68647bde2e570966753fdea9c8b77a15_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

68647bde2e570966753fdea9c8b77a15_JaffaCakes118
Size

866KB
MD5

68647bde2e570966753fdea9c8b77a15
SHA1

8a53734820bb3051dda2745545e4aebcab109d05
SHA256

8f7c3a048361b0929f77a3530e4c085052645f0b8dafdce980bc4a652fa0c9d1
SHA512

1cc977c7a56f37d43e3b75d9e369f3da9d8da3d6752e14fd388a0a5a0b0dcd71704b02540154ba8a3157b3ddbcb23145487107be3eead20f4ebf543839465a59
SSDEEP

12288:uBRKfAh7NqX5WE1YjIAPu10s6bO/bY6gRKm5CQ9UErx53JYTAhrjp+UP1DlxiZ98:ephY4vWyabVgRKmr9U4RGTA5l+U1dLe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68647bde2e570966753fdea9c8b77a15_JaffaCakes118

Files

68647bde2e570966753fdea9c8b77a15_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ca56ff38d8eb2b957605f067e7131efd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsFree
OpenJobObjectA
SearchPathW
BeginUpdateResourceW
SetConsoleKeyShortcuts
GetStartupInfoW
EnumUILanguagesA
CreateWaitableTimerW
QueryInformationJobObject
HeapAlloc
SetFileAttributesW
SetConsoleNumberOfCommandsW
GenerateConsoleCtrlEvent
IsBadStringPtrA
GetConsoleAliasesW
QueryPerformanceCounter
HeapValidate
LoadLibraryA
GlobalFindAtomW
GetCommandLineW
_hwrite
GetModuleHandleW
GetCompressedFileSizeW
OpenEventA
OpenProfileUserMapping
DosDateTimeToFileTime
TlsAlloc
SetConsoleIcon
EnumCalendarInfoW
TransmitCommChar
FindClose
SetFileAttributesA
lstrcat
SetHandleCount
GetConsoleTitleA
FatalAppExitA
GetProcessAffinityMask
LZRead
InterlockedExchange
GetSystemTimeAdjustment
SetCriticalSectionSpinCount
SetThreadLocale
lstrcmpA
SetCommBreak
GetConsoleCommandHistoryLengthW
VirtualAlloc
EnumDateFormatsExW
GetHandleContext
CreateEventW

avifil32

AVIFileCreateStreamA
AVIStreamInfoW
AVIFileAddRef
AVISaveVW
AVISaveOptionsFree
EditStreamPaste
AVIMakeCompressedStream
AVIStreamGetFrameOpen
AVIStreamGetFrameClose
AVIStreamTimeToSample
AVIStreamOpenFromFileA
AVIStreamAddRef
AVIStreamOpenFromFileW
AVIStreamOpenFromFile
DllGetClassObject
AVIFileInfoW
AVIBuildFilterW
EditStreamCopy
AVIFileReadData
AVIStreamFindSample
AVIFileInit
AVIStreamInfoA
EditStreamSetInfoA
AVIStreamEndStreaming
IID_IGetFrame
AVIStreamBeginStreaming
AVISaveVA

advapi32

FindFirstFreeAce
SaferSetLevelInformation
OpenEncryptedFileRawW
MD5Init
DuplicateTokenEx
ElfOpenBackupEventLogA
EnableTrace
CloseServiceHandle
GetAuditedPermissionsFromAclW
LsaGetSystemAccessAccount
GetUserNameA
WmiQueryAllDataMultipleA
LookupAccountSidW
ObjectCloseAuditAlarmA
CryptDestroyKey
BackupEventLogW
IsWellKnownSid
ControlService
GetEffectiveRightsFromAclW
LsaQueryDomainInformationPolicy
SetServiceBits
RegSaveKeyExW
GetUserNameW
WmiSetSingleItemA
CryptEnumProvidersW
DeleteAce
CreateWellKnownSid
AbortSystemShutdownA
ControlTraceW
AddAccessDeniedAce
QueryTraceW
ElfOpenEventLogW
InitializeSecurityDescriptor
RegCreateKeyExA
StartTraceW
GetServiceKeyNameW
BuildTrusteeWithObjectsAndNameA
SetAclInformation
SetKernelObjectSecurity
ElfDeregisterEventSource
AllocateLocallyUniqueId

