8c18bad40e1ba934e329a7c7e29b9384_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8c18bad40e1ba934e329a7c7e29b9384_JaffaCakes118
Size

140KB
MD5

8c18bad40e1ba934e329a7c7e29b9384
SHA1

6926d8c429eb9a80a479486c8df80cbd9cab52d9
SHA256

677ded4f341677118e3935aee3ebe65431cf894c63f21b6471cba07a29422d93
SHA512

73c4b704684d419965de2403ffd1e4ab8a969eab88b57f08bb0f5fc0cdf81f3e0fccfba8a4ebf55396894229474a652288189125fad477cf84a9608d1f22af2a
SSDEEP

3072:m9MYhH9BRvCDjPIZ7D1V3vDAcohAIbMqx:KUjPmP1xvDAc0AyMU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c18bad40e1ba934e329a7c7e29b9384_JaffaCakes118

Files

8c18bad40e1ba934e329a7c7e29b9384_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eb6c7351a3a2bb8fd01f6cbcd08792ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenSCManagerW
GetAclInformation
InitializeAcl
RegDeleteValueW
CreateServiceW
OpenThreadToken
GetLengthSid
RegQueryValueExW
RegCreateKeyExA
ChangeServiceConfig2W
InitializeSecurityDescriptor
LookupAccountNameW
GetSecurityDescriptorOwner
LookupPrivilegeValueW
OpenServiceW
EnumServicesStatusW
GetSidSubAuthorityCount
RegOpenKeyExA
LookupAccountSidA
DestroyPrivateObjectSecurity
RegUnLoadKeyA
RegSetValueExA
CloseServiceHandle
RegOpenKeyA
RegEnumValueW
GetFileSecurityW
LookupAccountSidW
StartServiceCtrlDispatcherW
SetThreadToken
CreateProcessAsUserW
GetSidSubAuthority
GetSidLengthRequired
OpenProcessToken
RegDeleteKeyA
RegCloseKey
InitializeSid
SetEntriesInAclW
RegisterEventSourceW
RegGetKeySecurity
GetSecurityDescriptorDacl
RegRestoreKeyW
GetSecurityDescriptorLength
AllocateLocallyUniqueId
SetServiceStatus
RegEnumKeyW
RegConnectRegistryA
RegFlushKey
RegQueryValueW
RegSetValueW
OpenEventLogW
StartServiceW
AccessCheck
OpenSCManagerA
AllocateAndInitializeSid
RegSetValueExW
RegEnumKeyExA

winmm

midiInGetErrorTextW
timeKillEvent
waveInAddBuffer
timeSetEvent
CloseDriver
timeGetTime
mciSendCommandW
PlaySoundA
waveOutGetDevCapsW
midiInPrepareHeader
mmioSendMessage
waveOutPause
joyGetThreshold
waveOutMessage
midiOutGetDevCapsA
joyGetDevCapsW
waveInGetErrorTextW
waveInGetPosition
DefDriverProc
waveOutReset
mixerGetControlDetailsW
mciGetErrorStringW
mixerGetLineControlsW
auxGetVolume
mixerMessage
waveOutGetDevCapsA
waveOutOpen
mixerGetID
waveInOpen
waveInGetDevCapsA
waveInPrepareHeader
mmioRenameA
midiInGetDevCapsW
waveInGetDevCapsW
midiInMessage
timeEndPeriod
sndPlaySoundW
mmioCreateChunk
mciSendStringW
waveOutRestart
mixerGetLineControlsA
mixerSetControlDetails
mixerGetNumDevs
mixerGetLineInfoW

version

VerFindFileA
VerFindFileW
VerQueryValueW

imm32

ImmGetProperty
ImmIsUIMessageA
ImmGetIMEFileNameW

kernel32

FileTimeToLocalFileTime
GetThreadContext
GlobalFindAtomW
FindFirstChangeNotificationW
GetTimeZoneInformation
DisableThreadLibraryCalls
GetDiskFreeSpaceExA
ZombifyActCtx
AddRefActCtx
FindResourceW

imagehlp

SearchTreeForFile
MapFileAndCheckSumA
EnumerateLoadedModules
ImageGetDigestStream
ImageLoad
ReBaseImage
ImageAddCertificate
SymGetSearchPath
SymCleanup
SymGetSymFromName

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb6c7351a3a2bb8fd01f6cbcd08792ea

Headers

File Characteristics

Imports

advapi32

winmm

version

imm32

kernel32

imagehlp

Sections

.text Size: 92KB - Virtual size: 88KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 20KB - Virtual size: 48KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 48KB

.rsrc
Size: 16KB - Virtual size: 14KB