f39e61ddf6fa81eb21534fecf97f4174_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f39e61ddf6fa81eb21534fecf97f4174_JaffaCakes118
Size

162KB
MD5

f39e61ddf6fa81eb21534fecf97f4174
SHA1

e912a47c94ae727e6922ec52923df5727ec40b6e
SHA256

fec0e98a715db2ed19201748743b70e5a1a1be5fb6ce27b1e6b0d17f406e71ac
SHA512

170f1b92a3e939f3f9ba1a22a47a24bd1c870295019f3c685c13bad8e516ac9527c1225ea58e1ee296765b351db63f041062a87950eb28b3c4157352ee8e41aa
SSDEEP

3072:ePBYXOPCF+qt9QhVKOxKigy1pXNgo29mIpezjPEbEAW4UcTkAMyujS:eGX5F+qtgKOFgyfsbCad

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f39e61ddf6fa81eb21534fecf97f4174_JaffaCakes118

Files

f39e61ddf6fa81eb21534fecf97f4174_JaffaCakes118
.exe windows:4 windows x86 arch:x86

653e247f037f6253d750277575d6b8a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

newdev

UpdateDriverForPlugAndPlayDevicesW

oleacc

LresultFromObject
AccessibleObjectFromPoint

shell32

SHGetFolderPathW

advapi32

RegDeleteValueW
OpenSCManagerW
QueryServiceLockStatusW
SetNamedSecurityInfoW
RegEnumKeyExW
QueryServiceConfigW
IsValidSecurityDescriptor
CloseServiceHandle
RegDeleteKeyW
LookupPrivilegeDisplayNameA
RegOpenKeyExW
CreateServiceW
AllocateAndInitializeSid
GetSecurityInfo
OpenProcessToken
SetEntriesInAclW
AddAce
InitializeSecurityDescriptor
RegSetValueExW
RegCreateKeyExW
UnlockServiceDatabase
LockServiceDatabase
StartServiceA
GetTokenInformation
EqualSid
EnumDependentServicesW
FreeInheritedFromArray
SetSecurityInfo
LookupPrivilegeNameA
GetAclInformation
InitializeAcl
RegQueryValueExW
RegCloseKey
RegGetKeySecurity
SetEntriesInAclA
SetSecurityDescriptorDacl
RegRestoreKeyW
GetInheritanceSourceW
LookupAccountSidW
DeleteService
FreeSid
ChangeServiceConfigW
OpenServiceW
ChangeServiceConfig2W
ControlService
AdjustTokenPrivileges
IsValidAcl
RegSaveKeyW
GetAce
GetSecurityDescriptorControl
LookupPrivilegeValueA
GetNamedSecurityInfoW
QueryServiceStatus
RegEnumValueW

kernel32

EnterCriticalSection
HeapReAlloc
GetACP
HeapFree
GetOEMCP
IsDebuggerPresent
VirtualFree
SetEndOfFile
LCMapStringA
RtlUnwind
VirtualAlloc
GetTimeZoneInformation
SetFilePointer
WriteFile
GetLocaleInfoA
GetCPInfo
LeaveCriticalSection
CompareStringA
WriteConsoleA
FreeLibrary
EnumResourceTypesA
GetDateFormatA
GetStringTypeW
CompareStringW
GetConsoleOutputCP
IsValidCodePage
GetTimeFormatA
QueryPerformanceCounter
UnhandledExceptionFilter
CreateNamedPipeA
HeapSize
MultiByteToWideChar
RaiseException
GetCurrentProcess
LoadLibraryA
HeapCreate
GetTickCount
GetSystemTimeAsFileTime
ReadFile
LCMapStringW
SetStdHandle
GetCurrentProcessId
HeapDestroy
TerminateProcess
InitializeCriticalSection
SetEnvironmentVariableA
SetUnhandledExceptionFilter
GetStringTypeA

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

653e247f037f6253d750277575d6b8a2

Headers

File Characteristics

Imports

mprapi

newdev

oleacc

shell32

advapi32

kernel32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 3KB - Virtual size: 407KB

.data Size: 113KB - Virtual size: 113KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 3KB - Virtual size: 407KB

.data
Size: 113KB - Virtual size: 113KB

.rsrc
Size: 512B - Virtual size: 4KB