118

Files

89cf434a801c3b724ff289d9c7dbe342_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f1fd8d616fca204ac8db99bd5a986da9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapi32

cmc_list
BMAPIAddress
CreateIProp@24
FBadProp@4
FBadRowSet@4
HrDispatchNotifications@4
MAPILogonEx
FtAddFt@16
cmc_free
HrAllocAdviseSink@12
OpenTnefStream@28
UNKOBJ_ScAllocateMore@16
MAPIInitialize@4
MAPIInitialize
MAPIAllocateBuffer@8
FreeProws@4
FGetComponentPath@20
MAPIAllocateMore@12
cmc_send
SzFindLastCh@8
GetOutlookVersion@0
UNKOBJ_ScAllocate@12
FtAdcFt@20
DeinitMapiUtil@0
MNLS_IsBadStringPtrW@8
MAPIAllocateBuffer
SzFindSz@8
CchOfEncoding@4
FBadRow@4
MAPIInitIdle@4
EncodeID@12
FPropContainsProp@12
UNKOBJ_ScCOReallocate@12
ChangeIdleRoutine@28
ScCreateConversationIndex@16
FtNegFt@8
WrapCompressedRTFStream@12
OpenStreamOnFile@24

msdart

?TryWriteLock@CSmallSpinLock@@QAE_NXZ
?ConvertExclusiveToShared@CReaderWriterLock3@@QAEXXZ
?Last@CDoubleList@@QBEQAVCListEntry@@XZ
?RemoveTail@CDoubleList@@QAEQAVCListEntry@@XZ
?GetDefaultSpinCount@CSmallSpinLock@@SGGXZ
?GetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGNXZ
?WriteUnlock@CSpinLock@@QAEXXZ
?IsWriteUnlocked@CSmallSpinLock@@QBE_NXZ
?_Contract@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?ReadOrWriteUnlock@CFakeLock@@QAEX_N@Z
?_ReadLockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
?_FindRecord@CLKRLinearHashTable@@ABE?AW4LK_RETCODE@@PBXK@Z
?GetSpinCount@CSmallSpinLock@@QBEGXZ
?SetSpinCount@CFakeLock@@QAE_NG@Z
?RemoveEntry@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?ReadLock@CSmallSpinLock@@QAEXXZ
?TryReadLock@CReaderWriterLock2@@QAE_NXZ
?ConvertSharedToExclusive@CCritSec@@QAEXXZ
?ReadUnlock@CSmallSpinLock@@QAEXXZ
?WriteLock@CReaderWriterLock@@QAEXXZ
?_BucketAddress@CLKRLinearHashTable@@ABEKK@Z
IrtlTrace
?IsEmpty@CLockedSingleList@@QBE_NXZ
?ValidSignature@CLKRLinearHashTable@@QBE_NXZ
mpCalloc
?CreateHolder@@YGJPAUIGPDispenser@@HIPAPAUIGPHolder@@@Z
?_WriteLockSpin@CReaderWriterLock2@@AAEXXZ
?HeadNode@CDoubleList@@QBEQBVCListEntry@@XZ
?_TryWriteLock@CReaderWriterLock3@@AAE_NJ@Z
MPCSUninitialize
?ConvertSharedToExclusive@CSpinLock@@QAEXXZ

