3ecfef2af911713d79bcd01956b73673_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ecfef2af911713d79bcd01956b73673_JaffaCakes118
Size

168KB
MD5

3ecfef2af911713d79bcd01956b73673
SHA1

ce782c25b0c19eb189d1cec9cb5149d10fe8cf95
SHA256

d47276aff261bc3e42a839e277c76312428c8f6a7022261d4f787b7c36e414ef
SHA512

16b38f5e3cec2d6c105c9d4d0f807b63a897f95edee2b62f9304e11faf418a5790c95bb68f375580fcbec2f2e41d1d6fe2329b4f43746ad8736df7735ff76ea1
SSDEEP

3072:0tvNMI/Wnu4Jfk2Qotg/dOmemVxXZ6FcPT3fXtY+qXj0ih7ydsbyTEqfs8P:0tvNv/OzfjyEDmLXdfdYJTl7yds+Tzf7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ecfef2af911713d79bcd01956b73673_JaffaCakes118

Files

3ecfef2af911713d79bcd01956b73673_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a745bf151bf8107fa60d30c6388fd9c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

newdev

UpdateDriverForPlugAndPlayDevicesW

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

advapi32

InitializeAcl
LookupPrivilegeNameA
LockServiceDatabase
RegRestoreKeyW
GetAce
RegSetValueExW
IsValidAcl
GetNamedSecurityInfoW
RegSaveKeyW
QueryServiceLockStatusW
GetInheritanceSourceW
AddAce
DeleteService
GetSecurityInfo
RegDeleteValueW
QueryServiceConfigW
LookupPrivilegeDisplayNameA
RegGetKeySecurity
LookupAccountSidW
FreeInheritedFromArray
SetSecurityInfo
CloseServiceHandle
QueryServiceStatus
SetEntriesInAclW
UnlockServiceDatabase
IsValidSecurityDescriptor
GetSecurityDescriptorControl
GetTokenInformation
RegOpenKeyExW
OpenServiceW
OpenProcessToken
FreeSid
SetSecurityDescriptorDacl
SetEntriesInAclA
OpenSCManagerW
RegCloseKey
ChangeServiceConfig2W
GetAclInformation
RegEnumKeyExW
AllocateAndInitializeSid
InitializeSecurityDescriptor
CreateServiceW
ControlService
RegDeleteKeyW
SetNamedSecurityInfoW
EnumDependentServicesW
LookupPrivilegeValueA
ChangeServiceConfigW
StartServiceA
RegCreateKeyExW
RegQueryValueExW
EqualSid
AdjustTokenPrivileges
RegEnumValueW

iphlpapi

GetIpAddrTable

rpcrt4

UuidCreate

kernel32

CreateDirectoryW
GetStringTypeW
GetCalendarInfoW
GetTimeFormatA
TlsSetValue
CloseHandle
GetModuleFileNameA
CreateFileMappingA
GetSystemDirectoryW
WriteConsoleW
GetCurrentProcess
UnmapViewOfFile
GetProcessHeap
TlsAlloc
WaitForSingleObject
MapViewOfFile
FileTimeToLocalFileTime
RtlUnwind
FreeEnvironmentStringsA
ReadFile
SetEnvironmentVariableA
TerminateProcess
InterlockedIncrement
Sleep
HeapAlloc
SetStdHandle
IsDebuggerPresent
LCMapStringA
GetDateFormatA
TlsFree
ResetEvent
CreateFileW
TlsGetValue
GetEnvironmentStringsW
VirtualFree
DeleteCriticalSection
GetCommandLineA
CreateProcessW
GetModuleHandleA
HeapSize
GetCPInfo
SetUnhandledExceptionFilter
GetLastError
GetLocaleInfoA
GetEnvironmentStrings
GetExitCodeProcess
FileTimeToSystemTime
InterlockedDecrement
QueryPerformanceCounter
WriteConsoleA
RaiseException
GetConsoleCP
GetACP
CompareStringA
CreateFileA
SetHandleCount
CancelWaitableTimer
GetSystemTimeAsFileTime
GetProcAddress
CopyFileW
CompareStringW
GetCurrentProcessId
LCMapStringW
GetVersionExW
CreateThread
UnhandledExceptionFilter
LoadLibraryA
EnumResourceNamesA
HeapDestroy
LoadLibraryExW
GetModuleHandleW
WideCharToMultiByte
SetLastError
GetTempPathW
IsValidCodePage
FreeEnvironmentStringsW
InitializeCriticalSection
WriteFile
VirtualAlloc
ExpandEnvironmentStringsW
FreeLibrary
MultiByteToWideChar
GetCurrentThreadId
FlushFileBuffers
GetEnvironmentVariableW
GetConsoleMode
DeleteFileW
CreateEventA
SetEndOfFile
DeviceIoControl
GetTimeZoneInformation
GetConsoleOutputCP
MoveFileExW
InitializeCriticalSection
SetWaitableTimer
LeaveCriticalSection
LocalFree
SetFilePointer
SystemTimeToFileTime
HeapCreate
GetTickCount
SetEvent
GetFileType
LocalAlloc
SetFileAttributesW
ExitProcess
GetStartupInfoA
HeapReAlloc
GetOEMCP
CreateWaitableTimerA
GetStdHandle
GetVersionExA
GetFileAttributesW
EnterCriticalSection
HeapFree
GetSystemTime
GetStringTypeA

shell32

SHGetFolderPathW

ole32

CoGetMalloc
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoQueryProxyBlanket
CoTaskMemFree
StringFromGUID2

setupapi

SetupGetInfFileListA
SetupDiCreateDeviceInfoA
SetupDiGetDeviceRegistryPropertyW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiClassNameFromGuidW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstallParamsA
SetupGetLineTextA
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupDiDeleteDeviceInfo
SetupDiBuildClassInfoList
SetupDiSetClassInstallParamsW
SetupOpenInfFileA
SetupDiGetClassDevsA
SetupCopyOEMInfW
SetupCloseInfFile
SetupDiCreateDeviceInfoList
SetupDiClassGuidsFromNameW
SetupDiGetClassDevsW
SetupDiGetClassDescriptionW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

user32

EnumChildWindows
CreateWindowExW
IsWindow
GetDlgItem
SendMessageA
DestroyWindow
GetWindowThreadProcessId

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a745bf151bf8107fa60d30c6388fd9c7

Headers

File Characteristics

Imports

newdev

mprapi

advapi32

iphlpapi

rpcrt4

kernel32

shell32

ole32

setupapi

user32

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 71KB - Virtual size: 70KB

.rsrc Size: 1024B - Virtual size: 96KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 71KB - Virtual size: 70KB

.rsrc
Size: 1024B - Virtual size: 96KB