4e1b07dd3f81a5522c3e5b9807203f63_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4e1b07dd3f81a5522c3e5b9807203f63_JaffaCakes118
Size

200KB
MD5

4e1b07dd3f81a5522c3e5b9807203f63
SHA1

39309457a81d8eaf7f42c86a2270439013a35659
SHA256

9c661a3f4b88761f0264a53efdc021578af99d7748648465302ab093e42e616d
SHA512

ccc8f253f59cde985e49c1cb9bf7d14e12aebc940dd544f372430f0e183f4c760b1c01d03ef1a3a9ec4a96cb45c1f2bd589edd744122bd8767e19a03185c9f3d
SSDEEP

3072:yGQDf7tglPLiSaN+IN66mgR6O5hsahK1tUoIdVwo:lQDulPt4/5G8Kc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e1b07dd3f81a5522c3e5b9807203f63_JaffaCakes118

Files

4e1b07dd3f81a5522c3e5b9807203f63_JaffaCakes118
.exe windows:6 windows x86 arch:x86

9fd6c2363123fc27b021db1cf63eea45

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\bld\HM176_02\drivers\ui\nvvsvc\bin\release.nt6\nvvsvc.pdb

Imports

kernel32

GetTimeZoneInformation
GetLocaleInfoW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateNamedPipeW
ConnectNamedPipe
ReadFile
WriteFile
FlushFileBuffers
DisconnectNamedPipe
GetCommandLineW
LocalFree
SetLastError
GetLastError
Sleep
GetSystemDirectoryW
CreateThread
GetCurrentProcess
WriteConsoleW
CloseHandle
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapFree
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
HeapSize
InitializeCriticalSection
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InterlockedCompareExchange

shlwapi

PathAddBackslashW

shell32

CommandLineToArgvW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

advapi32

SetSecurityDescriptorDacl
RegDeleteValueW
RegEnumKeyExW
StartServiceCtrlDispatcherW
OpenServiceW
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegisterServiceCtrlHandlerExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetServiceStatus
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
InitializeSecurityDescriptor

rpcrt4

UuidToStringW
RpcStringFreeW

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fd6c2363123fc27b021db1cf63eea45

Headers

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

shell32

wtsapi32

advapi32

rpcrt4

Sections

.text Size: 148KB - Virtual size: 146KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 148KB - Virtual size: 146KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 12KB - Virtual size: 10KB