e1e89033eef54d279a1f76ff228bf2c6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e1e89033eef54d279a1f76ff228bf2c6_JaffaCakes118
Size

33KB
MD5

e1e89033eef54d279a1f76ff228bf2c6
SHA1

90109ea76817efd529ad54d7b823cc8f460546ff
SHA256

4c40e9ac9751709f24010cace307f8e4d238e2dd5b48faf886cf8b94d3a23f55
SHA512

9d06c7c404426c69496831aa90c8b8bba8ff58eacbaa3320e240561d7e46c7db785f7e99bd36aa00ade13ceeba2f44a9f08d06b9418e0689da4adafce25aaed3
SSDEEP

768:Y/T1HcBrseDKI7GfmzqfM1xSOsEmvnmbZ6:YL1Hu7Gf7fM1xSOEvuZ6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1e89033eef54d279a1f76ff228bf2c6_JaffaCakes118

Files

e1e89033eef54d279a1f76ff228bf2c6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

982011834fcd270e3e757a50ef9fe63a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hhsetup

?RemoveAll@CFIFOString@@QAEXXZ
?GetIdW@CTitle@@QAEPBGXZ
?GetVisableRootFolder@CCollection@@QAEPAVCFolder@@XZ
?SetId@CTitle@@QAEXPBD@Z
?GetParent@CFolder@@QAEPAV1@XZ
?GetRefTitleCount@CCollection@@QAEKXZ
?GetLanguage@CTitle@@QAEGXZ
?SetId@CLocation@@QAEXPBG@Z
??0CFolder@@QAE@XZ
?HandleCollectionEntry@CCollection@@AAEKPAVCParseXML@@PAD@Z
?DecrementRefTitleCount@CCollection@@QAEXXZ
?WriteFolders@CCollection@@AAEHPAPAVCFolder@@@Z
?SetMasterCHM@CCollection@@QAEXPBGG@Z
?DeleteLocation@CCollection@@AAEKPAVCLocation@@@Z
?SetOrder@CFolder@@QAEXK@Z
?AddTail@CFIFOString@@QAEKPAD@Z
?GetVolume@CLocation@@QAEPADXZ
?GetNextLocation@CLocation@@QAEPAV1@XZ
?Next@CPointerList@@QAEPAUListItem@@PAU2@@Z
??4CPointerList@@QAEAAV0@ABV0@@Z
?Open@CCollection@@QAEKPBG@Z
??4CFolder@@QAEAAV0@ABV0@@Z
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
?WriteFolder@CCollection@@AAEHPAPAVCFolder@@@Z
?CheckTitleRef@CCollection@@AAEKPBDG@Z
?GetRootFolder@CCollection@@QAEPAVCFolder@@XZ
?SetSampleLocation@CCollection@@QAEXPBD@Z
?AddCollection@CCollection@@QAEPAVCColList@@XZ
?AddTitle@CCollection@@QAEPAVCTitle@@PBD0000GIPAVCLocation@@PAKH0@Z
?GetCollectionFileName@CCollection@@QAEPBDXZ
?AddRefedTitle@CCollection@@AAEKPAVCFolder@@@Z
?HandleTitle@CCollection@@AAEKPAVCParseXML@@PAD@Z
?GetIdW@CLocation@@QAEPBGXZ
?AddFolder@CCollection@@QAEPAVCFolder@@PBDKPAKG@Z
?GetLangId@CCollection@@QAEGPBD@Z

msvcrt20

__argv
?peek@istream@@QAEHXZ
strspn
strerror
iswalpha
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
__p__daylight
??0ifstream@@QAE@PBDHH@Z
??0fstream@@QAE@H@Z
_CIatan2
??0ios@@QAE@PAVstreambuf@@@Z
_control87
?fail@ios@@QBEHXZ
_sys_errlist
div
_errno
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
?epptr@streambuf@@IBEPADXZ
_ismbbpunct
??_7ofstream@@6B@
??4Iostream_init@@QAEAAV0@ABV0@@Z
_tcsnccnt
vfprintf
_findclose
_dup2
strrchr
?tie@ios@@QBEPAVostream@@XZ
??_7ostrstream@@6B@
?xsputn@streambuf@@UAEHPBDH@Z
__mb_cur_max
_tcsset
_tcschr
clearerr
??_Estreambuf@@UAEPAXI@Z
__threadid
__CxxFrameHandler
?unbuffered@streambuf@@IAEXH@Z
_mbsnicoll
_CIsinh
strcoll
wcspbrk
fgetws
??0filebuf@@QAE@ABV0@@Z
_snwprintf
?bitalloc@ios@@SAJXZ

wldap32

ldap_search_ext_sA
ldap_add_extA
ldap_add_ext
ldap_add
ldap_modrdn2_sW
ldap_openW
ldap_set_optionW
ldap_rename_ext_s
ldap_compare_extW
ldap_sasl_bind_sW
cldap_openA
ldap_sasl_bindW
ldap_encode_sort_controlA
ldap_memfreeA
ldap_value_free
ldap_startup
ldap_get_valuesW
ldap_modrdn_s
ldap_parse_result
ldap_escape_filter_elementW
ldap_search_stW
ldap_compareA
ldap_modify_ext_sW
ldap_delete_ext_sA
ldap_err2string
LdapUnicodeToUTF8
ldap_parse_vlv_controlW
ldap_extended_operationW
ldap_value_freeA
ldap_next_reference
ldap_control_freeW
ldap_bind_sA
ldap_simple_bind_sW

