159adf26807a732cf143007cffafe039_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

159adf26807a732cf143007cffafe039_JaffaCakes118
Size

869KB
MD5

159adf26807a732cf143007cffafe039
SHA1

e99329037ffba5cf99dd7951f00da68458e35c03
SHA256

d7bc123acb10e2401c4b1901ede68a40dc5a8e79c68c1fcb4c38f9b782ddb4ff
SHA512

9912f41855318977f581ca816067a20da190b1f4a3eb34d67e11686619bdf821d19f0997e3a826dbc9529dd6eab5447762329d833b5c07fcefd40f6f24864d69
SSDEEP

24576:K6eUtAfWPk0MZze/whn64K9Ye+LDjukXlc:K6eqbxEe/wh64K9E6k1c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
159adf26807a732cf143007cffafe039_JaffaCakes118

Files

159adf26807a732cf143007cffafe039_JaffaCakes118
.exe windows:5 windows x86 arch:x86

30d044e4d04e3c07b2489d49002dcbe1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetGeoInfoA
WTSGetActiveConsoleSessionId
SetConsoleTextAttribute
EnumCalendarInfoExA
GlobalMemoryStatus
QueryPerformanceCounter
VDMOperationStarted
GlobalFindAtomW
WaitForSingleObjectEx
LoadLibraryA
SetTimeZoneInformation
GetFileAttributesExA
GetProfileSectionW
TerminateJobObject
ReadConsoleOutputAttribute
SetComPlusPackageInstallStatus
LocalFileTimeToFileTime
GetModuleHandleW
SetCalendarInfoW
BaseInitAppcompatCacheSupport
RegisterWowExec
OutputDebugStringA
SetConsoleCP
ExpungeConsoleCommandHistoryA
GetCurrentProcess
GetStartupInfoW
TermsrvAppInstallMode
VirtualAlloc
GetConsoleWindow
GetVolumeInformationW
FoldStringW
DefineDosDeviceW

mapistub

MAPILogonEx
ScCountNotifications@12
WrapCompressedRTFStream
FBadRglpszW@8
BuildDisplayTable@40
BMAPIDetails
MAPIAdminProfiles
cmc_logoff
MAPIUninitialize@0
SwapPlong@8
cmc_send
EncodeID@12
LaunchWizard@20
MAPIOpenLocalFormContainer
FGetComponentPath
ScCopyProps@16
OpenIMsgSession@12
UNKOBJ_ScAllocateMore@16
cmc_list
MAPIDetails
MNLS_MultiByteToWideChar@24
DeinitMapiUtil@0
BMAPIReadMail
GetTnefStreamCodepage@12
OpenTnefStream@28
PRProviderInit
InstallFilterHook@4
HrValidateIPMSubtree@20
ScInitMapiUtil@4
HrValidateParameters@8
HrComposeEID@28

opengl32

glTexImage1D
glGetTexEnviv
glColor4us
glPixelTransferi
glPixelMapusv
glGetTexImage
glEvalMesh1
glColor3us
glPopMatrix
glGetTexGendv
glTexCoord3sv
glIsList
glLightModelfv
glReadPixels
wglSetLayerPaletteEntries
glTexCoord2f
glPixelStoref
glGetTexLevelParameterfv
glPixelMapfv
glColor3d
glTexImage2D
glBegin
glScalef
glGetLightfv
glPopName
glColor3iv
glMaterialf
glVertex3i
glIndexsv
glVertex2iv
glEnableClientState
glTexGeni
glNormal3dv
glDrawArrays
glCopyTexSubImage2D
glRasterPos3f
glTexCoordPointer
glFrustum
glGetMaterialfv
glColor4d
glColor4i

samlib

SamQuerySecurityObject
SamEnumerateAliasesInDomain
SamiChangeKeys
SamAddMemberToAlias
SamOpenGroup
SamSetInformationAlias
SamOpenDomain
SamiSetBootKeyInformation
SamChangePasswordUser3
SamAddMultipleMembersToAlias
SamAddMemberToGroup
SamTestPrivateFunctionsDomain
SamCreateUserInDomain
SamRidToSid
SamTestPrivateFunctionsUser
SamGetGroupsForUser
SamCreateUser2InDomain
SamiEncryptPasswords
SamRemoveMultipleMembersFromAlias
SamCreateGroupInDomain
SamGetCompatibilityMode
SamiChangePasswordUser2
SamSetInformationDomain
SamRemoveMemberFromAlias
SamChangePasswordUser
SamCreateAliasInDomain
SamSetInformationGroup
SamQueryInformationDomain
SamQueryInformationAlias
SamEnumerateGroupsInDomain
SamiChangePasswordUser

