3e18aa84bd3d8827080edb2516718b9f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e18aa84bd3d8827080edb2516718b9f_JaffaCakes118
Size

164KB
MD5

3e18aa84bd3d8827080edb2516718b9f
SHA1

5d0659e81f7f031e952dfa7e31f187ef4b859389
SHA256

72ed45c4438148a9e0a3e40bdba859676cb0976a6710c3e2663304b1f0365d8f
SHA512

ce6773d88537966e4a368242157c1f8a066d4a99ab7ad1931531c4f438019e091260c938225487dfc91ef85f0dbd904f2d09ea82789ab6f3a88dc7e18bba6bf9
SSDEEP

3072:vsQW0GPMjh0YmVZvhrmlRtZiZfw1olHA+P6BmPxR+GZLH+aBxi3W:v1RhDmPvRmlliZfBg46wxR+gH+aj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e18aa84bd3d8827080edb2516718b9f_JaffaCakes118

Files

3e18aa84bd3d8827080edb2516718b9f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d45ad06a0be07546cd58ead6245ba219

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

advapi32

RegDeleteValueW
QueryServiceConfigW
AllocateAndInitializeSid
EnumDependentServicesW
RegSaveKeyW
RegGetKeySecurity
IsValidAcl
StartServiceA
RegSetValueExW
GetSecurityInfo
FreeInheritedFromArray
RegEnumKeyExW
SetSecurityDescriptorDacl
ChangeServiceConfig2W
SetSecurityInfo
UnlockServiceDatabase
LookupPrivilegeNameA
LookupAccountSidW
RegCloseKey
SetEntriesInAclW
SetNamedSecurityInfoW
EqualSid
GetAce
LookupPrivilegeValueA
GetInheritanceSourceW
FreeSid
RegOpenKeyExW
DeleteService
RegQueryValueExW
CloseServiceHandle
GetSecurityDescriptorControl
GetNamedSecurityInfoW
OpenSCManagerW
InitializeAcl
RegRestoreKeyW
GetAclInformation
IsValidSecurityDescriptor
AdjustTokenPrivileges
CreateServiceW
OpenProcessToken
ChangeServiceConfigW
QueryServiceStatus
LockServiceDatabase
InitializeSecurityDescriptor
SetEntriesInAclA
GetTokenInformation
QueryServiceLockStatusW
RegDeleteKeyW
RegCreateKeyExW
AddAce
LookupPrivilegeDisplayNameA
OpenServiceW
ControlService
RegEnumValueW

newdev

UpdateDriverForPlugAndPlayDevicesW

shell32

SHGetFolderPathW

oleacc

LresultFromObject
AccessibleObjectFromPoint

kernel32

SetEnvironmentVariableA
GetTimeZoneInformation
SetUnhandledExceptionFilter
HeapFree
LoadLibraryA
RaiseException
TerminateProcess
IsDebuggerPresent
HeapCreate
GetConsoleOutputCP
GetOEMCP
QueryPerformanceCounter
LCMapStringA
GetTimeFormatA
GetDateFormatA
SetEndOfFile
LeaveCriticalSection
InitializeCriticalSection
UnhandledExceptionFilter
VirtualAlloc
EnumResourceTypesA
LCMapStringW
GetLocaleInfoA
GetCurrentProcess
MultiByteToWideChar
FreeLibrary
HeapDestroy
GetCPInfo
VirtualFree
CreateNamedPipeW
CompareStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapSize
WriteFile
SetFilePointer
GetStringTypeW
GetACP
EnterCriticalSection
ReadFile
IsValidCodePage
HeapReAlloc
WriteConsoleA
RtlUnwind
GetTickCount
SetStdHandle
CompareStringW
GetStringTypeA

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d45ad06a0be07546cd58ead6245ba219

Headers

File Characteristics

Imports

mprapi

advapi32

newdev

shell32

oleacc

kernel32

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 3KB - Virtual size: 407KB

.data Size: 99KB - Virtual size: 99KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 3KB - Virtual size: 407KB

.data
Size: 99KB - Virtual size: 99KB

.rsrc
Size: 512B - Virtual size: 4KB