1788870b6689c2d670a1d8ab3cc913f5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1788870b6689c2d670a1d8ab3cc913f5_JaffaCakes118
Size

812KB
MD5

1788870b6689c2d670a1d8ab3cc913f5
SHA1

68587047056d4709d6adb6666540723b92309797
SHA256

862eb632d031d10b4821e1a2a71b1ebc219b9ecfa0a8673ec96e7e2233223012
SHA512

0af4bca47d7e6d439b83b329c80a4844b10839f4f6351e8c1124bda4d88fc3c04092de1900a7863b92c655cad8e892968e06778b7f19c794531a84c86cf3092d
SSDEEP

24576:MgKrYZXI2rp+/ErM/YfCozX429Wh8RSZLAxKXcY0PzRQC6bP/VAs5pPjjjjo2OzX:MgKUZXI2rM/Er9fC+429Wh8RSZkxS8P7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1788870b6689c2d670a1d8ab3cc913f5_JaffaCakes118

Files

1788870b6689c2d670a1d8ab3cc913f5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2e5b9110caf328397c52caa8272ce3fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\MyWork\CAJViewer 7\bin\CAJViewer.pdb

Imports

mail

?SendMail@@YAHPAUHWND__@@PBD1111PAVCStringArray@@H1H11@Z

whelper

ord154
ord94
ord131
ord8
ord46
ord43
ord14
ord148
ord19
ord21
ord123
ord289
ord101
ord23
ord169
ord7
ord156
ord318
ord209
ord111
ord130
ord129
ord196
ord237
ord70
ord10
ord268
ord275
ord12
ord107
ord105
ord106
ord108
ord112
ord18
ord157
ord202
ord149
ord265
ord321
ord212
ord17
ord85
ord195
ord97
ord146
ord79
ord80
ord155
ord5
ord20
ord158
ord194
ord233
ord239
ord49
ord52
ord325
ord216
ord203
ord288
ord62
ord292
ord76
ord240
ord109
ord253
ord81
ord100
ord251
ord220
ord89
ord119
ord42
ord201
ord147
ord243
ord286
ord276
ord258
ord124
ord135
ord153
ord303
ord63
ord110

mfc71

ord1283
ord1063
ord4125
ord3684
ord1554
ord6275
ord5214
ord3195
ord620
ord297
ord2092
ord1641
ord1571
ord4238
ord651
ord1930
ord5201
ord1185
ord5714
ord2372
ord1903
ord2991
ord572
ord5866
ord784
ord416
ord5873
ord3952
ord3085
ord722
ord2866
ord530
ord1123
ord2321
ord6067
ord781
ord2882
ord6120
ord3402
ord1486
ord5871
ord2370
ord3875
ord4035
ord6223
ord304
ord3683
ord3255
ord334
ord593
ord3934
ord4109
ord2272
ord1248
ord4081
ord5403
ord2468
ord5182
ord4212
ord4735
ord4890
ord2020
ord1671
ord1670
ord1551
ord5912
ord1401
ord4262
ord2657
ord2322
ord4580
ord908
ord907
ord1916
ord5563
ord2902
ord5124
ord5566
ord5716
ord4565
ord5797
ord5100
ord1458
ord5582
ord3827
ord1687
ord1686
ord2672
ord5454
ord961
ord3030
ord2763
ord4040
ord2838
ord2942
ord4481
ord4263
ord437
ord3509
ord4014
ord3109
ord3446
ord4468
ord4466
ord4325
ord2048
ord3061
ord1457
ord5581
ord5385
ord3032
ord2765
ord958
ord364
ord868
ord5429
ord3021
ord5446
ord6244
ord724
ord265
ord533
ord266
ord2131
ord1183
ord1032
ord1070
ord1187
ord2306
ord1181
ord2259
ord1084
ord1091
ord1489
ord299
ord2933
ord1482
ord3210
ord1934
ord3161
ord1280
ord2346
ord3057
ord6118
ord5119
ord6090
ord5419
ord1794
ord2248
ord1010
ord630
ord3038
ord2021
ord3056
ord3033
ord911
ord2766
ord385
ord5213
ord498
ord1164
ord3340
ord2149
ord709
ord5613
ord501
ord5529
ord2469
ord672
ord6305
ord612
ord5099
ord1122
ord3404
ord5468
ord1053
ord667
ord584
ord1970
ord317
ord1282
ord432
ord3108
ord6304
ord2907
ord1434
ord4065
ord6306
ord3110
ord5331
ord6297
ord5320
ord6286
ord4038
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord3333
ord662
ord745
ord757
ord425
ord557
ord566
ord1058
ord631
ord2751
ord2288
ord2280
ord386
ord5102
ord1580
ord5225
ord2156
ord959
ord1054
ord1126
ord1564
ord3830
ord5975
ord3645
ord1253
ord3907
ord283
ord3450
ord5934
ord1263
ord6007
ord5715
ord872
ord870
ord666
ord429
ord3025
ord5433
ord577
ord3514
ord664
ord5431
ord3023
ord5491
ord4067
ord5490
ord5410
ord427
ord461
ord2745
ord3088
ord3850
ord4069
ord629
ord914
ord1439
ord6288
ord3997
ord5089
ord384
ord3389
ord4257
ord2263
ord4566
ord2614
ord2621
ord6238
ord2051
ord5156
ord5592
ord1379
ord5412
ord2742
ord5495
ord4705
ord1922
ord4222
ord3040
ord2768
ord6043
ord4482
ord4264
ord755
ord616
ord564
ord368
ord383
ord262
ord1025
ord1440
ord3682
ord4980
ord4172
ord4386
ord4401
ord4399
ord4381
ord4384
ord4379
ord4864
ord3974
ord5151
ord2371
ord4273
ord731
ord5174
ord3344
ord2036
ord5203
ord2948
ord3182
ord605
ord1158
ord4181
ord1587
ord3307
ord5985
ord1024
ord2630
ord5645
ord2034
ord1038
ord3105
ord2044
ord4306
ord4591
ord1971
ord3352
ord4777
ord602
ord1966
ord1279
ord347
ord5216
ord356
ord1395
ord713
ord5807
ord2164
ord3092
ord2585
ord510
ord4095
ord1731
ord508
ord754
ord5717
ord1654
ord1598
ord2987
ord3328
ord3883
ord5868
ord326
ord2867
ord5010
ord1572
ord2246
ord1913
ord2615
ord5009
ord4135
ord2940
ord4904
ord2425
ord2424
ord4020
ord1557
ord3945
ord5148
ord1904
ord2173
ord1306
ord4277
ord1963
ord4265
ord740
ord552
ord4250
ord2992
ord3076
ord3641
ord3441
ord354
ord1892
ord2264
ord3867
ord5448
ord1917
ord1151
ord3879
ord1565
ord6208
ord4048
ord2958
ord3230
ord658
ord1643
ord1581
ord3292
ord715
ord3174
ord747
ord559
ord1031
ord2654
ord2367
ord1191
ord1211
ord783
ord1159
ord826
ord833
ord4127
ord5705
ord2430
ord1198
ord1716
ord313
ord6065
ord3650
ord3477
ord4132
ord2008
ord1302
ord4131
ord4674
ord4961
ord4507
ord4946
ord4649
ord4964
ord5053
ord4805
ord4364
ord4710
ord4796
ord4963
ord4377
ord4376
ord4287
ord4794
ord4948
ord4200
ord4673
ord4516
ord4971
ord4480
ord4529
ord4970
ord4846
ord4501
ord4368
ord4439
ord5049
ord4559
ord4920
ord4520
ord4519
ord4914
ord3740
ord4444
ord4443
ord4790
ord4204
ord4781
ord4389
ord4171
ord4178
ord4587
ord4776
ord4863
ord4860
ord5914
ord1619
ord5206
ord1360
ord5166
ord1562
ord2717
ord410
ord648
ord2419
ord2420
ord2421
ord2418
ord2417
ord3651

msvcr71

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
__security_error_handler
_fullpath
sin
fabs
cos
wcslen
atan
strftime
_vsnprintf
labs
abs
atol
_beginthreadex
_purecall
_snprintf
_splitpath
strncpy
wcsncpy
wcscpy
fopen
fclose
isdigit
memcmp
__p___argc
_CxxThrowException
qsort
memmove
_mktime64
_time64
memcpy
malloc
strcpy
free
strcat
_except_handler3
memset
__p___argv
_localtime64
strlen
atoi
_mbsinc
_mbsnbicmp
_mbsnicmp
_mbsicmp
_mbscmp
_mbstok
_mbsrchr
_mbsnbcpy
_mbscspn
__CxxFrameHandler
atof
_controlfp
_setmbcp

kernel32

WideCharToMultiByte
GetVersionExA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoA
ExitProcess
SetCurrentDirectoryA
CreateEventA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcpynA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
CreateProcessA
lstrcpyA
GetCurrentProcessId
GetModuleHandleA
SetFileAttributesA
WritePrivateProfileStringA
CreateDirectoryA
OutputDebugStringA
lstrcatA
lstrlenA
lstrcmpiA
Sleep
GetLastError
CreateMutexA
MultiByteToWideChar
GetPrivateProfileStringA
GetModuleFileNameA
lstrlenW
ReadFile
CreateFileA
DeleteFileA
CopyFileA
GetPrivateProfileIntA
MoveFileA
GlobalUnlock
GlobalLock
GlobalFree
MulDiv
TerminateThread
GetExitCodeThread
GetTickCount
LocalFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
OpenProcess
GlobalSize
GetExitCodeProcess
GlobalAlloc
GetTempFileNameA
GetTempPathA
GetProfileIntA
ReleaseMutex
OpenMutexA
GetDriveTypeA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
IsBadCodePtr
IsBadReadPtr
GetCurrentProcess
GetCurrentThreadId
WriteFile
SetEvent
WaitForMultipleObjects
CreateThread
lstrcmpA

user32

DrawIconEx
GetSysColorBrush
DrawEdge
GetActiveWindow
DispatchMessageA
GetMessageA
GetDCEx
AdjustWindowRectEx
GetClassInfoA
DefWindowProcA
EqualRect
WindowFromPoint
ClientToScreen
UnionRect
PtInRect
CopyRect
ReleaseCapture
SetCursor
SetCapture
GetCapture
InvalidateRgn
EnableMenuItem
FrameRect
SetClipboardData
EmptyClipboard
RegisterClipboardFormatA
MapWindowPoints
LoadCursorA
SetPropA
RemovePropA
CreateMenu
DestroyMenu
DestroyAcceleratorTable
DestroyIcon
LoadImageA
RedrawWindow
IsWindowVisible
GetIconInfo
InflateRect
GetFocus
GetSysColor
GetSystemMenu
ModifyMenuA
LoadIconA
BringWindowToTop
KillTimer
SetTimer
PostThreadMessageA
IntersectRect
OffsetRect
LockWindowUpdate
FillRect
EnumClipboardFormats
GetClipboardData
CloseClipboard
GetSystemMetrics
SetScrollRange
GetScrollRange
SetScrollPos
OpenClipboard
ShowScrollBar
IsZoomed
DeleteMenu
PeekMessageA
SetRect
IsRectEmpty
InvalidateRect
GetKeyState
GetDC
AppendMenuA
ReleaseDC
IsWindow
DdeInitializeA
DdeCreateStringHandleA
DdeNameService
DdeGetData
wsprintfA
SetWindowsHookExA
CallNextHookEx
GetPropA
GetLastActivePopup
GetWindow
GetDesktopWindow
UpdateWindow
GetWindowRect
IsIconic
LoadBitmapA
DdeFreeStringHandle
DdeUninitialize
UnhookWindowsHookEx
SetForegroundWindow
ShowWindow
MessageBoxA
GetCursorPos
GetParent
ScreenToClient
PostMessageA
SendMessageA
RemoveMenu
EnableWindow
GetClientRect
LoadMenuA
GetSubMenu
SetRectEmpty
LoadAcceleratorsA

gdi32

ExtTextOutW
SelectObject
StrokeAndFillPath
EndPath
BeginPath
RoundRect
Polyline
GetCurrentPositionEx
PtInRegion
CreateEllipticRgnIndirect
CreateEllipticRgn
CreateRectRgnIndirect
ExtCreatePen
GetTextExtentPointW
UnrealizeObject
CreateBitmap
CreatePatternBrush
PatBlt
Ellipse
DeleteObject
CreateDIBSection
FillRgn
OffsetRgn
CreatePolygonRgn
CombineRgn
CreateRectRgn
GetRgnBox
CreatePalette
SetBkColor
ExtTextOutA
GetTextMetricsA
BitBlt
Rectangle
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
CreatePen
GetCurrentObject
GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
StretchDIBits
DeleteDC
CreateDCA
SaveDC
GetViewportOrgEx
SetMapMode
SetViewportOrgEx
RestoreDC
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
StartDocA
DPtoLP
GetDeviceCaps
GetStockObject

msimg32

AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

GetJobA
OpenPrinterA

advapi32

RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
IsTextUnicode
GetUserNameA
RegCloseKey
RegOpenKeyA

shell32

SHGetSpecialFolderLocation
SHGetFileInfoA
SHGetDesktopFolder
SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA
SHFileOperationA
DragAcceptFiles
Shell_NotifyIconA
SHGetSpecialFolderPathA
ShellExecuteA

comctl32

ImageList_DragMove
ImageList_EndDrag
ImageList_DragEnter
ord17
ImageList_GetIcon
ImageList_AddMasked
ImageList_DragLeave
ImageList_Draw
ImageList_BeginDrag

shlwapi

UrlEscapeA
PathRemoveExtensionA
PathRenameExtensionA
PathFindFileNameA
PathRelativePathToA
PathCompactPathA
SHCopyKeyA
PathRemoveBackslashA
StrDupW
PathIsDirectoryA
StrDupA
PathRemoveArgsA
PathFindExtensionA
PathAppendA
PathRemoveFileSpecA
PathMakeSystemFolderA
PathFileExistsA
StrCmpNIA
PathIsURLA
PathAddExtensionA
SHRegGetUSValueA
PathCombineA
PathStripPathA

ole32

CoCreateInstance
CLSIDFromProgID

oleaut32

VariantClear
GetActiveObject
SysFreeString

ws2_32

WSAStartup

ui

ord1047
ord4023
ord4905
ord4765
ord2925
ord1883
ord4780
ord2960
ord2993
ord3809
ord1038
ord4161
ord4849
ord3710
ord1189
ord1446
ord1169
ord3260
ord1319
ord1309
ord4436
ord4434
ord792
ord810
ord818
ord802
ord1501
ord1499
ord1496
ord1625
ord4683
ord2591
ord1906
ord2493
ord1529
ord1882
ord1630
ord1639
ord1586
ord794
ord805
ord786
ord1196
ord2635
ord2586
ord2491
ord2615
ord2451
ord2517
ord4948
ord4119
ord3106
ord4003
ord1832
ord4390
ord1999
ord130
ord258
ord3952
ord845
ord836
ord4457
ord4827
ord4005
ord1223
ord3789
ord4839
ord1473
ord791
ord2508
ord1166
ord1191
ord1134
ord724
ord1631
ord2410
ord2308
ord2412
ord790
ord2329
ord2618
ord2045
ord1050
ord1010
ord1011
ord4835
ord1381
ord1162
ord2971
ord2964
ord3288
ord3123
ord2965
ord3001
ord2429
ord1183
ord778
ord1845
ord1210
ord755
ord4019
ord4906
ord4320
ord2674
ord4783
ord2962
ord2994
ord4162
ord670
ord4848
ord1190
ord1320
ord1304
ord820
ord800
ord1624
ord2494
ord1530
ord795
ord788
ord2637
ord2588
ord2452
ord4104
ord4382
ord1959
ord201
ord4422
ord3792
ord59
ord3916
ord4725
ord2623
ord3075
ord2419
ord2476
ord1130
ord1068
ord1058
ord4061
ord2483
ord4673
ord4585
ord4037
ord3499
ord2312
ord2561
ord2640
ord1369
ord971
ord4271
ord4708
ord1721
ord3893
ord4303
ord4004
ord2999
ord2998
ord2468
ord3334
ord3167
ord3113
ord2470
ord3525
ord3033
ord2317
ord814
ord3171
ord3162
ord2953
ord2931
ord1593
ord815
ord1698
ord3942
ord3701
ord1391
ord3049
ord3079
ord3066
ord3017
ord3233
ord998
ord809
ord4395
ord2006
ord1157
ord4246
ord147
ord1707
ord3130
ord269
ord2208
ord2350
ord3496
ord3495
ord3497
ord3108
ord4822
ord1682
ord4092
ord1966
ord220
ord1464
ord84
ord4701
ord1552
ord1549
ord1331
ord3134
ord1144
ord1141
ord4863
ord1567
ord2216
ord4102
ord3098
ord1955
ord270
ord176
ord196
ord150
ord18
ord51
ord1373
ord4632
ord4749
ord4429
ord4899
ord4871
ord4883
ord4843
ord2697
ord3092
ord2972
ord4798
ord4045
ord4333
ord930
ord2686
ord277
ord159
ord656
ord1851
ord2361
ord2349
ord4505
ord2181
ord2756
ord2364
ord2205
ord2159
ord1215
ord240
ord1508
ord960
ord1637
ord627
ord4898
ord3407
ord105
ord1156
ord259
ord2384
ord131
ord1540
ord1541
ord1517
ord4795
ord2142
ord4173
ord824
ord1664
ord1665
ord2255
ord3708
ord668
ord4028
ord4165
ord4108
ord4075
ord223
ord87
ord4785
ord567
ord1173
ord2112
ord1286
ord1307
ord3136
ord2219
ord4877
ord4707
ord2128
ord2033
ord3179
ord2176
ord1636
ord4489
ord4672
ord4039
ord970
ord4270
ord4710
ord1722
ord3895
ord4302
ord2997
ord2467
ord3333
ord3112
ord3032
ord2316
ord3164
ord1840
ord817
ord1700
ord3944
ord3703
ord3048
ord3065
ord3016
ord3232
ord996
ord4393
ord139
ord138
ord264
ord4120
ord140
ord265
ord3862
ord2247
ord3182
ord2132
ord1296
ord678
ord2440
ord2143
ord4761
ord4807
ord4786
ord4405
ord1465
ord4172
ord1343
ord1174
ord617
ord4690
ord260
ord133
ord4657
ord2383
ord761
ord664
ord4036
ord3331
ord1592
ord3915
ord3700
ord3046
ord3063
ord3010
ord3216
ord989
ord1930
ord1018
ord1774
ord1931
ord4413
ord4742
ord1
ord1218
ord4541
ord2647
ord2646
ord3
ord162
ord161
ord4651
ord4360
ord4191
ord2661
ord1282
ord3400
ord1027
ord1394
ord3552
ord4070
ord3107
ord1833
ord2002
ord2698
ord135
ord261
ord4748
ord2499
ord572
ord4060
ord4471
ord2475
ord1129
ord3329
ord3043
ord3224
ord991
ord4381
ord1949
ord4479
ord1346
ord37
ord4477
ord186
ord2146
ord4649
ord3082
ord4792
ord1334
ord1314
ord1316
ord2340
ord1520
ord4656
ord1873
ord3187
ord1717
ord662
ord3904
ord3969
ord3317
ord2256
ord3656
ord3315
ord3091
ord3907
ord3874
ord3709
ord669
ord2293
ord4027
ord3156
ord2928
ord3876
ord4166
ord2658
ord4109
ord3102
ord4950
ord4076
ord249
ord225
ord224
ord120
ord89
ord88
ord653
ord1180
ord1302
ord2122
ord4190
ord1880
ord3911
ord1371
ord4595
ord1023
ord1308
ord1287
ord1277
ord1755
ord4437
ord3137
ord1741
ord1727
ord1590
ord2220
ord4892
ord4886
ord4894
ord4875
ord3158
ord4731
ord4735
ord4581
ord203
ord1260
ord61
ord2161
ord3832
ord4114
ord3104
ord242
ord108
ord184
ord1289
ord4478
ord4470
ord1345
ord1543
ord35
ord2234

readerex

ord94
ord93
ord36
ord26
ord54
ord55
ord125
ord2
ord104
ord117
ord126
ord76
ord77
ord101
ord96
ord100
ord118
ord119
ord142
ord106
ord74
ord7
ord25
ord24
ord5
ord135
ord33
ord66
ord4
ord57
ord12
ord14
ord72
ord50
ord63
ord59
ord67
ord8
ord16
ord138
ord116
ord9
ord10
ord88
ord79
ord21
ord80
ord81
ord95
ord37
ord127
ord132
ord134
ord131
ord133
ord128
ord97
ord102
ord85
ord86
ord58
ord47
ord60
ord35
ord1
ord61
ord75
ord6

sysinfo

ord1

rpcrt4

UuidCreate

wininet

InternetSetOptionA
InternetConnectA
InternetOpenA
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetSetFilePointer

psapi

GetModuleFileNameExA
EnumProcessModules

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

winmm

timeSetEvent
timeKillEvent

Sections

.text
Size: 348KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 332KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e5b9110caf328397c52caa8272ce3fe

Headers

File Characteristics

PDB Paths

Imports

mail

whelper

mfc71

msvcr71

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

ui

readerex

sysinfo

rpcrt4

wininet

psapi

version

winmm

Sections

.text Size: 348KB - Virtual size: 346KB

.rdata Size: 120KB - Virtual size: 117KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 332KB - Virtual size: 329KB

.text
Size: 348KB - Virtual size: 346KB

.rdata
Size: 120KB - Virtual size: 117KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 332KB - Virtual size: 329KB