b5ea374a1168d808cf78a6decfa052f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b5ea374a1168d808cf78a6decfa052f3_JaffaCakes118
Size

223KB
MD5

b5ea374a1168d808cf78a6decfa052f3
SHA1

299c583d123f45667be7fdeeae51e8405d91711e
SHA256

e641bc7acaa117dc1a71a2af24158d5fde8918333b093fcc6195861c01c033d7
SHA512

b546f2c8f1b96805cdad691fb03a01dc16ce4fbe39be714367de6a88ce3e2122a4634f75a1c9aed0a912434a9d829a5a6c1a6b19ecfd120b2566f2a138b45e15
SSDEEP

3072:OFeit33zZqflxd79XbxdbkQkOxKOszhi1VoOYOPS4B6qonNDqw596J+yQa:OFnt33zKrvbFo/hi1nbvPqNDqBJ+Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5ea374a1168d808cf78a6decfa052f3_JaffaCakes118

Files

b5ea374a1168d808cf78a6decfa052f3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e589649dcb37494451c1758817135c65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerInstall
RasPrivilegeAndCallBackNumber
MprPortSetUsage
MprAdminMIBEntryCreate
MprAdminConnectionGetInfo
MprAdminInterfaceGetInfo
MprConfigInterfaceDelete
MprAdminInterfaceTransportAdd
MprConfigInterfaceCreate
MprConfigTransportSetInfo
MprConfigInterfaceTransportGetHandle
MprAdminPortDisconnect
MprConfigInterfaceGetInfo
MprConfigServerRefresh
MprInfoRemoveAll
MprConfigInterfaceTransportAdd
MprAdminInterfaceDeviceGetInfo
MprAdminConnectionEnum
MprConfigGetFriendlyName
MprAdminPortReset
MprInfoBlockAdd
MprAdminPortGetInfo
MprAdminInterfaceGetCredentials
MprAdminUserReadProfFlags
MprAdminMIBServerConnect
MprAdminServerConnect
MprConfigInterfaceTransportSetInfo
MprAdminUserWrite
MprAdminUserWriteProfFlags
MprDomainRegisterRasServer
MprDomainQueryRasServer
MprConfigTransportGetInfo
MprAdminTransportSetInfo
MprInfoBlockFind
MprAdminInterfaceQueryUpdateResult
MprAdminMIBEntryDelete
MprConfigTransportGetHandle

hhsetup

?GetOrder@CFolder@@QAEKXZ
?CheckTitleRef@CCollection@@AAEKPBDG@Z
?GetLangId@CCollection@@QAEGPBG@Z
?ParseFile@CCollection@@AAEKPBD@Z
?RemoveAll@CPointerList@@QAEXXZ
?GetMasterCHM@CCollection@@QAEHPAPAGPAG@Z
?GetFirstChildFolder@CFolder@@QAEPAV1@XZ
?GetIdW@CTitle@@QAEPBGXZ
?WriteFolders@CCollection@@AAEHPAPAVCFolder@@@Z
?GetIdW@CLocation@@QAEPBGXZ
??0CFolder@@QAE@XZ
?NewTitle@CCollection@@AAEPAVCTitle@@XZ
?FindTitle@CCollection@@QAEPAVCTitle@@PBDG@Z
?GetTitleW@CFolder@@QAEPBGXZ
?SetFindMergedCHMS@CCollection@@QAEXH@Z
?RemoveCollection@CCollection@@QAEKH@Z
?AddFolder@CCollection@@QAEPAVCFolder@@PBGKPAKG@Z
?GetId@CLocation@@QBEPADXZ
??1CCollection@@QAE@XZ
?NewLocationHistory@CTitle@@QAEPAULocationHistory@@XZ
??1CLocation@@QAE@XZ
?AddLocation@CCollection@@QAEPAVCLocation@@PBD000PAK@Z
?Open@CCollection@@QAEKPBG@Z
?SetMasterCHM@CCollection@@QAEXPBDG@Z
?SetParent@CFolder@@QAEXPAV1@@Z
?HandleFolder@CCollection@@AAEKPAVCParseXML@@PAD@Z

kernel32

LZRead
GetProfileSectionW
GetConsoleHardwareState
GetThreadContext
BuildCommDCBA
GetConsoleFontInfo
SetCalendarInfoA
SetLastError
SetTapeParameters
GetBinaryType
Module32NextW
CreateEventW
LZOpenFileW
GetModuleHandleExA
GetConsoleAliasW
OpenThread
GetCommState
RemoveDirectoryA
MulDiv
CreateNamedPipeA
InitializeCriticalSectionAndSpinCount
FileTimeToDosDateTime
GetProcessHeap
ChangeTimerQueueTimer
LZSeek
IsValidCodePage
GetModuleHandleExW
WritePrivateProfileSectionW
CreateFileMappingA
GetHandleContext
SetHandleInformation
AddAtomW
EraseTape
GetWindowsDirectoryA
RtlMoveMemory
FindNextVolumeA
RegisterConsoleVDM
IsValidLocale
GetNumberFormatA
GetDiskFreeSpaceA
LCMapStringW
RequestWakeupLatency
WaitForMultipleObjectsEx
SetUnhandledExceptionFilter
LoadLibraryA
WriteConsoleOutputCharacterA
GetModuleFileNameW
FindVolumeClose
GetEnvironmentStringsA
EnterCriticalSection
GetLocalTime
lstrcatW
GetThreadPriority
SetCommMask
GetTempPathW
GetConsoleKeyboardLayoutNameW
GetNumaHighestNodeNumber
RemoveLocalAlternateComputerNameA
FlushInstructionCache
CreateDirectoryExA
VirtualAlloc
GlobalFindAtomA
RemoveDirectoryW
SetFirmwareEnvironmentVariableA
QueryDosDeviceA
_llseek
GetLargestConsoleWindowSize
GetEnvironmentVariableA
GetWindowsDirectoryW
CreateHardLinkW
MoveFileExW
MapViewOfFileEx
HeapFree
CmdBatNotification
GetBinaryTypeW
GetThreadLocale
GetFileAttributesA
GetMailslotInfo
SetVolumeMountPointW
GetStartupInfoW
GetModuleHandleW
SetTimeZoneInformation
GetProfileSectionA

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.3rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e589649dcb37494451c1758817135c65

Headers

DLL Characteristics

File Characteristics

Imports

mprapi

hhsetup

kernel32

Sections

.text Size: 90KB - Virtual size: 90KB

.rdata Size: 55KB - Virtual size: 55KB

.data Size: 15KB - Virtual size: 187KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.3rdata Size: 60KB - Virtual size: 60KB

.text
Size: 90KB - Virtual size: 90KB

.rdata
Size: 55KB - Virtual size: 55KB

.data
Size: 15KB - Virtual size: 187KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B

.3rdata
Size: 60KB - Virtual size: 60KB