29e39ea686f361175235933d17250ab2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29e39ea686f361175235933d17250ab2_JaffaCakes118
Size

162KB
MD5

29e39ea686f361175235933d17250ab2
SHA1

823af35407f05bfa203c809533206665ac6756ac
SHA256

5dbf0aad1f35a3716c1830c27cecff6185ae2224bff5c90d27fc9b4172af7c36
SHA512

034653cd6735bf501626fcf2102c1a2303366868826115b30d5e0f88396950e0d9091cde3ba16a5934237436549691ff81bea70b4212e4aef74ea1ad67583a0b
SSDEEP

3072:ixrUWUhNqJQPoY0QK8URlzMIC36tG50/dgXT5fAFEqWRHtA6BH:SrpJOoYm88Y6E/XTOuqWh+6B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29e39ea686f361175235933d17250ab2_JaffaCakes118

Files

29e39ea686f361175235933d17250ab2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

06ded716f6de5869ae9040bbc2347ed3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

advapi32

CreateServiceW
InitializeSecurityDescriptor
GetAce
CloseServiceHandle
GetSecurityInfo
UnlockServiceDatabase
QueryServiceStatus
RegGetKeySecurity
ChangeServiceConfig2W
LookupPrivilegeDisplayNameA
QueryServiceConfigW
SetEntriesInAclA
GetInheritanceSourceW
FreeInheritedFromArray
OpenProcessToken
FreeSid
GetSecurityDescriptorControl
SetEntriesInAclW
RegCloseKey
GetAclInformation
LookupAccountSidW
EnumDependentServicesW
LookupPrivilegeNameA
RegOpenKeyExW
RegEnumKeyExW
DeleteService
RegRestoreKeyW
RegDeleteKeyW
LockServiceDatabase
RegCreateKeyExW
EqualSid
RegDeleteValueW
OpenSCManagerW
AllocateAndInitializeSid
GetTokenInformation
LookupPrivilegeValueA
IsValidAcl
RegQueryValueExW
RegSetValueExW
QueryServiceLockStatusW
RegSaveKeyW
AdjustTokenPrivileges
SetSecurityInfo
InitializeAcl
GetNamedSecurityInfoW
AddAce
ControlService
OpenServiceW
SetNamedSecurityInfoW
ChangeServiceConfigW
IsValidSecurityDescriptor
StartServiceA
SetSecurityDescriptorDacl
RegEnumValueW

kernel32

LeaveCriticalSection
InitializeCriticalSection
GetOEMCP
GetDateFormatA
SetStdHandle
HeapFree
WriteConsoleA
QueryPerformanceCounter
SetEnvironmentVariableA
GetACP
SetUnhandledExceptionFilter
CompareStringW
GetSystemTimeAsFileTime
GetCurrentProcess
SetEndOfFile
ReadFile
TerminateProcess
UnhandledExceptionFilter
HeapCreate
IsDebuggerPresent
GetLocaleInfoA
CompareStringA
HeapReAlloc
EnumResourceTypesA
GetCPInfo
VirtualFree
GetTimeFormatA
HeapSize
EnterCriticalSection
GetConsoleOutputCP
CreateMailslotW
HeapDestroy
GetCurrentProcessId
LoadLibraryA
GetTimeZoneInformation
FreeLibrary
IsValidCodePage
GetStringTypeW
RtlUnwind
LCMapStringW
RaiseException
MultiByteToWideChar
GetTickCount
LCMapStringA
VirtualAlloc
WriteFile
SetFilePointer
GetStringTypeA

newdev

UpdateDriverForPlugAndPlayDevicesW

oleacc

LresultFromObject
AccessibleObjectFromPoint

shell32

SHGetFolderPathW

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06ded716f6de5869ae9040bbc2347ed3

Headers

File Characteristics

Imports

mprapi

advapi32

kernel32

newdev

oleacc

shell32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 3KB - Virtual size: 411KB

.data Size: 117KB - Virtual size: 116KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 3KB - Virtual size: 411KB

.data
Size: 117KB - Virtual size: 116KB

.rsrc
Size: 512B - Virtual size: 4KB