25be4d57dd9fe87432c43ee2e00c4963_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25be4d57dd9fe87432c43ee2e00c4963_JaffaCakes118
Size

266KB
MD5

25be4d57dd9fe87432c43ee2e00c4963
SHA1

6ebfeedf880ade7c953ff81cc824d6164d460b63
SHA256

f3fa02e4f4285df518eff88495953e2519e1257934d34c5096276797ba3eb173
SHA512

a002254dfdfb30a3d326ec05d462a86263187d5b8186b6d6aca19a64ea29e098a98beff5c632e92c6d1ed4568e2b8bc822a7fe1b6621d3c7ab35398576c9c840
SSDEEP

6144:dNuLSwAWQDtKdwlzf1HDIA+wL7Hz3I8WlVmMXoFQRr:dNoSwvKtKKj1H3L7TVwoMXc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25be4d57dd9fe87432c43ee2e00c4963_JaffaCakes118

Files

25be4d57dd9fe87432c43ee2e00c4963_JaffaCakes118
.exe windows:4 windows x86 arch:x86

76a296a3da261cb7aae3e03c5641dbd1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

shell32

SHGetFolderPathW

kernel32

SetEndOfFile
GetOEMCP
WriteFile
WriteConsoleA
GetCurrentProcessId
ReadFile
GetCurrentProcess
InitializeCriticalSection
HeapFree
CompareStringA
HeapCreate
HeapDestroy
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetStdHandle
GetConsoleOutputCP
EnterCriticalSection
GetTickCount
CompareStringW
GetLocaleInfoA
SetEnvironmentVariableA
SetFilePointer
LoadLibraryA
RtlUnwind
TerminateProcess
HeapSize
VirtualFree
EnumResourceTypesA
LeaveCriticalSection
RaiseException
GetSystemTimeAsFileTime
CreateNamedPipeA
GetDateFormatA
LCMapStringA
GetStringTypeW
LCMapStringW
GetCPInfo
GetTimeFormatA
GetACP
HeapReAlloc
GetTimeZoneInformation
QueryPerformanceCounter
IsDebuggerPresent
VirtualAlloc
MultiByteToWideChar
IsValidCodePage
FreeLibrary
GetStringTypeA

advapi32

RegCreateKeyExW
EqualSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerW
LookupPrivilegeValueA
EnumDependentServicesW
RegOpenKeyExW
GetSecurityInfo
OpenProcessToken
InitializeAcl
GetAclInformation
RegDeleteKeyW
DeleteService
LookupPrivilegeNameA
GetSecurityDescriptorControl
AdjustTokenPrivileges
LookupPrivilegeDisplayNameA
ChangeServiceConfigW
FreeInheritedFromArray
RegDeleteValueW
AddAce
CloseServiceHandle
RegRestoreKeyW
SetSecurityInfo
GetInheritanceSourceW
GetNamedSecurityInfoW
GetTokenInformation
GetAce
UnlockServiceDatabase
QueryServiceStatus
QueryServiceConfigW
RegEnumKeyExW
CreateServiceW
LookupAccountSidW
RegSetValueExW
SetNamedSecurityInfoW
OpenServiceW
AllocateAndInitializeSid
FreeSid
SetEntriesInAclA
IsValidSecurityDescriptor
RegCloseKey
RegGetKeySecurity
QueryServiceLockStatusW
SetEntriesInAclW
ControlService
RegSaveKeyW
RegQueryValueExW
IsValidAcl
ChangeServiceConfig2W
LockServiceDatabase
StartServiceA
RegEnumValueW

newdev

UpdateDriverForPlugAndPlayDevicesW

oleacc

LresultFromObject
AccessibleObjectFromPoint

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76a296a3da261cb7aae3e03c5641dbd1

Headers

File Characteristics

Imports

mprapi

shell32

kernel32

advapi32

newdev

oleacc

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 3KB - Virtual size: 151KB

.data Size: 203KB - Virtual size: 203KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 3KB - Virtual size: 151KB

.data
Size: 203KB - Virtual size: 203KB

.rsrc
Size: 512B - Virtual size: 4KB