hhsetup

?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
??4CCollection@@QAEAAV0@ABV0@@Z
?bIsVisable@CFolder@@QAEHXZ
?SetId@CLocation@@QAEXPBD@Z
?DeleteTitle@CCollection@@AAEKPAVCTitle@@@Z
?NewLocation@CCollection@@AAEPAVCLocation@@XZ
?AddChildFolder@CFolder@@QAEPAV1@PBGKPAKG@Z
?MergeKeywords@CCollection@@QAEHPAD@Z
??0CCollection@@QAE@XZ
?SetTitle@CLocation@@QAEXPBD@Z
?Open@CCollection@@QAEKPBD@Z
?SetId@CTitle@@QAEXPBG@Z
?GetIdW@CTitle@@QAEPBGXZ
??1CTitle@@QAE@XZ
?GetCollectionFileNameW@CCollection@@QAEPBGXZ
?SetOrder@CFolder@@QAEXK@Z
?AddLocation@CCollection@@QAEPAVCLocation@@PBD000PAK@Z
?SetTitle@CFolder@@QAEXPBG@Z
?CheckTitleRef@CCollection@@AAEKPBGG@Z
?SetVolume@CLocation@@QAEXPBG@Z
?GetColNo@CCollection@@QAEKXZ
?GetLangId@CCollection@@QAEGPBG@Z
?FindTitle@CCollection@@QAEPAVCTitle@@PBDG@Z
?DeleteLocation@CCollection@@AAEKPAVCLocation@@@Z
?Add@CPointerList@@QAEPAUListItem@@PAX@Z
?NewLocationHistory@CTitle@@QAEPAULocationHistory@@XZ
?AddLocationHistory@CTitle@@QAEKKPBD00PBVCLocation@@00H@Z
?Open@CCollection@@QAEKPBG@Z
?SetLanguage@CTitle@@QAEXG@Z
?SetId@CTitle@@QAEXPBD@Z
?HandleCollectionEntry@CCollection@@AAEKPAVCParseXML@@PAD@Z
?SetNextLocation@CLocation@@QAEXPAV1@@Z
?HandleLocation@CCollection@@AAEKPAVCParseXML@@PAD@Z
?AddCollection@CCollection@@QAEPAVCColList@@XZ
?GetNextLocation@CLocation@@QAEPAV1@XZ
??4CFIFOString@@QAEAAV0@ABV0@@Z
?WriteFolder@CCollection@@AAEHPAPAVCFolder@@@Z
?SetTitle@CFolder@@QAEXPBD@Z
?SetPath@CLocation@@QAEXPBD@Z
?GetLangId@CCollection@@QAEGPBD@Z
?FirstLocation@CCollection@@QAEPAVCLocation@@XZ
?FindLocation@CCollection@@QAEPAVCLocation@@PBDPAI@Z

advapi32

AddAuditAccessAce
SetSecurityDescriptorDacl
CryptEnumProvidersW
FreeSid
LsaGetUserName
AccessCheckByTypeAndAuditAlarmA
AccessCheckByTypeResultListAndAuditAlarmW
LsaEnumerateTrustedDomains
AccessCheckByTypeResultList
RegConnectRegistryW
CryptEncrypt
DeleteService
AddAccessAllowedObjectAce
GetServiceKeyNameW
I_ScIsSecurityProcess
SystemFunction031
WmiQueryAllDataMultipleA
WmiSetSingleInstanceA
SystemFunction006
SetEntriesInAclW
GetInheritanceSourceW
CheckTokenMembership
GetNamedSecurityInfoExW
LsaQueryInformationPolicy
GetTrusteeTypeW

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 412KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30d044e4d04e3c07b2489d49002dcbe1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mapistub

opengl32

samlib

hhsetup

advapi32

Sections

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 289KB - Virtual size: 289KB

.data Size: 412KB - Virtual size: 1.8MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 289KB - Virtual size: 289KB

.data
Size: 412KB - Virtual size: 1.8MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB