b03cdc76fda8ca402cb642635da06fcd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b03cdc76fda8ca402cb642635da06fcd_JaffaCakes118
Size

431KB
MD5

b03cdc76fda8ca402cb642635da06fcd
SHA1

b6fabf59f09047ce6562afe92c9f1355ec481855
SHA256

8d6e514aeadc2b07c783ac2269e0228eebf0a4f97e095299b190f2d33820b461
SHA512

a8c27994634527d2f611340c3c4e6b7a79407817d302da651f9580d76a9e1957e11e8066b54c80102038fd5d639a0e7ab1c887b02e4e46c9ca9c5f1bc422edf2
SSDEEP

6144:bmgTw2Q+RjirTqM7dZ2QjwN/KTLbd7F0HPLFDTFTg33KRcL4YBGUu:bbw2Q+Rjg+4ZsNiTLRGLF1Tg33qcs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b03cdc76fda8ca402cb642635da06fcd_JaffaCakes118

Files

b03cdc76fda8ca402cb642635da06fcd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0da43f01fbe252f25664874ad354968d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ReuseDDElParam

advapi32

AddAccessDeniedAce
LsaRemoveAccountRights
ElfReadEventLogW
ObjectDeleteAuditAlarmA
LsaClose
RegSaveKeyW
SetFileSecurityA
LsaICLookupNames
RegEnumKeyA
BuildImpersonateTrusteeA
RegCloseKey
LsaQueryInfoTrustedDomain
TraceEventInstance
TrusteeAccessToObjectA
GetEffectiveRightsFromAclW
ObjectDeleteAuditAlarmW
QueryServiceConfigW
LsaStorePrivateData
InitializeSecurityDescriptor
LsaOpenPolicy
SetEntriesInAccessListA
OpenServiceW
CryptDuplicateHash
ReadEventLogA
RegDeleteKeyW
SystemFunction008
ControlService
AllocateAndInitializeSid
ConvertSecurityDescriptorToStringSecurityDescriptorW
QueryServiceConfigA
StartServiceCtrlDispatcherW

kernel32

GlobalFree
LockFile
lstrlenA
ExitProcess
ExpandEnvironmentStringsA
GetModuleFileNameA
CreateDirectoryExA
FindNextVolumeMountPointA

setupapi

SetupDiCreateDeviceInterfaceW
SetupQueueCopyIndirectA
SetupAddToSourceListA
SetupQueueRenameW
CM_Free_Log_Conf_Handle
CM_Get_Device_ID_ExW
CM_Unregister_Device_InterfaceA
SetupDiGetClassImageListExA
SetupSetDirectoryIdA
SetupDiGetDeviceInfoListDetailA
CM_Open_Class_Key_ExW
CM_Detect_Resource_Conflict
CM_Get_HW_Prof_Flags_ExW
SetupDiBuildClassInfoListExA
CM_Disable_DevNode_Ex
SetupGetMultiSzFieldW
SetupDiClassNameFromGuidExA
SetupSetFileQueueAlternatePlatformA
SetupGetFileCompressionInfoA
CM_Query_And_Remove_SubTree_ExW
CM_Get_Class_Key_Name_ExA
SetupDiGetDriverInstallParamsW
SetupLogErrorW
SetupDiCreateDeviceInterfaceRegKeyW
CM_Set_DevNode_Registry_PropertyW
SetupGetMultiSzFieldA
SetupBackupErrorA
SetupCloseLog
SetupQueryInfVersionInformationW
SetupDiClassNameFromGuidExW
CM_Query_And_Remove_SubTree_ExA

msacm32

acmStreamPrepareHeader
acmFilterDetailsW
acmFormatChooseA
acmFormatDetailsA
acmStreamConvert
acmMessage32
acmFormatTagEnumW
acmDriverOpen
acmDriverAddW
acmDriverClose
acmFormatTagDetailsA
acmFilterTagDetailsA
acmFormatTagDetailsW
acmFilterTagDetailsW
acmFilterEnumA
acmGetVersion
acmStreamReset
acmFilterChooseA
acmFormatEnumA
acmFormatTagEnumA
acmStreamClose
acmFilterTagEnumW
acmStreamUnprepareHeader
acmFormatSuggest

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0da43f01fbe252f25664874ad354968d

Headers

File Characteristics

Imports

user32

advapi32

kernel32

setupapi

msacm32

Sections

.text Size: 155KB - Virtual size: 154KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 36KB - Virtual size: 423KB

.rsrc Size: 228KB - Virtual size: 227KB

.text
Size: 155KB - Virtual size: 154KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 36KB - Virtual size: 423KB

.rsrc
Size: 228KB - Virtual size: 227KB