a8231681e4d6c8dbaf5b8e87f4a7acb2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a8231681e4d6c8dbaf5b8e87f4a7acb2_JaffaCakes118
Size

470KB
MD5

a8231681e4d6c8dbaf5b8e87f4a7acb2
SHA1

cb0b7883838095e9c9d795b9facb178fd21f3157
SHA256

1da0b75e1b811144dee78a216b485f5d85a50191bf40b5adec3c5bb5cf21b1db
SHA512

45fa317cf6ef1c8b7fd12764d6cfbdb9d69b1bd6fd2c5eb46d13f50c4638def38eb97e1fcd671b41ef48e84bdf6968ba44683879b726c3cfbcdb803776b56d9f
SSDEEP

12288:JXk9TlEZOcHHXxh0ln2M8j+EX74Th5qh:JX2xEZO0f8CwC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8231681e4d6c8dbaf5b8e87f4a7acb2_JaffaCakes118

Files

a8231681e4d6c8dbaf5b8e87f4a7acb2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

31bc262d122ba33eaa78bea98eb0d39e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

hhsetup

?SetId@CTitle@@QAEXPBD@Z
?SetVolume@CLocation@@QAEXPBD@Z
?DeleteFolder@CCollection@@QAEKPAVCFolder@@@Z
?GetSampleLocationW@CCollection@@QAEPBGXZ
?AddFolder@CCollection@@QAEPAVCFolder@@PBGKPAKG@Z
?GetCollectionFileNameW@CCollection@@QAEPBGXZ
?Release@CCollection@@AAEKXZ
?SetNextFolder@CFolder@@QAEXPAV1@@Z
?GetRefTitleCount@CCollection@@QAEKXZ
?First@CPointerList@@QAEPAUListItem@@XZ
?HandleTitle@CCollection@@AAEKPAVCParseXML@@PAD@Z
?SetLanguage@CTitle@@QAEXG@Z
??0CTitle@@QAE@XZ
?DeleteLocalFiles@CCollection@@AAEXPAULocationHistory@@PAVCTitle@@@Z
?Open@CCollection@@QAEKPBD@Z
?NewTitle@CCollection@@AAEPAVCTitle@@XZ
?GetFirstChildFolder@CFolder@@QAEPAV1@XZ
?GetIdW@CLocation@@QAEPBGXZ
?Close@CCollection@@QAEKXZ
?FindLocation@CCollection@@QAEPAVCLocation@@PBDPAI@Z
??1CCollection@@QAE@XZ
?AddRefedTitle@CCollection@@AAEKPAVCFolder@@@Z
?GetNextFolder@CFolder@@QAEPAV1@XZ
??1CTitle@@QAE@XZ
?GetIdW@CTitle@@QAEPBGXZ
?FindLocation@CCollection@@QAEPAVCLocation@@PBGPAI@Z
??1CFolder@@QAE@XZ
?GetTitleW@CLocation@@QAEPBGXZ
??0CLocation@@QAE@XZ
?GetParent@CFolder@@QAEPAV1@XZ

msdart

?IsUsable@CLKRHashTable@@QBE_NXZ
?ConvertSharedToExclusive@CReaderWriterLock3@@QAEXXZ
??4CFakeLock@@QAEAAV0@ABV0@@Z
?sm_llGlobalList@CLKRLinearHashTable@@0VCLockedDoubleList@@A
?IsReadLocked@CCritSec@@QBE_NXZ
MpHeapFree
??1CLKRHashTable@@QAE@XZ
?IsWin2k@CMdVersionInfo@@SAHXZ
??0CReaderWriterLock3@@QAE@XZ
?DeleteRecord@CLKRHashTable@@QAE?AW4LK_RETCODE@@PBX@Z
?ReadLock@CSmallSpinLock@@QAEXXZ
?_InsertThisIntoGlobalList@CLKRHashTable@@AAEXXZ
??0CSpinLock@@QAE@XZ
MpHeapAlloc
?ReleaseVersionInfo@CMdVersionInfo@@SAXXZ
?ReadUnlock@CCritSec@@QAEXXZ
?_CalcKeyHash@CLKRHashTable@@ABEKK@Z
?_CurrentThreadId@CSpinLock@@CGJXZ
?TryWriteLock@CReaderWriterLock2@@QAE_NXZ
?_CmpExch@CReaderWriterLock3@@AAE_NJJ@Z
?IsValid@CLKRHashTable@@QBE_NXZ
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
??1CFakeLock@@QAE@XZ
?SetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGXN@Z
?RemoveEntry@CDoubleList@@SGXQAVCListEntry@@@Z
?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
mpMalloc
?IsWriteLocked@CFakeLock@@QBE_NXZ
?ReadLock@CReaderWriterLock@@QAEXXZ
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
?_EqualKeys@CLKRLinearHashTable@@ABE_NKK@Z
?_H0@CLKRLinearHashTable@@ABEKK@Z
_DllMain@12
MpGetHeapHandle
?WriteUnlock@CReaderWriterLock2@@QAEXXZ
?IsWriteUnlocked@CReaderWriterLock3@@QBE_NXZ

