36cc21454d12740d811c32e348f41cb3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

36cc21454d12740d811c32e348f41cb3_JaffaCakes118
Size

164KB
MD5

36cc21454d12740d811c32e348f41cb3
SHA1

f96c2891111bc38f45839bdc87575354355067ca
SHA256

86634e28e9e5135ca9e348542e3f8cf2eb1534b0d6a6abad234fab2c6434e12c
SHA512

55b939a12040ece3a310c1b9d2a1a1f0b5047f9b2ba19133e461a4ec763e1cc07a2df3f5391fbd0a7bed911322d029c2b257835b87aba45b58bca6d2a68d6104
SSDEEP

3072:7sxfl11FRfDGt0VJ3EVuuFUVjctoxrM+rkDWDl433lOS6A3xnbR6Z:Ax911PbQ0VNEVucUVYtoqlWDlyoOxbkZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36cc21454d12740d811c32e348f41cb3_JaffaCakes118

Files

36cc21454d12740d811c32e348f41cb3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

eb35f2d8068fae70061d364eb55a3f0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hhsetup

?AddChildFolder@CFolder@@QAEPAV1@PBDKPAKG@Z
??4CLocation@@QAEAAV0@ABV0@@Z
?AddTitle@CCollection@@QAEPAVCTitle@@PBD0000GIPAVCLocation@@PAKH0@Z
?Add@CPointerList@@QAEPAUListItem@@PAX@Z
?AddFolder@CCollection@@QAEPAVCFolder@@PBDKPAKG@Z
?FindLocation@CCollection@@QAEPAVCLocation@@PBGPAI@Z
?GetPathW@CLocation@@QAEPBGXZ
?GetLocation@CTitle@@QAEPAULocationHistory@@K@Z
?Dirty@CCollection@@QAEXXZ
?GetColNo@CCollection@@QAEKXZ
?SetTitle@CLocation@@QAEXPBD@Z
?GetVolume@CLocation@@QAEPADXZ
?GetNextFolder@CFolder@@QAEPAV1@XZ
?SetId@CTitle@@QAEXPBD@Z
?GetId@CTitle@@QAEPADXZ
??1CTitle@@QAE@XZ
?AddTail@CFIFOString@@QAEKPAD@Z
?GetLanguage@CFolder@@QAEGXZ
?AddLocationHistory@CTitle@@QAEKKPBD00PBVCLocation@@00H@Z
?GetMasterCHM@CCollection@@QAEHPAPADPAG@Z
?DeleteLocation@CCollection@@AAEKPAVCLocation@@@Z
?ConfirmTitles@CCollection@@QAEXXZ
?FindLocation@CCollection@@QAEPAVCLocation@@PBDPAI@Z
?GetId@CLocation@@QBEPADXZ
?GetLanguage@CTitle@@QAEGXZ
?GetVersion@CCollection@@QAEKXZ
?Release@CCollection@@AAEKXZ
?GetTitleW@CLocation@@QAEPBGXZ
?SetSampleLocation@CCollection@@QAEXPBD@Z
?AddChildFolder@CFolder@@QAEPAV1@PBGKPAKG@Z
?MergeKeywords@CCollection@@QAEHPAG@Z
??0CTitle@@QAE@XZ
??4CTitle@@QAEAAV0@ABV0@@Z
??4CFIFOString@@QAEAAV0@ABV0@@Z
?SetLanguage@CTitle@@QAEXG@Z
?FindTitle@CCollection@@QAEPAVCTitle@@PBDG@Z
?DeleteFolders@CCollection@@AAEXPAPAVCFolder@@@Z
?AddTitle@CCollection@@QAEPAVCTitle@@PBG0000GIPAVCLocation@@PAKH0@Z
?DeleteFolder@CCollection@@QAEKPAVCFolder@@@Z
?CheckTitleRef@CCollection@@AAEKPBDG@Z
?GetTitleW@CFolder@@QAEPBGXZ
?SetFindMergedCHMS@CCollection@@QAEXH@Z
?SetVersion@CCollection@@QAEXK@Z
?Next@CPointerList@@QAEPAUListItem@@PAU2@@Z

adsldpc

ADSIAbandonSearch
LdapOpenObject2
AdsTypeToLdapTypeCopyDNWithString
BuildADsPathFromLDAPPath
ADSIDeleteDSObject
ADSIModifyRdn
GetDomainDNSNameForDomain
SchemaClose
ChangeSeparator
GetLDAPTypeName
ReadServerSupportsIsADControl
FreeADsMem
ADSIGetFirstRow
GetSyntaxOfAttribute
BuildADsParentPathFromObjectInfo
GetDisplayName
LdapTypeBinaryToString
LdapInitializeSearchPreferences
ADSIOpenDSObject
LdapOpenObject
FindSearchTableIndex
LdapValueFree
BuildADsPathFromParent
ADsWriteAttributeDefinition
LdapValueFreeLen
LdapTypeToAdsTypeGeneralizedTime
ADsDeleteDSObject
LdapCrackUserDNtoNTLMUser2
LdapCloseObject
AdsTypeToLdapTypeCopyDNWithBinary
ADsGetNextColumnName
ADsAbandonSearch
AdsTypeToLdapTypeCopyConstruct

