64b88c49f841017d4eaa8bd553380b43_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

64b88c49f841017d4eaa8bd553380b43_JaffaCakes118
Size

179KB
MD5

64b88c49f841017d4eaa8bd553380b43
SHA1

b85ca6cf7bb6a5c6e3c8a46da3947613b920baa3
SHA256

d7dd5b81df9c01ffcc8230a15b690bca8738cd3db056e170ac9591df102f1c23
SHA512

2eb101607b61da8c3e30c8503fc9a166f0b6e28c24bfbeae6ce3ace92f57c3cbc31dc17c8e7b3bff7596d0688ec008c63031556c2715bd9dc532efb8060c6ecf
SSDEEP

3072:iWvIhzbHjmjf4bCZFb4I/xmfXBI03vbfs7v52Hby1NfAG0:7EamWUfi03DU7vUkx0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64b88c49f841017d4eaa8bd553380b43_JaffaCakes118

Files

64b88c49f841017d4eaa8bd553380b43_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2ea5ee90a3864d9bb01c927146e2795b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

setupapi

SetupCloseInfFile
SetupDiEnumDeviceInfo
SetupGetLineTextA
SetupDiCreateDeviceInfoA
SetupDiClassGuidsFromNameW
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiClassNameFromGuidW
CMP_WaitNoPendingInstallEvents
SetupCopyOEMInfW
SetupOpenInfFileA
SetupDiSetClassInstallParamsW
SetupDiDeleteDeviceInfo
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceInstallParamsA
SetupDiGetClassDevsW
SetupDiGetClassDescriptionW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiBuildClassInfoList
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyA
SetupGetInfFileListA
SetupDiGetClassDevsA
CM_Get_DevNode_Status

shell32

SHGetFolderPathW

user32

DestroyWindow
EnumChildWindows
CreateWindowExW
SendMessageA
GetDlgItem
IsWindow
GetWindowThreadProcessId

iphlpapi

GetIpAddrTable

kernel32

ReadFile
LocalAlloc
DeviceIoControl
LoadLibraryExW
HeapDestroy
ExitProcess
HeapAlloc
GetVersionExW
GetFileAttributesW
GetConsoleCP
MoveFileExW
SetStdHandle
SetUnhandledExceptionFilter
GetCalendarInfoW
SetEnvironmentVariableA
GetStdHandle
LCMapStringW
GetEnvironmentStringsW
DeleteFileW
SetLastError
CancelWaitableTimer
GetModuleFileNameA
HeapReAlloc
InterlockedDecrement
ResetEvent
MapViewOfFile
GetLocaleInfoA
GetSystemDirectoryW
UnmapViewOfFile
InitializeCriticalSection
SetFilePointer
CreateFileW
GetACP
GetConsoleOutputCP
RaiseException
HeapFree
GetDateFormatA
GetStartupInfoA
CreateDirectoryW
GetFileType
SetWaitableTimer
DeleteCriticalSection
TlsSetValue
GetProcAddress
GetEnvironmentVariableW
GetCommandLineA
WaitForSingleObject
CreateProcessW
MultiByteToWideChar
GetSystemTimeAsFileTime
CreateWaitableTimerA
HeapCreate
GetTimeFormatA
TlsFree
WriteFile
WriteConsoleA
GetTimeZoneInformation
EnumResourceNamesA
FileTimeToSystemTime
WideCharToMultiByte
ExpandEnvironmentStringsW
CreateEventA
GetModuleHandleA
GetModuleHandleW
CreateThread
TlsAlloc
SystemTimeToFileTime
CopyFileW
GetEnvironmentStrings
WriteConsoleW
CompareStringA
LocalFree
GetLastError
VirtualFree
TlsGetValue
EnterCriticalSection
SetFileAttributesW
SetEvent
FreeLibrary
FlushFileBuffers
FreeEnvironmentStringsW
GetCurrentProcess
GetOEMCP
RtlUnwind
LeaveCriticalSection
IsDebuggerPresent
GetStringTypeW
FileTimeToLocalFileTime
SetHandleCount
GetTickCount
GetCPInfo
UnhandledExceptionFilter
GetSystemTime
InitializeCriticalSection
GetCurrentThreadId
IsValidCodePage
GetExitCodeProcess
CreateFileA
GetConsoleMode
VirtualAlloc
CloseHandle
TerminateProcess
FreeEnvironmentStringsA
CreateFileMappingA
SetEndOfFile
GetVersionExA
Sleep
HeapSize
CompareStringW
GetCurrentProcessId
GetTempPathW
LoadLibraryA
InterlockedIncrement
QueryPerformanceCounter
LCMapStringA
GetProcessHeap
GetStringTypeA

ole32

CoGetMalloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoSetProxyBlanket
CoInitializeSecurity
CoQueryProxyBlanket
StringFromGUID2

advapi32

DeleteService
RegSaveKeyW
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExW
LookupPrivilegeDisplayNameA
IsValidSecurityDescriptor
FreeInheritedFromArray
InitializeAcl
AddAce
RegCloseKey
RegCreateKeyExW
OpenServiceW
SetEntriesInAclW
LookupPrivilegeNameA
GetInheritanceSourceW
RegGetKeySecurity
CreateServiceW
GetAclInformation
GetAce
FreeSid
RegSetValueExW
QueryServiceConfigW
AdjustTokenPrivileges
SetSecurityInfo
EqualSid
OpenSCManagerW
ChangeServiceConfigW
RegEnumKeyExW
GetSecurityDescriptorControl
RegDeleteValueW
RegDeleteKeyW
SetEntriesInAclA
GetTokenInformation
SetNamedSecurityInfoW
ControlService
OpenProcessToken
UnlockServiceDatabase
InitializeSecurityDescriptor
QueryServiceStatus
SetSecurityDescriptorDacl
GetSecurityInfo
IsValidAcl
RegOpenKeyExW
QueryServiceLockStatusW
StartServiceA
LookupAccountSidW
CloseServiceHandle
ChangeServiceConfig2W
LockServiceDatabase
EnumDependentServicesW
GetNamedSecurityInfoW
RegRestoreKeyW
RegEnumValueW

newdev

UpdateDriverForPlugAndPlayDevicesW

rpcrt4

UuidCreate

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ea5ee90a3864d9bb01c927146e2795b

Headers

File Characteristics

Imports

mprapi

setupapi

shell32

user32

iphlpapi

kernel32

ole32

advapi32

newdev

rpcrt4

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 74KB - Virtual size: 74KB

.rsrc Size: 1024B - Virtual size: 380KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 74KB - Virtual size: 74KB

.rsrc
Size: 1024B - Virtual size: 380KB