318380209d51135b72bb6eb86f38c333_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

318380209d51135b72bb6eb86f38c333_JaffaCakes118
Size

177KB
MD5

318380209d51135b72bb6eb86f38c333
SHA1

ca8e98b5b2eadb69774a55bbf522e12bc714a732
SHA256

12a42b97134e30823c56e5c5bd70c60af002e9bce223c5eb9dea6d4e31cfdcd3
SHA512

8c014ebf95d177afddaf4177d95db96ebf1503a341b2fa70fe4750dac63f5778935d13d8bced4d0a9d974d4351c5a1354b6cb3a2f9923058f03455f708a96098
SSDEEP

3072:ROiYo1BH+9hdxRc0B+Lxk5McwcBNkmBLYF5lY8pmVfe+63ESW1XLqmjKFaHw4kw0:z51N+LV3B+G5McwcBVB8q8picEVXL/jP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
318380209d51135b72bb6eb86f38c333_JaffaCakes118

Files

318380209d51135b72bb6eb86f38c333_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2946e8da3f2987e7c44d1ec17189bd04

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

advapi32

RegSetValueExW
ChangeServiceConfig2W
InitializeSecurityDescriptor
QueryServiceLockStatusW
DeleteService
GetSecurityInfo
ControlService
CloseServiceHandle
SetSecurityDescriptorDacl
LockServiceDatabase
CreateServiceW
InitializeAcl
OpenServiceW
RegDeleteValueW
RegCreateKeyExW
GetTokenInformation
LookupPrivilegeValueA
GetSecurityDescriptorControl
QueryServiceStatus
SetNamedSecurityInfoW
AllocateAndInitializeSid
GetInheritanceSourceW
StartServiceA
AddAce
RegGetKeySecurity
GetAclInformation
ChangeServiceConfigW
RegDeleteKeyW
FreeSid
RegSaveKeyW
SetSecurityInfo
QueryServiceConfigW
GetNamedSecurityInfoW
UnlockServiceDatabase
LookupPrivilegeNameA
RegQueryValueExW
SetEntriesInAclW
RegRestoreKeyW
RegCloseKey
EnumDependentServicesW
IsValidAcl
FreeInheritedFromArray
RegOpenKeyExW
SetEntriesInAclA
EqualSid
OpenProcessToken
OpenSCManagerW
LookupAccountSidW
LookupPrivilegeDisplayNameA
AdjustTokenPrivileges
RegEnumKeyExW
GetAce
IsValidSecurityDescriptor
RegEnumValueW

kernel32

GetStringTypeW
GetSystemTimeAsFileTime
SetStdHandle
RtlUnwind
VirtualFree
GetLocaleInfoA
GetTimeZoneInformation
WriteConsoleA
HeapFree
GetCurrentProcessId
TerminateProcess
GetCPInfo
GetConsoleOutputCP
SetEnvironmentVariableA
VirtualAlloc
QueryPerformanceCounter
GetDateFormatA
InitializeCriticalSection
GetTickCount
HeapReAlloc
EnumResourceTypesA
SetUnhandledExceptionFilter
MultiByteToWideChar
GetTimeFormatA
LCMapStringW
LCMapStringA
IsDebuggerPresent
GetCurrentProcess
FreeLibrary
CreateNamedPipeA
LeaveCriticalSection
HeapDestroy
RaiseException
CompareStringA
GetOEMCP
SetFilePointer
ReadFile
WriteFile
EnterCriticalSection
HeapCreate
SetEndOfFile
GetACP
UnhandledExceptionFilter
IsValidCodePage
HeapSize
LoadLibraryA
CompareStringW
GetStringTypeA

newdev

UpdateDriverForPlugAndPlayDevicesW

oleacc

LresultFromObject
AccessibleObjectFromPoint

shell32

SHGetFolderPathW

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2946e8da3f2987e7c44d1ec17189bd04

Headers

File Characteristics

Imports

mprapi

advapi32

kernel32

newdev

oleacc

shell32

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 3KB - Virtual size: 151KB

.data Size: 125KB - Virtual size: 124KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 3KB - Virtual size: 151KB

.data
Size: 125KB - Virtual size: 124KB

.rsrc
Size: 512B - Virtual size: 4KB