3ac864d2c0f455aad5699efe7cdef0b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ac864d2c0f455aad5699efe7cdef0b9_JaffaCakes118
Size

179KB
MD5

3ac864d2c0f455aad5699efe7cdef0b9
SHA1

907ef30ad9b0d1399167a106b463843366f88b09
SHA256

c5916e136942e216fd9d5e60975d067e85823775be958cfad586cb806c97ca83
SHA512

bdee52e3d7a73e3ae65224aba085f86da3302fcf8784695432f04eb787a9db6632793848222230596af46f871c5ade5f89e75d96c0bda717703c9f27b259eccb
SSDEEP

3072:04kUS9MPT32xWPr9cNcG66z4BQQ30rU+cEPQ66/NCPx2yBSf9KcsYdoMtV5RGjBG:YUqY72eeev6mQpl4fCP4yBS9KV0V5RwB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ac864d2c0f455aad5699efe7cdef0b9_JaffaCakes118

Files

3ac864d2c0f455aad5699efe7cdef0b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6b390de50f906fd1ad792728487945eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

advapi32

StartServiceA
UnlockServiceDatabase
LookupPrivilegeNameA
LookupAccountSidW
OpenProcessToken
RegCreateKeyExW
GetTokenInformation
RegGetKeySecurity
RegCloseKey
LockServiceDatabase
GetAclInformation
RegSetValueExW
RegRestoreKeyW
GetNamedSecurityInfoW
IsValidAcl
RegDeleteKeyW
FreeInheritedFromArray
GetInheritanceSourceW
OpenServiceW
SetEntriesInAclA
AdjustTokenPrivileges
GetSecurityInfo
AddAce
DeleteService
RegEnumKeyExW
GetSecurityDescriptorControl
FreeSid
ChangeServiceConfig2W
RegSaveKeyW
SetSecurityDescriptorDacl
ChangeServiceConfigW
SetEntriesInAclW
CloseServiceHandle
EnumDependentServicesW
CreateServiceW
EqualSid
LookupPrivilegeDisplayNameA
QueryServiceStatus
QueryServiceLockStatusW
InitializeSecurityDescriptor
LookupPrivilegeValueA
InitializeAcl
RegDeleteValueW
QueryServiceConfigW
ControlService
AllocateAndInitializeSid
RegOpenKeyExW
RegQueryValueExW
GetAce
SetSecurityInfo
IsValidSecurityDescriptor
OpenSCManagerW
SetNamedSecurityInfoW
RegEnumValueW

shell32

SHGetFolderPathW

kernel32

HeapCreate
SetUnhandledExceptionFilter
GetOEMCP
HeapFree
CompareStringA
SetFilePointer
GetCurrentProcess
EnterCriticalSection
ReadFile
GetACP
InitializeCriticalSection
SetEndOfFile
LCMapStringA
QueryPerformanceCounter
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
HeapDestroy
FreeLibrary
GetCurrentProcessId
VirtualFree
TerminateProcess
EnumResourceTypesW
GetCPInfo
LoadLibraryA
VirtualAlloc
MultiByteToWideChar
GetTimeFormatA
GetDateFormatA
CompareStringW
SetStdHandle
RtlUnwind
ResetWriteWatch
GetTimeZoneInformation
SetEnvironmentVariableA
LeaveCriticalSection
UnhandledExceptionFilter
HeapSize
RaiseException
IsValidCodePage
WriteFile
LCMapStringW
IsDebuggerPresent
HeapReAlloc
GetStringTypeW
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeA

oleacc

LresultFromObject
AccessibleObjectFromPoint

newdev

UpdateDriverForPlugAndPlayDevicesW

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b390de50f906fd1ad792728487945eb

Headers

File Characteristics

Imports

mprapi

advapi32

shell32

kernel32

oleacc

newdev

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 3KB - Virtual size: 151KB

.data Size: 110KB - Virtual size: 109KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 3KB - Virtual size: 151KB

.data
Size: 110KB - Virtual size: 109KB

.rsrc
Size: 512B - Virtual size: 4KB