60a5908335b6322f9149ac3775cbe538_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

60a5908335b6322f9149ac3775cbe538_JaffaCakes118
Size

170KB
MD5

60a5908335b6322f9149ac3775cbe538
SHA1

ca4771260e5a94820b8b8c8f156c52f7dc618ff1
SHA256

9c5d9fe5cf3f56d8e17c63ce4806880e47ba560ee5a03ffc8ad0ea7843a3e216
SHA512

e817d16fcabc47bf6a20185f2fd27074939dbcc5ca5eef4b8baddaeb71613b87ade06aec97036025961f806b52d939b8d86b1cf65088db60009c97b6ed2639ef
SSDEEP

3072:jOCMMDPItmehXtY/LomVmje3ANh3wG4AE9lF0k2gKtq1R1zx5qJrXiCwS4:C1oimromwCahAGRExR1z3grX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60a5908335b6322f9149ac3775cbe538_JaffaCakes118

Files

60a5908335b6322f9149ac3775cbe538_JaffaCakes118
.exe windows:4 windows x86 arch:x86

afff98c2c4748b97b333cfc5723d86fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

UnlockServiceDatabase
OpenSCManagerW
LookupPrivilegeValueA
LookupPrivilegeNameA
RegQueryValueExW
LookupAccountSidW
GetAce
SetEntriesInAclW
AllocateAndInitializeSid
FreeInheritedFromArray
GetInheritanceSourceW
ChangeServiceConfigW
RegSetValueExW
OpenProcessToken
GetSecurityDescriptorControl
EqualSid
SetSecurityInfo
DeleteService
CloseServiceHandle
QueryServiceLockStatusW
IsValidAcl
AddAce
RegOpenKeyExW
RegEnumKeyExW
LookupPrivilegeDisplayNameA
StartServiceA
QueryServiceConfigW
RegGetKeySecurity
SetNamedSecurityInfoW
RegDeleteKeyW
AdjustTokenPrivileges
GetNamedSecurityInfoW
IsValidSecurityDescriptor
OpenServiceW
FreeSid
ControlService
RegCreateKeyExW
InitializeSecurityDescriptor
QueryServiceStatus
GetAclInformation
RegRestoreKeyW
CreateServiceW
SetEntriesInAclA
RegDeleteValueW
GetTokenInformation
ChangeServiceConfig2W
LockServiceDatabase
RegSaveKeyW
RegCloseKey
InitializeAcl
EnumDependentServicesW
GetSecurityInfo
SetSecurityDescriptorDacl
RegEnumValueW

shell32

SHGetFolderPathW

ole32

CoGetMalloc
CoCreateInstance
CoTaskMemFree
CoQueryProxyBlanket
CoUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
StringFromGUID2

user32

SendMessageA
IsWindow
GetDlgItem
DestroyWindow
EnumChildWindows
CreateWindowExW
GetWindowThreadProcessId

kernel32

SetUnhandledExceptionFilter
GetCommandLineA
GetLastError
GetModuleHandleA
HeapReAlloc
LoadLibraryA
GetSystemTime
EnterCriticalSection
GetTickCount
GetProcessHeap
CreateWaitableTimerA
GetCalendarInfoW
SetFileAttributesW
CopyFileW
CancelWaitableTimer
DeviceIoControl
WriteConsoleA
TerminateProcess
FreeLibrary
GetEnvironmentStringsW
GetVersionExA
UnmapViewOfFile
FreeEnvironmentStringsW
TlsFree
SystemTimeToFileTime
GetLocaleInfoA
SetWaitableTimer
FileTimeToSystemTime
SetEnvironmentVariableA
HeapDestroy
TlsAlloc
SetStdHandle
GetModuleHandleW
LocalFree
GetACP
GetExitCodeProcess
GetTimeFormatA
CreateFileA
GetStartupInfoA
SetEvent
LCMapStringA
SetHandleCount
WriteFile
GetSystemDirectoryW
GetFileAttributesW
GetCurrentThreadId
CreateProcessW
CreateThread
FileTimeToLocalFileTime
DeleteCriticalSection
FlushFileBuffers
GetOEMCP
RaiseException
DeleteFileW
MoveFileExW
CreateFileW
IsDebuggerPresent
CreateEventA
TlsGetValue
GetCurrentProcessId
InitializeCriticalSection
ReadFile
UnhandledExceptionFilter
ExpandEnvironmentStringsW
LeaveCriticalSection
GetProcAddress
HeapSize
CloseHandle
EnumResourceNamesA
ResetEvent
GetEnvironmentStrings
GetConsoleOutputCP
ExitProcess
SetFilePointer
IsValidCodePage
InterlockedDecrement
InitializeCriticalSection
GetCurrentProcess
CreateDirectoryW
InterlockedIncrement
WaitForSingleObject
HeapFree
GetStdHandle
SetLastError
WriteConsoleW
TlsSetValue
WideCharToMultiByte
FreeEnvironmentStringsA
LCMapStringW
GetConsoleMode
LocalAlloc
GetStringTypeW
QueryPerformanceCounter
CompareStringA
Sleep
HeapCreate
GetTempPathW
GetModuleFileNameA
MultiByteToWideChar
RtlUnwind
GetTimeZoneInformation
LoadLibraryExW
SetEndOfFile
GetFileType
VirtualFree
GetSystemTimeAsFileTime
GetCPInfo
GetDateFormatA
HeapAlloc
GetVersionExW
GetEnvironmentVariableW
GetConsoleCP
MapViewOfFile
CompareStringW
VirtualAlloc
CreateFileMappingA
GetStringTypeA

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

rpcrt4

UuidCreate

newdev

UpdateDriverForPlugAndPlayDevicesW

iphlpapi

GetIpAddrTable

setupapi

SetupDiClassNameFromGuidW
SetupOpenInfFileA
SetupDiCreateDeviceInfoA
SetupDiDeleteDeviceInfo
SetupDiEnumDeviceInfo
SetupDiClassGuidsFromNameW
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyA
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsW
SetupGetInfFileListA
SetupDiGetDeviceInstallParamsA
SetupDiGetClassDevsW
CMP_WaitNoPendingInstallEvents
SetupCloseInfFile
SetupDiGetClassDevsA
SetupDiBuildClassInfoList
SetupGetLineTextA
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDescriptionW
SetupDiGetDeviceRegistryPropertyW
SetupCopyOEMInfW
CM_Get_DevNode_Status

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afff98c2c4748b97b333cfc5723d86fb

Headers

File Characteristics

Imports

advapi32

shell32

ole32

user32

kernel32

mprapi

rpcrt4

newdev

iphlpapi

setupapi

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 72KB - Virtual size: 72KB

.rsrc Size: 1024B - Virtual size: 96KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 72KB - Virtual size: 72KB

.rsrc
Size: 1024B - Virtual size: 96KB