msi

MsiSetTargetPathW
MsiDoActionW
MsiViewModify
MsiDatabaseGetPrimaryKeysW
MsiDatabaseExportA
MsiDeleteUserDataA
MsiSetTargetPathA
MsiProvideQualifiedComponentExW
MsiGetFeatureUsageA
MsiConfigureProductA
MsiRecordSetStringW
MsiGetProductPropertyW
MsiGetFileVersionW
MsiUseFeatureExA
MsiGetPatchInfoW
MsiUseFeatureW
MsiDatabaseCommit
MsiSetPropertyW
MsiRecordGetInteger
MsiGetFeatureInfoA
MsiAdvertiseProductExW
MsiDecomposeDescriptorA
MsiSummaryInfoPersist
DllGetClassObject
MsiProvideQualifiedComponentA
MsiLocateComponentA
MsiDatabaseMergeW
MsiEnableLogA
MsiCollectUserInfoW
MsiQueryFeatureStateW
MsiConfigureProductExW
MsiRecordSetStreamA
MsiGetFeatureStateW
MsiEvaluateConditionW
MsiGetProductPropertyA
MsiCloseAllHandles
MsiFormatRecordW

kernel32

Heap32ListNext
GetProcessAffinityMask
BeginUpdateResourceA
VerLanguageNameA
DeleteVolumeMountPointA
SetComputerNameExW
GetBinaryTypeW
AllocConsole
ReadConsoleInputA
SetFileTime
SetThreadPriority
LoadLibraryA
CallNamedPipeW
EnumResourceLanguagesA
GetSystemTimeAsFileTime
SetConsoleNumberOfCommandsA
PrivCopyFileExW
HeapCreate
UnlockFileEx
DuplicateHandle
IsBadHugeReadPtr
_lread
MultiByteToWideChar
IsBadWritePtr
GetCurrentThread
FreeLibraryAndExitThread
GetCommProperties
GetHandleContext
RemoveVectoredExceptionHandler
BaseUpdateAppcompatCache
GlobalGetAtomNameA
SetThreadLocale
IsValidCodePage
WaitForSingleObject
OpenProfileUserMapping
ReadConsoleOutputW
LZStart
GetMailslotInfo
LocalAlloc
GlobalHandle
GetConsoleAliasesLengthW
MoveFileWithProgressA
GlobalLock
GetLocaleInfoW
HeapDestroy
VirtualAlloc
CreateWaitableTimerW
Heap32ListFirst

wshtcpip

WSHGetWSAProtocolInfo
WSHGetSocketInformation
WSHGetBroadcastSockaddr
WSHSetSocketInformation
WSHGetSockaddrType
WSHGetWildcardSockaddr
WSHNotify
WSHEnumProtocols
WSHGetWinsockMapping
WSHAddressToString
WSHOpenSocket2
WSHStringToAddress
WSHOpenSocket
WSHGetProviderGuid
WSHJoinLeaf
WSHIoctl

winmm

mciGetDeviceIDFromElementIDA
waveOutPrepareHeader
mciGetErrorStringW
mciGetYieldProc
midiOutReset
waveOutClose
WOW32DriverCallback
mixerOpen
mixerGetLineControlsW
waveOutBreakLoop
waveOutReset
midiOutClose
mmsystemGetVersion
joyGetPosEx
waveInClose
mciDriverNotify
waveOutUnprepareHeader
mixerGetLineInfoW
waveInGetDevCapsW
midiInUnprepareHeader
joy32Message
mciGetErrorStringA
SendDriverMessage
mmioSetInfo
midiStreamPosition
mmTaskCreate
timeKillEvent
midiInGetErrorTextA
waveOutSetPlaybackRate
joyGetDevCapsA
mxd32Message
mixerMessage
midiOutShortMsg

msvcrt

_wexecle
_CIatan2
_itoa
_Getmonths
_winver
_spawnvpe
??0bad_cast@@QAE@ABV0@@Z
_isnan
__dllonexit
__p__acmdln
_purecall
mbstowcs
_mbsicmp
_ftol
_ismbbtrail
wcscspn
_cwait
_findnexti64
__setlc_active
??0bad_cast@@QAE@PBD@Z
_wstati64
_open_osfhandle
__DestructExceptionObject
_wspawnlpe
_ismbbalpha
ctime

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31bc262d122ba33eaa78bea98eb0d39e

Headers

File Characteristics

Imports

hhsetup

msdart

msi

kernel32

wshtcpip

winmm

msvcrt

Sections

.text Size: 168KB - Virtual size: 168KB

.rdata Size: 160KB - Virtual size: 160KB

.data Size: 512B - Virtual size: 517KB

.rsrc Size: 140KB - Virtual size: 140KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 168KB - Virtual size: 168KB

.rdata
Size: 160KB - Virtual size: 160KB

.data
Size: 512B - Virtual size: 517KB

.rsrc
Size: 140KB - Virtual size: 140KB

.reloc
Size: 1024B - Virtual size: 1024B