630af342a3bf74f3b87cdff921fe1fd5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

630af342a3bf74f3b87cdff921fe1fd5_JaffaCakes118
Size

186KB
MD5

630af342a3bf74f3b87cdff921fe1fd5
SHA1

fbfb09bac1efb516ce7230de56252d2bfd7b5d07
SHA256

d88311b3f85c37132b1f9eccead57f7a0b212a231686820b1d70e59b661c219b
SHA512

f467b766cd54851b3e1f032d413311770702ffd45853f1ad98db4dabbeb57c233fb54db65d75e96945620384a1ff3e2b981363254120052e8af2df3f0ae1fb5d
SSDEEP

3072:tGZQcAdTtkBpl27a9QSdQExezBBpMmnG32UUvr7FtkEGjKxDJ0oQQHTZDjhkw7Tg:toyiLQS5ezBLMmNbDUKZJ5ZPKw7TdS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
630af342a3bf74f3b87cdff921fe1fd5_JaffaCakes118

Files

630af342a3bf74f3b87cdff921fe1fd5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a6d6f291489621826a43271e88c0f6bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoGetMalloc
CoQueryProxyBlanket
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
StringFromGUID2

setupapi

SetupDiClassNameFromGuidW
SetupDiGetDeviceRegistryPropertyW
SetupDiSetClassInstallParamsW
SetupDiGetClassDescriptionW
SetupDiGetClassDevsA
SetupCopyOEMInfW
SetupDiCreateDeviceInfoList
SetupOpenInfFileA
SetupCloseInfFile
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiCreateDeviceInfoA
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiBuildClassInfoList
SetupGetInfFileListA
CMP_WaitNoPendingInstallEvents
SetupDiClassGuidsFromNameW
SetupGetLineTextA
SetupDiGetDeviceInstanceIdW
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsA
SetupDiDeleteDeviceInfo
CM_Get_DevNode_Status

newdev

UpdateDriverForPlugAndPlayDevicesW

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

iphlpapi

GetIpAddrTable

rpcrt4

UuidCreate

user32

DestroyWindow
IsWindow
EnumChildWindows
CreateWindowExW
SendMessageA
GetDlgItem
GetWindowThreadProcessId

advapi32

RegQueryValueExW
LockServiceDatabase
InitializeSecurityDescriptor
RegDeleteKeyW
OpenServiceW
QueryServiceStatus
EnumDependentServicesW
ChangeServiceConfigW
ControlService
AllocateAndInitializeSid
GetAce
LookupPrivilegeDisplayNameA
SetEntriesInAclW
GetTokenInformation
RegCloseKey
SetSecurityDescriptorDacl
DeleteService
LookupPrivilegeValueA
GetInheritanceSourceW
RegOpenKeyExW
SetSecurityInfo
StartServiceA
EqualSid
AddAce
GetAclInformation
QueryServiceLockStatusW
RegCreateKeyExW
SetEntriesInAclA
RegSaveKeyW
GetSecurityDescriptorControl
RegDeleteValueW
IsValidAcl
OpenSCManagerW
RegSetValueExW
IsValidSecurityDescriptor
ChangeServiceConfig2W
CloseServiceHandle
FreeSid
FreeInheritedFromArray
LookupPrivilegeNameA
RegRestoreKeyW
InitializeAcl
QueryServiceConfigW
RegEnumKeyExW
RegGetKeySecurity
UnlockServiceDatabase
GetNamedSecurityInfoW
CreateServiceW
AdjustTokenPrivileges
GetSecurityInfo
LookupAccountSidW
OpenProcessToken
SetNamedSecurityInfoW
RegEnumValueW

shell32

SHGetFolderPathW

kernel32

CompareStringA
FileTimeToLocalFileTime
ExitProcess
InitializeCriticalSection
InterlockedIncrement
SetFilePointer
CloseHandle
GetProcessHeap
GetCalendarInfoW
GetModuleHandleA
QueryPerformanceCounter
GetStdHandle
GetEnvironmentStringsW
CopyFileW
GetSystemTimeAsFileTime
WaitForSingleObject
CreateFileW
SetEvent
SystemTimeToFileTime
GetTimeZoneInformation
GetTimeFormatA
Sleep
VirtualFree
GetVersionExW
ExpandEnvironmentStringsW
GetSystemTime
MoveFileExW
GetCPInfo
HeapAlloc
HeapDestroy
LCMapStringA
GetOEMCP
SetUnhandledExceptionFilter
GetModuleFileNameA
FlushFileBuffers
MapViewOfFile
HeapSize
CreateFileMappingA
GetStringTypeW
WriteFile
SetEnvironmentVariableA
HeapCreate
GetTempPathW
GetLastError
RaiseException
GetSystemDirectoryW
HeapReAlloc
SetLastError
CreateFileA
GetEnvironmentStrings
CreateThread
GetDateFormatA
WideCharToMultiByte
CreateWaitableTimerA
GetCurrentThreadId
UnhandledExceptionFilter
GetExitCodeProcess
TlsSetValue
EnumResourceNamesA
GetConsoleOutputCP
EnterCriticalSection
GetFileType
DeviceIoControl
SetWaitableTimer
GetEnvironmentVariableW
LCMapStringW
TlsGetValue
WriteConsoleW
DeleteFileW
SetStdHandle
LoadLibraryA
GetConsoleCP
HeapFree
GetProcAddress
ReadFile
VirtualAlloc
LeaveCriticalSection
TerminateProcess
CreateEventA
ResetEvent
GetVersionExA
RtlUnwind
CreateProcessW
CreateDirectoryW
LocalFree
IsValidCodePage
CompareStringW
UnmapViewOfFile
FreeEnvironmentStringsW
GetModuleHandleW
LocalAlloc
GetStartupInfoA
InitializeCriticalSection
GetTickCount
LoadLibraryExW
CancelWaitableTimer
MultiByteToWideChar
FreeLibrary
IsDebuggerPresent
FileTimeToSystemTime
TlsAlloc
GetConsoleMode
DeleteCriticalSection
GetCurrentProcessId
GetLocaleInfoA
SetEndOfFile
GetCurrentProcess
GetACP
InterlockedDecrement
GetCommandLineA
GetFileAttributesW
SetFileAttributesW
TlsFree
WriteConsoleA
SetHandleCount
FreeEnvironmentStringsA
GetStringTypeA

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6d6f291489621826a43271e88c0f6bc

Headers

File Characteristics

Imports

ole32

setupapi

newdev

mprapi

iphlpapi

rpcrt4

user32

advapi32

shell32

kernel32

Sections

.text Size: 97KB - Virtual size: 96KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 80KB - Virtual size: 80KB

.rsrc Size: 1024B - Virtual size: 116KB

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 80KB - Virtual size: 80KB

.rsrc
Size: 1024B - Virtual size: 116KB