ntdll

wcsncpy
NtQueryDefaultLocale
isdigit
pow
NtSetSystemEnvironmentValue
_lfind
ZwWaitForKeyedEvent
RtlApplyRXactNoFlush
NtCreateProcess
ZwQueryDefaultUILanguage
NtQueueApcThread
ZwSetHighEventPair
RtlEnableEarlyCriticalSectionEventCreation
RtlSecondsSince1980ToTime
iswspace
_wcsnicmp
isgraph
RtlImageNtHeader
NtSetSecurityObject
NtCreateToken
NtEnumerateBootEntries
RtlFindMostSignificantBit
LdrFindEntryForAddress
RtlDosApplyFileIsolationRedirection_Ustr
cos
NtSetLdtEntries
RtlUpcaseUnicodeToCustomCPN
RtlDeleteElementGenericTableAvl
RtlRemoveVectoredExceptionHandler
RtlDelete
ZwOpenThreadTokenEx
NtCreateEvent
ZwLoadDriver
ZwOpenThread
RtlUpcaseUnicodeString
RtlTryEnterCriticalSection
ZwWriteRequestData
RtlFormatCurrentUserKeyPath
RtlAddAce
ZwSaveKeyEx
CsrCaptureMessageBuffer
NtCreateDirectoryObject
NtQueryOpenSubKeys
ZwRenameKey
ZwTerminateProcess
ZwQueryEvent
RtlClearBits
RtlInitCodePageTable
NtSetInformationKey
ZwQuerySystemInformation
RtlFindMessage
ZwOpenMutant
RtlEnumerateGenericTableLikeADirectory
RtlSetUserFlagsHeap
ZwSetUuidSeed
RtlInterlockedPushEntrySList
ZwAcceptConnectPort
RtlIpv4StringToAddressW
DbgUiStopDebugging
RtlNumberOfSetBits
wcstol
ZwWaitForSingleObject
sin

msvcp60

?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
??Hstd@@YA?AV?$complex@M@0@ABV10@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?write@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@PBGH@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
_FCosh
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?date_order@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QBEHXZ
?assign@?$char_traits@G@std@@SAXAAGABG@Z
?pubseekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@V32@H@Z
?_Doraise@runtime_error@std@@MBEXXZ
?max@?$numeric_limits@M@std@@SAMXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
?transform@?$collate@D@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@PBD0@Z
?quiet_NaN@?$numeric_limits@N@std@@SANXZ
?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z
??Dstd@@YA?AV?$complex@M@0@ABV10@ABM@Z
??1_Locinfo@std@@QAE@XZ
?_Init@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
??1?$numpunct@G@std@@UAE@XZ
?round_error@?$numeric_limits@M@std@@SAMXZ
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?seekg@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?_Doraise@length_error@std@@MBEXXZ
??0?$collate@G@std@@QAE@I@Z
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDF@Z
?negative_sign@?$_Mpunct@D@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?is_open@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QBE_NXZ
??_7?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@6B@
?cosh@std@@YA?AV?$complex@N@1@ABV21@@Z
?_Sinh@?$_Ctr@N@std@@SANNN@Z

opengl32

glRasterPos2dv
glMatrixMode
glInitNames
glNormal3b
glPolygonStipple
glTexCoord2iv
glRasterPos3i
glIndexsv
glGetPointerv
wglGetProcAddress
glMultMatrixf
glColor4us
glGetPolygonStipple
GlmfInitPlayback
glTexCoord3s
glPixelStorei
glColor4uiv
wglDeleteContext
glColor3d
glNormalPointer
glTexGendv
glNewList
glEvalCoord1f
glVertex4fv
glVertex2dv
glPixelMapuiv
glTexCoord1s
glDrawElements
glColor3i
glTexCoord1i
glRasterPos4sv
glIndexub
glColor4d
glScaled
glMap1d
glTexCoord3f
glSelectBuffer
glMap1f
glGetMapfv
glDepthMask
glPrioritizeTextures
wglGetDefaultProcAddress
glVertex3s
glColor3ub
glNormal3f
glEdgeFlagPointer

msi

MsiSetTargetPathA
MsiGetActiveDatabase
MsiConfigureFeatureW
MsiGetShortcutTargetA
MsiEnumClientsA
MsiUseFeatureExA
MsiEnumFeaturesW
MsiConfigureFeatureFromDescriptorW
MsiGetProductCodeW
MsiSetFeatureAttributesW
MsiGetFileSignatureInformationA
DllCanUnloadNow
MsiCloseHandle
MsiGetFeatureUsageA
MsiCreateTransformSummaryInfoA
MsiSourceListClearAllA
MsiGetShortcutTargetW
MsiRecordClearData
MsiRecordSetStreamA
MsiEnumRelatedProductsW
MsiEnumProductsW
MsiRecordSetStringA
MsiGetFeatureStateA
MsiDatabaseMergeA
MsiDatabaseImportA
MsiGetTargetPathW
MsiEnumRelatedProductsA
MsiCollectUserInfoA
MsiPreviewBillboardW
MsiSetPropertyA
MsiGetFeatureValidStatesW
MsiGetLanguage
MsiSequenceA
MsiEnumComponentCostsA
MsiCollectUserInfoW
MsiInstallMissingComponentW
MsiDatabaseIsTablePersistentA
MsiPreviewBillboardA
MsiGetPropertyA
MsiOpenPackageA
MsiGetComponentPathA
MsiPreviewDialogW
MsiEvaluateConditionW
MsiConfigureFeatureFromDescriptorA

cmutil

CmStrrchrW
?GetLogFilePath@CmLogFile@@QAEPBGXZ
CmIsSpaceW
?WPPS@CIniW@@QAEXPBG00@Z
?GetFile@CIniA@@QBEPBDXZ
?GetFile@CIniW@@QBEPBGXZ
CmStrCatAllocA
?SetEntryFromIdx@CIniW@@QAEXK@Z
??4CmLogFile@@QAEAAV0@ABV0@@Z
CmLoadImageW
?FormatWrite@CmLogFile@@AAEXW4_CMLOG_ITEM@@PAG@Z
?GetSection@CIniW@@QBEPBGXZ
?GPPS@CIniA@@QBEPADPBD00@Z
CmBuildFullPathFromRelativeA
?SetHInst@CIniW@@QAEXPAUHINSTANCE__@@@Z
?SetHInst@CIniA@@QAEXPAUHINSTANCE__@@@Z
?LoadSection@CIniW@@QBEPAGPBG@Z
?SetPrimaryRegPath@CIniW@@QAEXPBG@Z
CmLoadIconA
?SetICSDataPath@CIniW@@QAEXPBG@Z
CmMalloc
CmStrchrW
?SetICSDataPath@CIniA@@QAEXPBD@Z
?GetHInst@CIniW@@QBEPAUHINSTANCE__@@XZ
?Generate@CRandom@@QAEHXZ
??0CmLogFile@@QAE@XZ
?WPPB@CIniA@@QAEXPBD0H@Z

kernel32

WriteFileGather
SetTimerQueueTimer
CreateTimerQueue
Module32FirstW
SetHandleContext
UnlockFileEx
GetSystemInfo
ReadDirectoryChangesW
GetModuleHandleExW
GetWindowsDirectoryA
lstrcpynA
WriteConsoleOutputAttribute
GetStringTypeA
Sleep
GetBinaryType
VirtualQueryEx
GetCurrentProcess
FlushViewOfFile
GetConsoleWindow
lstrcmpA
BaseCleanupAppcompatCacheSupport
GetACP
VirtualAlloc
GetVersion
GetModuleFileNameW
EnterCriticalSection
GetNamedPipeHandleStateA
ReadFileScatter
GetConsoleTitleA
Beep
SetConsoleOS2OemFormat
ReplaceFileW
GetDriveTypeW
TryEnterCriticalSection
EnumLanguageGroupLocalesA
EnumResourceNamesA
SetConsoleNumberOfCommandsW
EnumTimeFormatsW
CreateFileW
FindActCtxSectionStringA

user32

SetFocus

expsrv

rtcUpperCaseVar
__vbaVarTextLike
__vbaVarIndexStore
__vbaStrCat
_adj_fprem1
rtcGetDayOfWeek
rtcFileWidth
rtcQBColor
rtcLowerCaseBstr
__vbaMidStmtBstrB
__vbaDateStr
__vbaLateMemCallLd
__vbaFreeObjList
__vbaFpCmpCy
EbResetProjectNormal
__vbaLateMemNamedCallLd
__vbaStrErrVarCopy
__vbaVarTextTstLe
__vbaI4Abs
__vbaVargParmRef
EbLibraryUnload
__vbaVarSetVar
__vbaAryVarVarg
rtcOctVarFromVar
__vbaCopyBytes
__vbaStrBool
__vbaVarSetObjAddref
Zombie_GetIDsOfNames
rtcRightCharVar
__vbaGetOwner4
__vbaVarTextCmpGt
__vbaAryConstruct
__vbaRaiseEvent
__vbaCyUI1
__vbaLineInputVar
rtcBstrFromFormatVar
rtR8FromErrVar
IID_IVbaHost
__vbaCyI4
__vbaPutOwner4
__vbaLdZeroAry
__vbaLbound
__vbaR8IntI2

wdigest

SpLsaModeInitialize
CredentialUpdateFree
SpInstanceInit
CredentialUpdateRegister
SpUserModeInitialize
SpInitialize
CredentialUpdateNotify

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

982011834fcd270e3e757a50ef9fe63a

Headers

DLL Characteristics

File Characteristics

Imports

hhsetup

msvcrt20

wldap32

ntdll

msvcp60

opengl32

msi

cmutil

kernel32

user32

expsrv

wdigest

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 1KB - Virtual size: 2KB

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 1KB - Virtual size: 2KB