query

??0CMemSerStream@@QAE@PAEK@Z
?GetGlobalStaticPropertyList@@YGPAVCStaticPropertyList@@XZ
??1CSizeSerStream@@UAE@XZ
?Skip@CEnumWorkid@@UAGJK@Z
LocateCatalogsA
?DoUpdates@CFilterDaemon@@QAEJXZ
CIState
?Size@CDbQueryResults@@QAEKXZ
?Open@CMmStream@@QAEXPBGKKKKH@Z
??1CProcess@@QAE@XZ
?AddRef@CDbProperties@@UAGKXZ
?GetBrowserCodepage@@YGKAAVCWebServer@@K@Z
?Marshall@CVectorRestriction@@QBEXAAVPSerStream@@@Z
?IsValid@CNodeRestriction@@QBEHXZ
??0CDbColId@@QAE@ABUtagDBID@@@Z
?Impersonate@CImpersonateClient@@AAEXXZ
FsCiShutdown
?AddArg@CFwEventItem@@QAEXK@Z
?LokUpdate@CCatStateInfo@@QAEHXZ
??0CDFA@@QAE@PBGAAVCTimeLimit@@E@Z
??0CDbSortSet@@QAE@I@Z
??8CDbColId@@QBEHABV0@@Z
?RemoveChild@CNodeRestriction@@QAEPAVCRestriction@@I@Z
?IsValid@CRestriction@@QBEHXZ
?ReadPrimaryProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z
?IsValid@CAllocStorageVariant@@QBEHXZ
??1CNotRestriction@@QAE@XZ
?InitializeForWrite@CDynStream@@QAEXK@Z
??4CDbColId@@QAEAAV0@ABV0@@Z
?NewStemmer@CCiOle@@SGPAUIStemmer@@ABU_GUID@@@Z
??0CAllocStorageVariant@@QAE@W4VARENUM@@KAAVPMemoryAllocator@@@Z
?SetEndKey@CRangeRestriction@@QAEXABVCKeyBuf@@@Z
?QueryInterface@CEnumWorkid@@UAGJABU_GUID@@PAPAX@Z
LoadIFilter
?AppendListElement@CDbListAnchor@@IAEHPAVCDbCmdTreeNode@@@Z
?SetExclude@CScopeAdmin@@QAEXH@Z

msvcp60

??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??0?$complex@M@std@@QAE@ABM0@Z
??_8?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@7B@
?round_error@?$numeric_limits@C@std@@SACXZ
?round_error@?$numeric_limits@M@std@@SAMXZ
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PAG0IG@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z
??4?$numeric_limits@K@std@@QAEAAV01@ABV01@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
??1?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
?_Init@?$messages@G@std@@IAEXABV_Locinfo@2@@Z
?wcerr@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
??Kstd@@YA?AV?$complex@N@0@ABV10@0@Z
??_Fctype_base@std@@QAEXXZ
?_Init@?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
?write@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@PBGH@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0ID@Z
??Mstd@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?pbackfail@?$basic_filebuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?do_tolower@?$ctype@G@std@@MBEPBGPAGPBG@Z
?id@?$numpunct@G@std@@2V0locale@2@A
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
_LPoly
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
?overflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGG@Z
?max@?$numeric_limits@I@std@@SAIXZ
_Wcrtomb
??Ystd@@YAAAV?$complex@N@0@AAV10@ABV10@@Z
?uncaught_exception@std@@YA_NXZ

kernel32

FindNextVolumeMountPointA
TransmitCommChar
WritePrivateProfileStringW
DebugBreakProcess
CopyFileExW
VirtualAlloc
EnterCriticalSection
FindVolumeClose
EndUpdateResourceA
GetProcAddress
ReadConsoleOutputCharacterA
SetSystemTimeAdjustment
GetSystemDefaultLCID
SetFileAttributesW
MoveFileWithProgressW
InterlockedIncrement
AddLocalAlternateComputerNameA
GetStdHandle
SetProcessShutdownParameters
GlobalFix
RemoveVectoredExceptionHandler
IsValidLocale
LeaveCriticalSection
lstrcpyW
GetUserDefaultLCID
SetConsoleTitleA
GetProcessVersion
LZOpenFileA
GetConsoleCommandHistoryLengthW
ResumeThread
CreateWaitableTimerA
MultiByteToWideChar
lstrcmpiW
_lread
IsDebuggerPresent
IsValidCodePage
VirtualQueryEx
AddConsoleAliasW
LoadLibraryA
LocalSize
SetConsoleFont
FatalAppExitW

lz32

LZOpenFileA
LZOpenFileW
LZSeek
LZClose
LZStart
LZRead
LZCloseFile
GetExpandedNameA
LZDone
LZCopy
CopyLZFile
LZInit
LZCreateFileW

Sections

.text
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 403KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1fd8d616fca204ac8db99bd5a986da9

Headers

DLL Characteristics

File Characteristics

Imports

mapi32

msdart

query

msvcp60

kernel32

lz32

Sections

.text Size: 221KB - Virtual size: 221KB

.rdata Size: 239KB - Virtual size: 239KB

.data Size: 403KB - Virtual size: 1.8MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 221KB - Virtual size: 221KB

.rdata
Size: 239KB - Virtual size: 239KB

.data
Size: 403KB - Virtual size: 1.8MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB