eea2791e02c93aa3ed2dd1d011d91bbd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eea2791e02c93aa3ed2dd1d011d91bbd_JaffaCakes118
Size

385KB
MD5

eea2791e02c93aa3ed2dd1d011d91bbd
SHA1

1647d14195d8ba6bb2333973ed6c7dba49974d0e
SHA256

9bd52b8fafa1f7b96b284322b3e5cad198754ea8db48211984ce9d79065e504f
SHA512

d6082672f0aa2612e47455b021036b8ab320bd6e08fcadc207ed4c15949d0ea3ea033c6a8a5570a3775a7336d24c9359b40c5a98e1d24fe851f17d5284c8d595
SSDEEP

12288:MwOcyQd7j+6ciA7rrG61fcLdC4TZLVP5O:1j1jHhed1ERC6VxO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eea2791e02c93aa3ed2dd1d011d91bbd_JaffaCakes118

Files

eea2791e02c93aa3ed2dd1d011d91bbd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

de868d33335afb97ef9db31144235d3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapistub

MAPIOpenLocalFormContainer@4
ScCountProps@12
FtgRegisterIdleRoutine@20
OpenTnefStreamEx
cmc_logoff
PRProviderInit
MAPIFindNext
GetTnefStreamCodepage@12
GetOutlookVersion@0
GetTnefStreamCodepage
FBadRestriction@4
MNLS_lstrlenW@4
CreateIProp@24
ScUNCFromLocalPath@12
__CPPValidateParameters@8
LaunchWizard@20
SzFindCh@8
BMAPIGetReadMail
RTFSync
FBadPropTag@4
UNKOBJ_ScAllocateMore@16
HrDecomposeMsgID@24
HrDispatchNotifications@4
MAPIReadMail
SwapPword@8
EnableIdleRoutine@8
MAPISaveMail
BMAPIDetails
SzFindLastCh@8
FBadRowSet@4
PpropFindProp@12
CchOfEncoding@4
ScRelocProps@20
ScMAPIXFromCMC
HrValidateParameters@8
FBadRglpNameID@8
MAPIDetails
HrDecomposeEID@28
FtNegFt@8
HrThisThreadAdviseSink@8
UlFromSzHex@4

crtdll

__fpecode
wcscspn
_winmajor_dll
_mbsncmp
memchr
strpbrk
_mbscmp
_ctype
_tolower
_spawnve
realloc
_loaddll
system
calloc
iswxdigit
_finite
_open_osfhandle
_chsize
_flushall
_vsnprintf
_rmdir
_CIasin
_CIpow
_mbbtype
wcsncat
wscanf
__isascii
_fmode_dll
puts
_getdrive
_ismbbalnum
_mbsnbcmp
freopen
setlocale
wcslen
strchr
ungetc
??3@YAXPAX@Z
fwscanf
_j1
_mbsnset
isalnum
_itow

msvcrt

realloc
_ismbbalpha
_creat
_mbcjistojms
_heapwalk
_stricoll
_mbctype
_mbsnbcat
?set_new_handler@@YAP6AXXZP6AXXZ@Z
_wrmdir
puts
_getsystime
__wgetmainargs
_access
_getdcwd
_fullpath
_fstat64
_safe_fprem
_getwche
_fputwchar
_ismbcl1
_CIsinh
iswprint
rename
iswalpha
??4exception@@QAEAAV0@ABV0@@Z
_mbcjmstojis
_vsnwprintf
__CxxExceptionFilter
iswascii

kernel32

GetTapeParameters
IsValidCodePage
RaiseException
GetPrivateProfileIntW
GetFileAttributesExA
CreateSocketHandle
GetCommandLineA
GetWindowsDirectoryA
VirtualAlloc
GetSystemPowerStatus
Process32FirstW
GetPrivateProfileSectionNamesW
GetVDMCurrentDirectories
SetConsoleIcon
SwitchToThread
LockResource
GetExitCodeThread
ResetEvent
GetConsoleCursorInfo
GetPrivateProfileStringW
SuspendThread
EnumCalendarInfoA
SetConsoleCursorInfo
NlsGetCacheUpdateCount
lstrcpyn
GetCommTimeouts
SetFileApisToANSI
OpenJobObjectW
InterlockedExchangeAdd
LoadLibraryA
GetStartupInfoA
GetShortPathNameA
GlobalFindAtomA
GetTickCount
WriteProfileSectionW
SetConsoleFont
RegisterConsoleVDM
FindNextFileW
GetPrivateProfileStringA
WriteConsoleInputA
CreateFileMappingW
SystemTimeToFileTime
InitializeCriticalSection
GetLastError
Beep
FindActCtxSectionGuid
UTRegister
GetCalendarInfoW
GetConsoleAliasExesLengthA
CreateSemaphoreA
GetFileSizeEx
QueryDosDeviceA

wldap32

ldap_sslinitW
ldap_sasl_bind_sA
ldap_parse_resultW
ldap_modify_ext_sW
ldap_value_free
ber_bvecfree
ldap_delete_ext_sA
ldap_modrdnW
ldap_create_sort_controlW
ldap_create_sort_control
ldap_search_stW
ldap_create_sort_controlA
ldap_unbind
ldap_explode_dn
ldap_search_st
ldap_add
ldap_set_option
ldap_get_dnA
ldap_simple_bind_sW
ldap_get_values_len
ldap_set_dbg_routine
ldap_parse_result
ldap_abandon
ldap_get_dnW
ldap_get_paged_count
ldap_unbind_s
ldap_delete_extA
ldap_modrdn_sA
ldap_close_extended_op

msorcl32

SQLGetTypeInfo
SQLColAttributes
SQLSetConnectOption
SQLCancel
SQLNumParams
SQLGetData
SQLPutData
SQLAllocConnect
SQLNativeSql
SQLError
ConfigDSN
SQLStatistics
SQLColumns
SQLFreeEnv
SQLPrimaryKeys
SQLParamData
LoadByOrdinal
SQLSpecialColumns
SQLGetStmtOption
SQLAllocStmt
SQLSetPos
SQLExecute
SQLMoreResults
SQLFreeStmt
SQLForeignKeys
SQLFetch
SQLBindParameter
SQLBrowseConnect
DllMain

mfcsubs

?AllocBeforeWrite@CString@@IAEXH@Z
?IsEmpty@CString@@QBEHXZ
??O@YG_NPBGABVCString@@@Z
??H@YG?AVCString@@PBGABV0@@Z
??9@YG_NABVCString@@PBG@Z
?SetAtGrow@CStringArray@@QAEXHPBG@Z
?GetCount@CMapStringToPtr@@QBEHXZ
?ConcatInPlace@CString@@IAEXHPBG@Z
??P@YG_NABVCString@@0@Z
??0CMapStringToPtr@@QAE@H@Z
?RemoveAll@CStringArray@@QAEXXZ
?GetAllocLength@CString@@QBEHXZ
??0CString@@QAE@PBG@Z
??P@YG_NPBGABVCString@@@Z
?TrimRight@CString@@QAEXXZ
?Format@CString@@QAAXPBGZZ
??0CObject@@IAE@XZ
?MakeReverse@CString@@QAEXXZ
??_7CSyncObject@@6B@
?SafeStrlen@CString@@KGHPBG@Z
??_7CMapStringToPtr@@6B@
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
?AfxExtractSubString@@YGHAAVCString@@PBGHG@Z
?SpanIncluding@CString@@QBE?AV1@PBG@Z
?Compare@CString@@QBEHPBG@Z
?GetStartPosition@CMapStringToPtr@@QBEPAU__POSITION@@XZ
??9@YG_NABVCString@@0@Z

user32

EndDialog

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de868d33335afb97ef9db31144235d3a

Headers

DLL Characteristics

File Characteristics

Imports

mapistub

crtdll

msvcrt

kernel32

wldap32

msorcl32

mfcsubs

user32

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 240KB - Virtual size: 240KB

.data Size: 23KB - Virtual size: 472KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 240KB - Virtual size: 240KB

.data
Size: 23KB - Virtual size: 472KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 1024B - Virtual size: 1024B