3577abb31386e2a39d7617ead5d08781_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3577abb31386e2a39d7617ead5d08781_JaffaCakes118
Size

176KB
MD5

3577abb31386e2a39d7617ead5d08781
SHA1

dd20ac409e582b9ce2d5f12ab535901cb8d819fc
SHA256

824f1905bf679d21a9b0d8e58ecbbee0798e069f0d465437480fe290278ce45d
SHA512

818765b1a75c6b377febae29de2b6edbff37a42839797c1679fb27259a5b99ff0357478dec4674d61e9f2a5c7af46b4d9c589fed7d61c32765fc5f4cb7423b3e
SSDEEP

3072:Y2PhfkfYJlt4QVkv4I5uEWn+RgUClvzAjIFY+dW7MKEOJcPQugQFbp7pJ+Z006Pe:HsfY+ecVujn+R33I3dRbnPD3lDPVXixh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3577abb31386e2a39d7617ead5d08781_JaffaCakes118

Files

3577abb31386e2a39d7617ead5d08781_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3335a9c5bec402d89098431954938448

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

shell32

SHGetFolderPathW

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

GetCPInfo
CompareStringW
QueryPerformanceCounter
FreeLibrary
HeapFree
LeaveCriticalSection
GetTickCount
GetCurrentProcess
VirtualAlloc
SetEnvironmentVariableA
EnterCriticalSection
InitializeCriticalSection
UnhandledExceptionFilter
HeapReAlloc
WriteConsoleA
LoadLibraryA
SetUnhandledExceptionFilter
GetConsoleOutputCP
GetTimeZoneInformation
SetFilePointer
GetOEMCP
RaiseException
GetACP
IsDebuggerPresent
EnumResourceTypesA
GetDateFormatA
HeapCreate
VirtualFree
LCMapStringA
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
MultiByteToWideChar
LCMapStringW
SetStdHandle
GetStringTypeW
IsValidCodePage
CreateMailslotW
RtlUnwind
WriteFile
SetEndOfFile
ReadFile
TerminateProcess
GetTimeFormatA
GetCurrentProcessId
HeapDestroy
CompareStringA
GetStringTypeA

advapi32

ChangeServiceConfig2W
RegCloseKey
ControlService
RegDeleteKeyW
DeleteService
LookupAccountSidW
RegSetValueExW
SetSecurityDescriptorDacl
EnumDependentServicesW
LookupPrivilegeDisplayNameA
GetAclInformation
RegOpenKeyExW
GetNamedSecurityInfoW
CreateServiceW
SetSecurityInfo
InitializeAcl
GetTokenInformation
QueryServiceStatus
UnlockServiceDatabase
FreeSid
RegSaveKeyW
RegRestoreKeyW
SetEntriesInAclA
OpenSCManagerW
LockServiceDatabase
RegEnumKeyExW
GetAce
StartServiceA
AddAce
QueryServiceLockStatusW
OpenProcessToken
QueryServiceConfigW
RegGetKeySecurity
SetEntriesInAclW
IsValidAcl
CloseServiceHandle
InitializeSecurityDescriptor
RegDeleteValueW
FreeInheritedFromArray
RegQueryValueExW
OpenServiceW
AllocateAndInitializeSid
EqualSid
GetSecurityDescriptorControl
SetNamedSecurityInfoW
RegCreateKeyExW
ChangeServiceConfigW
GetSecurityInfo
LookupPrivilegeNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
IsValidSecurityDescriptor
GetInheritanceSourceW
RegEnumValueW

oleacc

LresultFromObject
AccessibleObjectFromPoint

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3335a9c5bec402d89098431954938448

Headers

File Characteristics

Imports

mprapi

shell32

newdev

kernel32

advapi32

oleacc

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 3KB - Virtual size: 155KB

.data Size: 128KB - Virtual size: 128KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 3KB - Virtual size: 155KB

.data
Size: 128KB - Virtual size: 128KB

.rsrc
Size: 512B - Virtual size: 4KB