kernel32

Heap32ListNext
VirtualAlloc
EnumDateFormatsW
GetQueuedCompletionStatus
GetDefaultCommConfigW
SetFilePointer
CreateDirectoryExW
_hread
UTRegister
SetComputerNameExA
GetModuleFileNameA
InterlockedExchange
OpenJobObjectA
LZCopy
GlobalUnWire
GetEnvironmentVariableA
FindActCtxSectionGuid
FindAtomA
CreateFileMappingW
GetVolumeNameForVolumeMountPointW
SetThreadIdealProcessor
GetThreadTimes
GetTempPathW
GetProfileStringW
RemoveLocalAlternateComputerNameW
EnumerateLocalComputerNamesA
GetFullPathNameA
EnumResourceNamesA
SetConsoleWindowInfo
SetLastConsoleEventActive
WideCharToMultiByte
CancelTimerQueueTimer
GlobalUnlock
GetConsoleAliasesLengthA
SetHandleContext
LoadLibraryA
lstrcpynW
SetTimeZoneInformation
FreeResource
SetEvent
TransactNamedPipe
SetConsoleCursorPosition
FindNextVolumeMountPointA
EnumTimeFormatsA
SetCalendarInfoA
GlobalFindAtomW
PeekConsoleInputW

ntdll

_aulldiv
NtSetThreadExecutionState
NtQueryAttributesFile
ZwCreateEventPair
ZwCloseObjectAuditAlarm
ZwSetInformationProcess
RtlSetSecurityObject
ZwOpenThread
NtCreateSemaphore
NtQueryBootOptions
ZwQueryPerformanceCounter
NtAdjustGroupsToken
_i64toa
ZwGetPlugPlayEvent
RtlUpcaseUnicodeToOemN
RtlTryEnterCriticalSection
RtlExitUserThread
RtlGUIDFromString
sprintf
RtlFindLongestRunClear
NtOpenSection
NtIsProcessInJob
isxdigit
ZwSetSystemInformation
NtQueryDefaultUILanguage
_aulldvrm
RtlAbortRXact
RtlAssert
RtlpNtQueryValueKey
RtlIpv4StringToAddressA
ZwCreateDebugObject
NtFlushKey
NtInitiatePowerAction
RtlCreateUnicodeString
RtlSetUserFlagsHeap
ZwSetInformationDebugObject
NtTranslateFilePath
NtImpersonateClientOfPort
NtSetValueKey
ZwRaiseException
LdrUnloadDll
ZwLockProductActivationKeys
_lfind
ZwOpenKey
NtSetInformationObject
ZwCancelTimer
RtlDumpResource
KiUserCallbackDispatcher
ZwCompressKey
NtLoadKey
ZwCreateJobObject
RtlFindClearBitsAndSet
RtlFlushSecureMemoryCache
RtlInitUnicodeStringEx
NtMapUserPhysicalPagesScatter
RtlIpv6StringToAddressA
RtlxUnicodeStringToAnsiSize
RtlCopyLuidAndAttributesArray
RtlCompareMemoryUlong
ZwRaiseHardError
ZwAllocateUuids
RtlZeroHeap

crtdll

_mbstrlen
_mbbtype
perror
vwprintf
iswgraph
_CIatan2
_strupr
_j0
_sopen
_locking
_XcptFilter
_access
_chgsign
_osversion_dll
_mbctype
fopen
exit
_wcsrev
_setsystime
_mbsstr
isupper
mktime
_setmode
_mbsncat
_winmajor_dll
_mbsnextc
wcsncat
wcstod
wctomb
_fgetwchar
isprint
is_wctype
_getdiskfree
time
__iscsymf
_strerror
strerror
_msize
floor
_baseversion_dll
_endthread
wcsstr
freopen

powrprof

SetSuspendState
IsPwrHibernateAllowed
GetPwrCapabilities
GetPwrDiskSpindownRange
GetActivePwrScheme
ReadGlobalPwrPolicy
MergeLegacyPwrScheme
DeletePwrScheme
LoadCurrentPwrScheme
IsPwrSuspendAllowed
ReadProcessorPwrScheme
ReadPwrScheme
GetCurrentPowerPolicies
EnumPwrSchemes
WriteGlobalPwrPolicy
WriteProcessorPwrScheme
IsAdminOverrideActive
CallNtPowerInformation
SetActivePwrScheme
WritePwrScheme
IsPwrShutdownAllowed
ValidatePowerPolicies
CanUserWritePwrScheme

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb35f2d8068fae70061d364eb55a3f0e

Headers

DLL Characteristics

File Characteristics

Imports

hhsetup

adsldpc

kernel32

ntdll

crtdll

powrprof

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 44KB - Virtual size: 212KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 44KB - Virtual size: 212KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B