e0d7f6856eebbd8483cd261f925c98fa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e0d7f6856eebbd8483cd261f925c98fa_JaffaCakes118
Size

676KB
MD5

e0d7f6856eebbd8483cd261f925c98fa
SHA1

63d960f169112bf647255f6379c13d70aac43058
SHA256

489596e1b0b478531dd773c18b625918d90daccd8c147da8de97c98b25040f04
SHA512

00d2f53393213f4119cd1678ecd4d10aa1f8d7a9033e64c65964afc5a8203f2f23acf87f953c3cb0365054e2350406b218d733664c5fbe9f811edf169dd8111b
SSDEEP

12288:aO3Ync/dzQLJIpwPxEn4YcX+xzwEj30/YiThSEw4kJdVcfp7TS:ZdzQLJ1Px+4SxzwzgiNSEw4kJ7cdu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0d7f6856eebbd8483cd261f925c98fa_JaffaCakes118

Files

e0d7f6856eebbd8483cd261f925c98fa_JaffaCakes118
.dll .vbs regsvr32 windows:5 windows x86 arch:x86 polyglot

efe789cc05be969375b7b6d75e8f3e95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

inetcomm.pdb

Imports

msoert2

SetWindowLongPtrAthW
FBuildTempPathW
WriteStreamToFileW
IUnknownList_CreateInstance
IVoidPtrList_CreateInstance
IsPlatformWinNT
CreateLogFile
StrTokEx
StrToUintA
PszScanToWhiteA
HrCreatePhonebookEntry
HrEditPhonebookEntry
HrFillRasCombo
FIsSpaceA
UpdateRebarBandColors
LoadMappedToolbarBitmap
HrCreateTridentMenu
HrCheckTridentMenu
CreateInfoWindow
HrIStreamWToBSTR
FreeTempFileList
FIsHTMLFileW
HrIsStreamUnicode
GetHtmlCharset
HrBSTRToLPSZ
HrGetElementImpl
HrSetDirtyFlagImpl
GetExePath
AppendTempFileList
fGetBrowserUrlEncoding
WriteStreamToFile
HrGetBodyElement
HrGetStyleSheet
CreateDataObject
CenterDialog
ReplaceCharsW
IsValidFileIfFileUrlW
MessageBoxInstW
HrIStreamToBSTR
FInitializeRichEdit
GetRichEdClassStringW
SetFontOnRichEd
RicheditStreamIn
HrLPSZToBSTR
HrStreamToByte
HrLPSZCPToBSTR
RicheditStreamOut
PszFromANSIStreamA
StrToUintW
ChConvertFromHex
PVGetMsgParam
HrGetMsgParam
HrGetCertificateParam
UnlocStrEqNW
UlStripWhitespace
FIsEmptyA
PszSkipWhiteW
HrCopyStreamToByte
PszToUnicode
PszToANSI
CchFileTimeToDateTimeW
CchFileTimeToDateTimeSz
CreateEnumFormatEtc
StripCRLF
HrCopyLockBytesToStream
HrGetStreamPos
OpenFileStreamW
BrowseForFolderW
OpenFileStream
PszSkipWhiteA
HrRewindStream
PszDupW
PszAllocW
FIsEmptyW
PszAllocA
HrCopyStreamCBEndOnCRLF
CreateTempFileStream
HrStreamSeekSet
HrSafeGetStreamSize
IsDigit
HrCopyStream
HrCopyStreamCB
CleanupFileNameInPlaceA
PszDupA
CleanupFileNameInPlaceW
HrDecodeObject
PVDecodeObject
IsUpper
HrStreamSeekCur
HrIndexOfMonth
HrIndexOfWeek
HrFindInetTimeZone
PszDayFromIndex
PszMonthFromIndex
PszScanToCharA
CryptFreeFunc
CryptAllocFunc
SzGetCertificateEmailAddress
PVGetCertificateParam
FMissingCert
HrGetStreamSize
DeleteTempFileOnShutdownEx
CreateTempFile
WriteStreamToFileHandle
ReplaceChars
OpenFileStreamShareW
MessageBoxInst

kernel32

GetWindowsDirectoryA
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
ReleaseSemaphore
CreateSemaphoreA
GetEnvironmentVariableA
VirtualProtect
SetStdHandle
LCMapStringW
LCMapStringA
VirtualQuery
InterlockedExchange
RtlUnwind
GetStringTypeW
GetStringTypeA
SetFilePointer
GetCPInfo
GetOEMCP
UnhandledExceptionFilter
HeapReAlloc
WriteFile
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsAlloc
TlsGetValue
TlsFree
ExitProcess
HeapAlloc
HeapFree
GetCommandLineA
TlsSetValue
DeleteFileW
GetFileSize
FormatMessageA
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
lstrcpynA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
FreeLibrary
EnterCriticalSection
DisableThreadLibraryCalls
MultiByteToWideChar
GetModuleFileNameA
lstrcmpiA
lstrlenA
IsDBCSLeadByteEx
lstrlenW
lstrcmpA
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetSystemTime
GetLastError
GetTimeZoneInformation
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SetLastError
VirtualFree
VirtualAlloc
WideCharToMultiByte
CloseHandle
GetModuleHandleA
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GetACP
GetTickCount
LocalFree
LocalAlloc
lstrcmpiW
lstrcmpW
IsDBCSLeadByte
GetCurrentThreadId
IsValidCodePage
GetProcAddress
LoadLibraryA
GetSystemInfo
LoadLibraryExA
ExpandEnvironmentStringsA
GetSystemDefaultLCID
RtlMoveMemory
MulDiv
SizeofResource
LockResource
LoadResource
FindResourceA
GetVersionExA
DeleteFileA
CopyFileA
FlushFileBuffers
FreeResource
GlobalAlloc
GetLocaleInfoA
CreateDirectoryA
GetUserDefaultLangID
GetSystemDefaultLangID
SetErrorMode
Sleep
CompareFileTime
SetEvent
ResetEvent
WaitForSingleObject
CreateThread
CreateEventA
TerminateThread

ole32

CoUninitialize
ReleaseStgMedium
CoTaskMemFree
IIDFromString
OleDestroyMenuDescriptor
OleRun
CoCreateInstance
CreateBindCtx
CreateStreamOnHGlobal
GetHGlobalFromStream
StringFromGUID2
PropVariantClear
CoCreateGuid
CoTaskMemRealloc
CLSIDFromString
CoGetMalloc
CoInitializeEx

user32

WinHelpA
GetAsyncKeyState
InsertMenuItemA
GetMenuItemCount
GetMenuItemInfoA
DrawIconEx
DestroyIcon
LoadIconA
CopyIcon
SystemParametersInfoA
PeekMessageA
GetWindowThreadProcessId
DialogBoxParamA
SetForegroundWindow
CreateWindowExA
CharNextExA
CreateDialogParamA
RegisterWindowMessageA
SetDlgItemTextA
IsCharAlphaNumericA
IsCharAlphaA
CharNextA
GetClassInfoA
RegisterClassA
RemovePropA
MoveWindow
SetPropA
MapWindowPoints
GetMenuStringA
SetWindowTextA
CheckMenuRadioItem
GetWindow
TranslateMessage
DispatchMessageA
GetDlgCtrlID
GetPropA
CallWindowProcA
CreatePopupMenu
MessageBeep
InflateRect
IsChild
AppendMenuA
CheckMenuItem
PostMessageA
GetCapture
SetCursor
GetWindowTextLengthA
GetWindowTextA
KillTimer
SetTimer
LoadAcceleratorsA
BeginPaint
GetSystemMetrics
GetSysColor
DrawEdge
EndPaint
LoadStringW
DrawTextExW
GetSysColorBrush
FillRect
ClientToScreen
InvalidateRect
GetFocus
CopyRect
IsWindowVisible
ShowWindow
GetDlgItem
EnableWindow
IsDlgButtonChecked
EndDialog
CheckRadioButton
EnumChildWindows
GetKeyboardLayoutList
LoadMenuA
GetSubMenu
GetClassInfoExA
LoadCursorA
RegisterClassExA
CreateWindowExW
SetWindowLongA
GetWindowLongA
DefWindowProcA
GetDC
ReleaseDC
GetClientRect
SetFocus
SetWindowPos
RemoveMenu
EnableMenuItem
GetWindowRect
GetParent
TrackPopupMenu
DestroyMenu
GetKeyState
SendMessageW
SendMessageA
DestroyWindow
IsWindow
LoadStringA
SendDlgItemMessageA
CharUpperA
CharLowerA
RegisterClipboardFormatA
CharPrevExA

advapi32

RegQueryValueExA
RegOpenKeyExA
CryptReleaseContext
CryptGetProvParam
CryptAcquireContextA
CryptSetProvParam
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
CryptGenRandom
RegCloseKey

gdi32

SelectObject
GetObjectA
GetTextMetricsA
DeleteObject
DeleteDC
ExtTextOutA
RestoreDC
BitBlt
SetTextColor
SetBkColor
SetBkMode
CreateCompatibleBitmap
SaveDC
CreateCompatibleDC
GetStockObject
PatBlt
GetTextExtentPoint32A
CreateDIBitmap
GetDeviceCaps
Ellipse
Rectangle
CreateSolidBrush
EnumFontFamiliesExA
CreateFontIndirectA
TranslateCharsetInfo

shell32

ShellExecuteA

shlwapi

ord154
ord313
ord125
ord128
AssocQueryKeyW
PathQuoteSpacesW
PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW
PathIsContentTypeW
PathRemoveFileSpecA
PathAddBackslashA
StrChrIA
SHQueryValueExA
UrlCombineW
PathFileExistsA
StrPBrkW
PathFindFileNameA
StrCpyW
StrCatW
StrChrA
StrChrW
StrToIntW
StrCmpNW
SHRegGetBoolUSValueA
ord153
StrStrIA
StrDupA
StrDupW
StrFormatByteSizeW
StrCatBuffW
PathStripPathW
PathCompactPathExW
StrCmpNA
StrCpyNW
StrCmpNIW
ord310
UrlIsW
UrlUnescapeA
StrCmpW
StrCmpIW
StrStrW
StrStrIW
StrStrA
PathFindFileNameW
PathFindExtensionW
wnsprintfW
PathFindExtensionA
StrCmpNIA
wnsprintfA
StrToIntA
StrCatBuffA
UrlGetPartW
ord311
ord172
ord199
ord146
ord52
ord301
ord403
ord55
ord131
ord69
ord88
ord75
ord57
ord334
ord389
ord112
ord335
ord299
ord37
ord136
ord77
ord376
ord184
ord212
ord214
ord213
ord12
ord164
ord107
ord61
ord340
ord59
ord143
PathCreateFromUrlA
ord97
PathAppendW
SHAutoComplete
ord95

oleaut32

VariantClear
DispInvoke
DispGetIDsOfNames
SafeArrayCreate
SysAllocString
SafeArrayPutElement
VariantInit
SafeArrayDestroy
SysAllocStringLen
SysStringLen
SysFreeString
LoadTypeLi
RegisterTypeLi
SysStringByteLen

Exports

Exports

CreateIMAPTransport
CreateIMAPTransport2
CreateNNTPTransport
CreatePOP3Transport
CreateRASTransport
CreateRangeList
CreateSMTPTransport
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EssContentHintDecodeEx
EssContentHintEncodeEx
EssKeyExchPreferenceDecodeEx
EssKeyExchPreferenceEncodeEx
EssMLHistoryDecodeEx
EssMLHistoryEncodeEx
EssReceiptDecodeEx
EssReceiptEncodeEx
EssReceiptRequestDecodeEx
EssReceiptRequestEncodeEx
EssSecurityLabelDecodeEx
EssSecurityLabelEncodeEx
EssSignCertificateDecodeEx
EssSignCertificateEncodeEx
GetDllMajorVersion
HrAthGetFileName
HrAthGetFileNameW
HrAttachDataFromBodyPart
HrAttachDataFromFile
HrDoAttachmentVerb
HrFreeAttachData
HrGetAttachIcon
HrGetAttachIconByFile
HrGetDisplayNameWithSizeForFile
HrGetLastOpenFileDirectory
HrGetLastOpenFileDirectoryW
HrSaveAttachToFile
HrSaveAttachmentAs
MimeEditCreateMimeDocument
MimeEditDocumentFromStream
MimeEditGetBackgroundImageUrl
MimeEditIsSafeToRun
MimeEditViewSource
MimeGetAddressFormatW
MimeOleAlgNameFromSMimeCap
MimeOleAlgStrengthFromSMimeCap
MimeOleClearDirtyTree
MimeOleConvertEnrichedToHTML
MimeOleCreateBody
MimeOleCreateByteStream
MimeOleCreateHashTable
MimeOleCreateHeaderTable
MimeOleCreateMessage
MimeOleCreateMessageParts
MimeOleCreatePropertySet
MimeOleCreateSecurity
MimeOleCreateVirtualStream
MimeOleDecodeHeader
MimeOleEncodeHeader
MimeOleFileTimeToInetDate
MimeOleFindCharset
MimeOleGenerateCID
MimeOleGenerateFileName
MimeOleGenerateMID
MimeOleGetAllocator
MimeOleGetBodyPropA
MimeOleGetBodyPropW
MimeOleGetCertsFromThumbprints
MimeOleGetCharsetInfo
MimeOleGetCodePageCharset
MimeOleGetCodePageInfo
MimeOleGetContentTypeExt
MimeOleGetDefaultCharset
MimeOleGetExtContentType
MimeOleGetFileExtension
MimeOleGetFileInfo
MimeOleGetFileInfoW
MimeOleGetInternat
MimeOleGetPropA
MimeOleGetPropW
MimeOleGetPropertySchema
MimeOleGetRelatedSection
MimeOleInetDateToFileTime
MimeOleObjectFromMoniker
MimeOleOpenFileStream
MimeOleParseMhtmlUrl
MimeOleParseRfc822Address
MimeOleParseRfc822AddressW
MimeOleSMimeCapAddCert
MimeOleSMimeCapAddSMimeCap
MimeOleSMimeCapGetEncAlg
MimeOleSMimeCapGetHashAlg
MimeOleSMimeCapInit
MimeOleSMimeCapRelease
MimeOleSMimeCapsFromDlg
MimeOleSMimeCapsFull
MimeOleSMimeCapsToDlg
MimeOleSetBodyPropA
MimeOleSetBodyPropW
MimeOleSetCompatMode
MimeOleSetDefaultCharset
MimeOleSetPropA
MimeOleSetPropW
MimeOleStripHeaders
MimeOleUnEscapeStringInPlace
RichMimeEdit_CreateInstance

Sections

.text
Size: 614KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

efe789cc05be969375b7b6d75e8f3e95

Headers

File Characteristics

PDB Paths

Imports

msoert2

kernel32

ole32

user32

advapi32

gdi32

shell32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: 614KB - Virtual size: 614KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 614KB - Virtual size: 614KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 34KB - Virtual size: 34KB