0526e84f040425f994aa437deafeef34_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0526e84f040425f994aa437deafeef34_JaffaCakes118
Size

868KB
MD5

0526e84f040425f994aa437deafeef34
SHA1

987645993362c1e814f2ab28e2bb6c6fc27930f2
SHA256

973e46e5a8d78701f1aa94d324da7098df5bebdf7b52eea8d7446932f30a0919
SHA512

e2855c865aac75134e41252105b981c673d0665e4eefb6dfd2652a3a73c94f17709cb097747f9ec30aaade2246610b43dcbbb14cd3bfb5d4443cff38e4e5045f
SSDEEP

24576:CdxLd4QcDNdRtMYsv4286DO0t9jZShacZorINEb7y:YlWRtVM0cDSscZorIiu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0526e84f040425f994aa437deafeef34_JaffaCakes118

Files

0526e84f040425f994aa437deafeef34_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e08f1bbd62a861c40917d00ee363d4f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_pgmptr
_wmakepath
_sleep
_abnormal_termination
strtok
_getdcwd
exit
_ismbcl0
_ismbcupper
_pctype
_fcvt
??1bad_cast@@UAE@XZ
_wtmpnam
__lc_collate_cp
_ltoa
??8type_info@@QBEHABV0@@Z
_close
localeconv
clearerr
_wsetlocale
wcstok
_spawnlp
_utime64
___lc_handle_func
strlen
__set_app_type
getc
?_set_new_mode@@YAHH@Z
_scwprintf
__p__winver
__crtLCMapStringA
__RTDynamicCast
_tzname
_ungetch
_mbctolower
__getmainargs
__lc_handle
signal
setvbuf
??0bad_cast@@AAE@PBQBD@Z
__p__commode
_CIpow
iswascii
_tempnam

certcli

CASetCACertificate
CASetCertTypeFlags
CACertTypeRegisterQuery
CASetCertTypeFlagsEx
CACreateNewCA
CAGetCertTypeExpiration
CAGetCAProperty
CACertTypeAccessCheckEx
CAEnumCertTypes
CASetCertTypeKeySpec
GetProxyDllInfo
CACloneCertType
CACertTypeAccessCheck
CASetCertTypeExpiration
CAOIDAdd
CAAddCACertificateType
CAGetCAFlags
CACreateLocalAutoEnrollmentObject
CAFreeCAProperty
CAOIDGetLdapURL
CASetCertTypePropertyEx
CAOIDCreateNew
CASetCertTypeProperty
CACountCertTypes
CAOIDFreeLdapURL
CASetCertTypeExtension
CAAccessCheckEx
CAOIDSetProperty
CAGetCAExpiration
CASetCAFlags
CAOIDFreeProperty
CAFreeCertTypeProperty
CAInstallDefaultCertType
CACreateCertType
CASetCAExpiration
CACertTypeGetSecurity
CAGetDN
CAEnumFirstCA
CAGetCACertificate
CAAccessCheck
CAEnumCertTypesForCA
CACloseCertType
DllGetClassObject
CADeleteCA

hhsetup

?GetOrder@CFolder@@QAEKXZ
??4CFolder@@QAEAAV0@ABV0@@Z
?AddTitle@CCollection@@QAEPAVCTitle@@PBG0000GIPAVCLocation@@PAKH0@Z
?IsDirty@CCollection@@QAEHXZ
??4CFIFOString@@QAEAAV0@ABV0@@Z
?GetPathW@CLocation@@QAEPBGXZ
??1CTitle@@QAE@XZ
?AddFolder@CCollection@@QAEPAVCFolder@@PBDKPAKG@Z
?NewLocationHistory@CTitle@@QAEPAULocationHistory@@XZ
?First@CPointerList@@QAEPAUListItem@@XZ
?SetNextFolder@CFolder@@QAEXPAV1@@Z
?GetParent@CFolder@@QAEPAV1@XZ
?AllocCopyValue@CCollection@@AAEKPAVCParseXML@@PADPAPAD@Z
?GetTitle@CLocation@@QAEPADXZ
?SetSampleLocation@CCollection@@QAEXPBG@Z
?AddLocationHistory@CTitle@@QAEKKPBG00PBVCLocation@@00H@Z
??0CLocation@@QAE@XZ
??0CCollection@@QAE@XZ
?DecrementRefTitleCount@CCollection@@QAEXXZ
??4CPointerList@@QAEAAV0@ABV0@@Z
?AddRefedTitle@CCollection@@AAEKPAVCFolder@@@Z
?IncrementRefTitleCount@CCollection@@QAEXXZ
?GetVersion@CCollection@@QAEKXZ
?GetVolumeW@CLocation@@QAEPBGXZ
?SetFindMergedCHMS@CCollection@@QAEXH@Z
??1CCollection@@QAE@XZ
?GetId@CTitle@@QAEPADXZ
?SetVolume@CLocation@@QAEXPBD@Z
??0CPointerList@@QAE@XZ
?GetTail@CFIFOString@@QAEKPAPAD@Z
??1CLocation@@QAE@XZ
?AddTitle@CCollection@@QAEPAVCTitle@@PBD0000GIPAVCLocation@@PAKH0@Z
?SetPath@CLocation@@QAEXPBD@Z
?GetIdW@CLocation@@QAEPBGXZ
?Next@CPointerList@@QAEPAUListItem@@PAU2@@Z

