bd32c75157bdc6fe2a6deda1cbb51d88_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd32c75157bdc6fe2a6deda1cbb51d88_JaffaCakes118
Size

871KB
MD5

bd32c75157bdc6fe2a6deda1cbb51d88
SHA1

7f9314c4882c05d3a8ff7405cb9c3d8600ae909b
SHA256

4b6b308e59340533285dd0eea69110f7e3a1e0018343513a9915fd246f78b959
SHA512

29dd5c44cd1f03d93a045373d00f8e965b02dc6e1fac53d630c2df07d21ddd396c842adda14abfe27da0ed91c7423a2768d206a9fcac6feaf1e6b4f8df97082b
SSDEEP

12288:a+VMGjZLRXmkBXtycJHKGkPPoIF6LAZLdQcV/Dx4SMxHXGW0cY3m0iJpHlt8BWNY:n1XndybPQra5e2VmXdOR414VDB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd32c75157bdc6fe2a6deda1cbb51d88_JaffaCakes118

Files

bd32c75157bdc6fe2a6deda1cbb51d88_JaffaCakes118
.exe windows:5 windows x86 arch:x86

aecc5fbf4332ecb033c357e31743f9c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapistub

UNKOBJ_Free@8
GetOutlookVersion@0
MAPIAllocateMore@12
UlAddRef@4
MNLS_lstrcpyW@8
FtAdcFt@20
__ValidateParameters@8
HrGetOmiProvidersFlags@8
ScBinFromHexBounded@12
ScUNCFromLocalPath@12
FBadRowSet@4
ScCountProps@12
cmc_query_configuration
BMAPISendMail
SzFindLastCh@8
ScGenerateMuid@4
HrDecomposeMsgID@24
HrGetOneProp@12
RTFSync@12
MAPILogonEx
MAPIAdminProfiles@8
MAPIAdminProfiles
HexFromBin@12
LAUNCHWIZARD
MAPILogon
RTFSync
MAPILogoff
cmc_free
GetOutlookVersion
cmc_send_documents
OpenStreamOnFile
MAPIAllocateBuffer
SwapPlong@8
cmc_send
OpenStreamOnFile@24
__CPPValidateParameters@8
FPropExists@8

imagehlp

SymLoadModule64
BindImageEx
ImageEnumerateCertificates
SymFindFileInPath
MapFileAndCheckSumA
SymSetOptions
SymGetLineFromAddr
SymGetLineNext64
EnumerateLoadedModules
SymGetSymNext64
MapAndLoad
SymGetSearchPath
SymSetContext
SymGetModuleBase64
SplitSymbols
SymFunctionTableAccess64
SymEnumerateSymbolsW
ImageGetDigestStream
SymRegisterFunctionEntryCallback64
SymUnDName
SymGetLineFromAddr64
EnumerateLoadedModules64
BindImage
ImageDirectoryEntryToData
SymGetLineFromName64
UnDecorateSymbolName
FindFileInPath
FindDebugInfoFileEx
ImageGetCertificateHeader
SymEnumTypes
SymGetTypeFromName
SymGetSymFromName
UnMapAndLoad
SymGetModuleInfo64
SymGetModuleInfoW
ImageNtHeader
SymFunctionTableAccess
SymMatchFileName
SymUnDName64
SymEnumerateSymbols

msvcrt40

??0iostream@@IAE@XZ
??5istream@@QAEAAV0@PAC@Z
?gbump@streambuf@@IAEXH@Z
fclose
?sputn@streambuf@@QAEHPBDH@Z
?eatwhite@istream@@QAEXXZ
__p__wcmdln
_wremove
_getche
_y0
_acmdln
_mbsncpy
_commode
__p___winitenv
__wargv
_mbsinc
??5istream@@QAEAAV0@AAC@Z
_mtunlock
?text@filebuf@@2HB
??0strstream@@QAE@ABV0@@Z
_wchmod
_getdrives
_timezone
_pgmptr
?sputc@streambuf@@QAEHH@Z
_makepath
?pcount@ostrstream@@QBEHXZ
_spawnvp
??1streambuf@@UAE@XZ
_wputenv
_wpgmptr
?lockbuf@ios@@QAAXXZ
_adj_fptan
_c_exit

msi

MsiApplyPatchA
MsiGetFeatureValidStatesA
MsiPreviewBillboardW
MsiConfigureProductExW
MsiVerifyPackageW
MsiEvaluateConditionW
MsiDatabaseImportA
MsiDatabaseGetPrimaryKeysW
MsiOpenPackageW
MsiGetActiveDatabase
MsiProvideQualifiedComponentExA
MsiRecordClearData
MsiSetFeatureStateA
MsiGetUserInfoA
MsiProcessAdvertiseScriptA
MsiDatabaseOpenViewA
MsiGetShortcutTargetA
MsiDatabaseImportW
MsiGetProductCodeW
MsiGetShortcutTargetW
MsiEnumFeaturesA
MsiDatabaseCommit
MsiOpenDatabaseA
MsiGetComponentPathA
MsiFormatRecordA
MsiGetLanguage
MsiSetInstallLevel
MsiDatabaseExportW
MsiGetFileVersionW
MsiSourceListClearAllA
MsiQueryFeatureStateFromDescriptorA
MsiViewModify
MsiDoActionA
MsiProvideQualifiedComponentW
MsiNotifySidChangeW
MsiSummaryInfoGetPropertyW

kernel32

GetEnvironmentStringsA
GetProcAddress
GlobalAlloc
GetShortPathNameW
VirtualAlloc
WideCharToMultiByte
FindFirstVolumeMountPointW
LocalShrink
GetCurrentThread
RemoveVectoredExceptionHandler
GetProcessIoCounters
GetACP
HeapCreate
CreateJobSet
LeaveCriticalSection
GlobalFindAtomW
GetConsoleKeyboardLayoutNameW
LoadLibraryA
FindActCtxSectionStringA
GetCPInfoExW
SetFileShortNameW
BeginUpdateResourceA
GetCurrentThreadId
EnumCalendarInfoW
UnregisterWaitEx
Thread32Next
ConsoleMenuControl
SetConsolePalette
GetCommandLineA
FatalAppExitW
GetStringTypeW

rpcns4

I_RpcNsRaiseException
RpcNsMgmtBindingUnexportW
RpcNsBindingSelect
RpcNsProfileDeleteA
RpcNsBindingUnexportPnPA
RpcNsMgmtBindingUnexportA
RpcNsGroupMbrInqNextA
I_RpcNsSendReceive
RpcNsBindingUnexportPnPW
RpcNsEntryObjectInqBeginW
RpcNsGroupMbrAddW
RpcNsGroupMbrRemoveW
RpcNsGroupMbrAddA
RpcNsGroupDeleteA
RpcNsProfileEltInqNextA
RpcNsProfileEltInqBeginW
RpcNsEntryObjectInqBeginA
RpcNsGroupMbrInqBeginA
I_RpcNsGetBuffer
RpcNsProfileEltRemoveA
RpcNsEntryObjectInqNext
RpcNsBindingImportBeginA
RpcNsGroupMbrRemoveA
RpcNsProfileEltAddA
RpcNsBindingLookupBeginA
RpcNsEntryExpandNameW
RpcNsBindingLookupBeginW
I_RpcNsNegotiateTransferSyntax

mtxoci

ocon
olog
MTxOciInit
oparse
osetpi
ocof
oermsg
orol
odefinps
ocom
oflng
oexn
ofetch
ofen
odescr
MTxOciGetVersion
odessp
MTxolog
oopt
obreak
obndra
ocan
opinit
oclose
odefin
GetXaSwitch
MTxOciRegisterCursor

Sections

.text
Size: 210KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 575KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aecc5fbf4332ecb033c357e31743f9c8

Headers

DLL Characteristics

File Characteristics

Imports

mapistub

imagehlp

msvcrt40

msi

kernel32

rpcns4

mtxoci

Sections

.text Size: 210KB - Virtual size: 212KB

.rdata Size: 575KB - Virtual size: 576KB

.data Size: 82KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 210KB - Virtual size: 212KB

.rdata
Size: 575KB - Virtual size: 576KB

.data
Size: 82KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB