bf74fb7a0b6b12a4b9b77c7ee0a12336_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bf74fb7a0b6b12a4b9b77c7ee0a12336_JaffaCakes118
Size

616KB
MD5

bf74fb7a0b6b12a4b9b77c7ee0a12336
SHA1

770fd8908bcf1a3252cea24251ef1a05eff6db7f
SHA256

3e2516e086e8570d4095bad84fa0c654ec88a68358095d084e6760328a4661ee
SHA512

b4691e9c9956d5360cc57ccefcc303a57f68f8d9d0edec546a208d0e54feb0b699b10a8ecd1976f1772644617bfdc4d6ddd17274aef7db3b0f826b61964c3e8a
SSDEEP

12288:w5llbbJ2kXhks404RYnzEZYQnw6nX1aURsdMe06ge/e2G6ZnDk3:allbb5t76X1aysdMe0a2Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf74fb7a0b6b12a4b9b77c7ee0a12336_JaffaCakes118

Files

bf74fb7a0b6b12a4b9b77c7ee0a12336_JaffaCakes118
.dll windows:5 windows x86 arch:x86

cc5d4e168c64684d209babc8790283a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Icp\projects\BRODSE14\conn_5x\conn_outlook\conn_5x\conn_outlook\MsOutlookApi\Release_mtd\MsOutlookApi.pdb

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

SHCreateStreamOnFileA
SHCreateStreamOnFileW

kernel32

GetLastError
GetTimeZoneInformation
SystemTimeToFileTime
DeleteFileA
GetTempPathA
CreateFileA
WriteFile
CloseHandle
Sleep
GetUserDefaultLangID
DeleteFileW
GetTempPathW
GetSystemTime
CompareFileTime
TzSpecificLocalTimeToSystemTime
GlobalAlloc
GlobalLock
GetTickCount
InterlockedDecrement
GetUserDefaultLCID
GetProcessHeap
HeapAlloc
HeapFree
CreateProcessW
MoveFileExW
CreateFileW
GetModuleFileNameW
GetLocaleInfoA
GetSystemDefaultLCID
lstrcpyW
IsDBCSLeadByte
lstrcpyA
LoadLibraryA
GetProcAddress
GetSystemDirectoryA
FreeLibrary
FileTimeToSystemTime
LoadLibraryExA
InterlockedExchange
IsBadWritePtr
IsBadCodePtr
IsBadReadPtr
IsDBCSLeadByteEx
GetModuleFileNameA
CreateMutexA
WaitForSingleObject
ReleaseMutex
GlobalFlags
GlobalUnlock
GlobalFree
GlobalReAlloc
GetPrivateProfileStringW
LoadLibraryW
_lwrite
_llseek
_lclose
WritePrivateProfileStringW
CopyFileW
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
lstrlenA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedCompareExchange
lstrcatA
GetACP

user32

LoadStringA
wvsprintfA
LoadStringW
wsprintfA
CharNextA
CharPrevA

advapi32

RegOpenKeyA
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegCloseKey

ole32

StgCreateDocfile
StgOpenStorage
CoCreateGuid
CoUninitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CLSIDFromProgID
CoCreateInstance
CoCreateInstanceEx
StringFromCLSID
CLSIDFromString
StringFromGUID2

oleaut32

SysStringByteLen
SysStringLen
SysAllocStringByteLen
SysFreeString
VariantClear
VariantInit
SysAllocString

msvcp90

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIABV12@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ

msvcr90

memcpy
_CxxThrowException
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_strnicmp
_adjust_fdiv
??3@YAXPAX@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??_V@YAXPAX@Z
strtok_s
wcstok_s
sprintf_s
atoi
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
memmove_s
strstr
strcpy_s
strchr
strncpy_s
memmove
malloc
free
isdigit
strcat_s
_vsnprintf_s
qsort
_wcsicmp
wcscpy_s
atol
_access_s
??0exception@std@@QAE@ABQBDH@Z
strncmp
wcsncmp
wcschr
wcscat_s
_snprintf_s
wcsstr
_stricmp
wcsrchr
_wcsupr_s
strrchr
_strupr_s
fclose
_wfopen_s
fseek
feof
fread
swprintf_s
fwrite
_waccess
strtoul
_itoa_s
_ultoa_s
_splitpath_s
memcpy_s
sprintf
_strlwr_s
strtol
strtod
sscanf_s
wcsncpy_s
strncat_s
_time64
_ftime64_s
_mbsnbcnt
_waccess_s
_vsnprintf
_ctime64_s
_makepath_s
_wrename
_wstat64i32
_strtime_s
_strdate_s
strncat
_wsplitpath_s
_wmakepath_s
__CxxFrameHandler3

Exports

Exports

GetMsOutlookApiSession
GetMsOutlookProfileManager

Sections

.text
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 151KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cc5d4e168c64684d209babc8790283a3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

shlwapi

kernel32

user32

advapi32

ole32

oleaut32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 356KB - Virtual size: 356KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 24KB

.text Size: 151KB - Virtual size: 152KB

.text
Size: 356KB - Virtual size: 356KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 24KB

.text
Size: 151KB - Virtual size: 152KB