mmcbase

?Lock@CEventBuffer@@QAEXXZ
?InternalAddRef@CMMCStrongReferences@@AAEKXZ
?FromMMC@SC@mmcerror@@QAEAAV12@J@Z
??9SC@mmcerror@@QBE_NJ@Z
?HrFromSc@@YGJABVSC@mmcerror@@@Z
?ScFromMMC@@YG?AVSC@mmcerror@@J@Z
?GetHWnd@SC@mmcerror@@SGPAUHWND__@@XZ
??8SC@mmcerror@@QBE_NJ@Z
?GetCode@SC@mmcerror@@QBEJXZ
?ToHr@SC@mmcerror@@QBEJXZ
??9SC@mmcerror@@QBE_NABV01@@Z
??7SC@mmcerror@@QBEHXZ
?GetFacility@SC@mmcerror@@ABE?AW4facility_type@12@XZ
?FromLastError@SC@mmcerror@@QAEAAV12@XZ
?InternalRelease@CMMCStrongReferences@@AAEKXZ
?SetHinst@SC@mmcerror@@SGXPAUHINSTANCE__@@@Z
?Throw@SC@mmcerror@@QAEXXZ
?MMCErrorBox@@YGHVSC@mmcerror@@I@Z
?MMCErrorBox@@YGHPBGI@Z
??4CMMCStrongReferences@@QAEAAV0@ABV0@@Z
?GetSingletonObject@CMMCStrongReferences@@CGAAV1@XZ
?GetStringModule@@YGPAUHINSTANCE__@@XZ
?IsLocked@CEventBuffer@@QAE_NXZ
?SCODEFromSc@@YGJABVSC@mmcerror@@@Z
?Trace_@SC@mmcerror@@QBEXXZ
??_FSC@mmcerror@@QAEXXZ
?FatalError@SC@mmcerror@@QBEXXZ
?Unlock@CEventBuffer@@QAEXXZ
?GetEventBuffer@@YGAAVCEventBuffer@@XZ
?s_hInst@SC@mmcerror@@0PAUHINSTANCE__@@A
??BSC@mmcerror@@QBE_NXZ
?ScFlushPostponed@CEventBuffer@@AAE?AVSC@mmcerror@@XZ
?GetHelpID@SC@mmcerror@@QAEKXZ
?SetMainThreadID@SC@mmcerror@@SGXK@Z
??4SC@mmcerror@@QAEAAV01@ABV01@@Z
?Release@CMMCStrongReferences@@SGKXZ
?FromWin32@SC@mmcerror@@QAEAAV12@J@Z
?InternalLastRefReleased@CMMCStrongReferences@@AAE_NXZ
?s_dwMainThreadID@SC@mmcerror@@0KA
?FormatErrorShort@@YGXVSC@mmcerror@@IPAG@Z
?MMCErrorBox@@YGHPBGVSC@mmcerror@@I@Z
?Clear@SC@mmcerror@@QAEXXZ
?GetComObjectEventSource@@YGAAV?$CEventSource@VCComObjectObserver@@VCVoid@@V2@V2@V2@@@XZ
?AddRef@CMMCStrongReferences@@SGKXZ

hhsetup

?AddLocation@CCollection@@QAEPAVCLocation@@PBG000PAK@Z
?SetId@CLocation@@QAEXPBG@Z
?SetPath@CLocation@@QAEXPBG@Z
?Add@CPointerList@@QAEPAUListItem@@PAX@Z
?AddRef@CCollection@@QAEXXZ
?SetNextLocation@CLocation@@QAEXPAV1@@Z
?FindLocation@CCollection@@QAEPAVCLocation@@PBDPAI@Z
?GetFirstChildFolder@CFolder@@QAEPAV1@XZ
?AddTail@CFIFOString@@QAEKPAD@Z
??0CLocation@@QAE@XZ
?HandleFolder@CCollection@@AAEKPAVCParseXML@@PAD@Z
?GetTail@CFIFOString@@QAEKPAPAD@Z
?HandleTitle@CCollection@@AAEKPAVCParseXML@@PAD@Z
??1CFIFOString@@QAE@XZ
?NewTitle@CCollection@@AAEPAVCTitle@@XZ
?GetLanguage@CFolder@@QAEGXZ
?AllocCopyValue@CCollection@@AAEKPAVCParseXML@@PADPAPAD@Z
?GetSampleLocation@CCollection@@QAEPADXZ
?FirstLocation@CCollection@@QAEPAVCLocation@@XZ
?GetNextFolder@CFolder@@QAEPAV1@XZ
?Save@CCollection@@QAEKXZ
?SetTitle@CFolder@@QAEXPBD@Z
?GetSampleLocationW@CCollection@@QAEPBGXZ
??1CFolder@@QAE@XZ
??1CTitle@@QAE@XZ
?GetLangId@CCollection@@QAEGPBD@Z
?DeleteFolder@CCollection@@QAEKPAVCFolder@@@Z
?AddCollection@CCollection@@QAEPAVCColList@@XZ
?GetId@CLocation@@QBEPADXZ
??4CPointerList@@QAEAAV0@ABV0@@Z
?GetOrder@CFolder@@QAEKXZ
?SetSampleLocation@CCollection@@QAEXPBD@Z
?SetSampleLocation@CCollection@@QAEXPBG@Z
??0CFolder@@QAE@XZ
?AddLocationHistory@CTitle@@QAEKKPBD00PBVCLocation@@00H@Z
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
?SetNextFolder@CFolder@@QAEXPAV1@@Z
?SetLanguage@CTitle@@QAEXG@Z
?GetLocation@CTitle@@QAEPAULocationHistory@@K@Z
?SetParent@CFolder@@QAEXPAV1@@Z
?DeleteFolders@CCollection@@AAEXPAPAVCFolder@@@Z
?GetVisableRootFolder@CCollection@@QAEPAVCFolder@@XZ
?AddFolder@CCollection@@QAEPAVCFolder@@PBGKPAKG@Z
?Dirty@CCollection@@QAEXXZ
?Next@CPointerList@@QAEPAUListItem@@PAU2@@Z

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 396KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca56ff38d8eb2b957605f067e7131efd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

avifil32

advapi32

mmcbase

hhsetup

Sections

.text Size: 155KB - Virtual size: 155KB

.rdata Size: 311KB - Virtual size: 311KB

.data Size: 396KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 155KB - Virtual size: 155KB

.rdata
Size: 311KB - Virtual size: 311KB

.data
Size: 396KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B