query

?AcqWord@CQueryScanner@@QAEPAGXZ
??0CPropertyRestriction@@QAE@KABVCFullPropSpec@@ABVCStorageVariant@@@Z
?Enum@CWin32RegAccess@@QAEHPAGK@Z
?Init@CPidLookupTable@@QAEHPAVPRcovStorageObj@@@Z
??1CWin32RegAccess@@QAE@XZ
??0CFileMapView@@QAE@PBG@Z
?Close@CPipeClient@@IAEXXZ
?OpenExclusive@CMmStream@@QAEXPAGH@Z
?Init@CFileMapView@@QAEXXZ
?Commit@CRcovStrmMDTrans@@QAEXXZ
?QueryCatalogAdmin@CCatalogEnum@@QAEPAVCCatalogAdmin@@XZ
??1CDbSortSet@@QAE@XZ
?EndTransaction@CPropStoreManager@@QAEXKHKK@Z
?SetProperty@CDbPropBaseRestriction@@QAEHABUtagDBID@@@Z
?GetI4@CAllocStorageVariant@@QBEJI@Z
?ResetType@CAllocStorageVariant@@IAEXAAVPMemoryAllocator@@@Z
?Close@CPropSetMap@COLEPropManager@@QAEXXZ
?SetMappedCacheSize@CPropStoreManager@@QAEXKK@Z
?SetLPWSTR@CStorageVariant@@QAEXPBGI@Z
?QueryPidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?NewStemmer@CCiOle@@SGPAUIStemmer@@ABU_GUID@@@Z
?UnMarshall@CDbByGuid@@QAEHAAVPDeSerStream@@@Z
??1CImpersonationTokenCache@@QAE@XZ
?SetCatalog@CCatState@@QAEXPBG@Z
??1CPropertyStoreWids@@QAE@XZ
??1CDbPropBaseRestriction@@QAE@XZ
?PauseCI@CMachineAdmin@@QAEHXZ
?UnMarshall@CDbParameter@@QAEHAAVPDeSerStream@@@Z
CITextToFullTreeEx
??1CDbPropSet@@QAE@XZ
??0CPathParser@@QAE@PBGK@Z
?EnumPropInfo@CEmptyPropertyList@@UAGJKPAPBGPAPAUtagDBID@@PAGPAI@Z

mapi32

FBadRglpszW@8
BMAPISendMail
BMAPIReadMail
FBadSortOrderSet@4
MAPIUninitialize@0
HrSetOmiProvidersFlagsInvalid@4
BMAPIGetReadMail
ScRelocNotifications@20
CchOfEncoding@4
UlFromSzHex@4
HrValidateIPMSubtree@20
OpenTnefStream@28
DllGetClassObject
HexFromBin@12
MAPIResolveName
SzFindSz@8
DeregisterIdleRoutine@4
UlPropSize@4
LpValFindProp@12
MNLS_lstrcmpW@8
FBadRow@4
CreateIProp@24
MAPIOpenLocalFormContainer
OpenTnefStream
ScCreateConversationIndex@16
BMAPIResolveName
FtMulDwDw@8
HrSetOmiProvidersFlagsInvalid
RTFSync@12
cmc_send_documents
cmc_send
ScRelocProps@20
HrAllocAdviseSink@12
OpenStreamOnFile@24
FtAddFt@16
FBadColumnSet@4
FBadRestriction@4
FEqualNames@8
cmc_act_on
MAPIOpenFormMgr@8
UNKOBJ_ScAllocateMore@16
BMAPIGetAddress
FDecodeID@12

kernel32

OpenProcess
LocalReAlloc
BeginUpdateResourceA
ClearCommBreak
SetConsoleOS2OemFormat
AreFileApisANSI
HeapSize
BaseFlushAppcompatCache
IsBadStringPtrA
GetStringTypeW
EnumResourceTypesW
GetThreadTimes
InterlockedDecrement
GetTickCount
HeapDestroy
GetCommandLineA
HeapWalk
SetFilePointerEx
ReleaseMutex
GetCurrentDirectoryA
HeapAlloc
GetNamedPipeHandleStateA
WriteConsoleOutputCharacterA
ReadConsoleInputExW
GetUserGeoID
UnregisterWait
WritePrivateProfileSectionW
WideCharToMultiByte
GetConsoleAliasExesLengthW
SetSystemTime
GetDriveTypeA
VirtualAlloc
ConnectNamedPipe
LoadLibraryA
FlushInstructionCache
PeekConsoleInputW
NlsGetCacheUpdateCount
GetCommState
GetSystemTime
FindActCtxSectionStringW
GetVolumeNameForVolumeMountPointW
CancelWaitableTimer
DebugActiveProcess
OpenFileMappingW
GetStringTypeExW
RemoveLocalAlternateComputerNameA
GetMailslotInfo
EnumSystemLocalesW
lstrcatW
AttachConsole
lstrcmpA
lstrcpyW
RegisterConsoleVDM
ReplaceFileW
CreateEventW
FileTimeToLocalFileTime
GetACP
ReadFileEx
SetInformationJobObject
FindVolumeMountPointClose
LZInit
RegisterWaitForSingleObjectEx
GetConsoleScreenBufferInfo
EnumUILanguagesW
SetLocalPrimaryComputerNameW
GetCurrentThread

Sections

.text
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e08f1bbd62a861c40917d00ee363d4f8

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

certcli

hhsetup

query

mapi32

kernel32

Sections

.text Size: 346KB - Virtual size: 346KB

.rdata Size: 337KB - Virtual size: 337KB

.data Size: 181KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 346KB - Virtual size: 346KB

.rdata
Size: 337KB - Virtual size: 337KB

.data
Size: 181KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB