771098ab9d8f610a9709f7a0582cd884_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

771098ab9d8f610a9709f7a0582cd884_JaffaCakes118
Size

177KB
MD5

771098ab9d8f610a9709f7a0582cd884
SHA1

274b94eecc26f4bd7723211a8794b9608297a4e0
SHA256

8b5f5a2906d71f9e883b5a13b9e18392bd50a841fca2851274adc6164dd4d279
SHA512

69d2442622e3d07f85e69ce3cae9db065db98441a2f9e3ab1c9dcd1584505869ea488211a2afc7220643b23116a75cdc3de5b9dd5611018ffed1d6f05fd53714
SSDEEP

3072:3LqhMMjHJ/frFU1zT3P8axCdTM0hiwXde4hROjN4/XEP+70aQD4:7qhNZU13P8aII0hiwXc4TXx70a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
771098ab9d8f610a9709f7a0582cd884_JaffaCakes118

Files

771098ab9d8f610a9709f7a0582cd884_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ba75e06c22c1f4ace4291afe6567fb8d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

oleacc

LresultFromObject
AccessibleObjectFromPoint

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

GetACP
IsDebuggerPresent
VirtualAlloc
RtlUnwind
SetEndOfFile
HeapReAlloc
HeapFree
ReadFile
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetTimeZoneInformation
VirtualFree
GetDateFormatA
GetCurrentProcessId
InitializeCriticalSection
WriteConsoleA
HeapCreate
GetCurrentProcess
LoadLibraryA
GetCPInfo
EnumResourceTypesA
HeapSize
WriteFile
SetStdHandle
LCMapStringW
HeapDestroy
SetEnvironmentVariableA
GetLocaleInfoA
LeaveCriticalSection
TerminateProcess
FreeLibrary
QueryPerformanceCounter
IsValidCodePage
CompareStringA
GetTickCount
CreateNamedPipeA
EnterCriticalSection
RaiseException
GetConsoleOutputCP
SetFilePointer
MultiByteToWideChar
GetOEMCP
GetStringTypeW
LCMapStringA
CompareStringW
UnhandledExceptionFilter
GetTimeFormatA
GetStringTypeA

advapi32

RegEnumKeyExW
SetSecurityDescriptorDacl
QueryServiceStatus
QueryServiceLockStatusW
IsValidSecurityDescriptor
LockServiceDatabase
AddAce
ChangeServiceConfig2W
UnlockServiceDatabase
ChangeServiceConfigW
InitializeSecurityDescriptor
SetNamedSecurityInfoW
IsValidAcl
FreeSid
RegGetKeySecurity
DeleteService
AdjustTokenPrivileges
RegCreateKeyExW
OpenSCManagerW
RegSaveKeyW
GetAclInformation
GetSecurityDescriptorControl
AllocateAndInitializeSid
GetInheritanceSourceW
OpenProcessToken
ControlService
StartServiceA
GetSecurityInfo
FreeInheritedFromArray
QueryServiceConfigW
SetSecurityInfo
LookupPrivilegeDisplayNameA
OpenServiceW
RegSetValueExW
GetAce
EqualSid
RegDeleteValueW
RegRestoreKeyW
SetEntriesInAclW
LookupAccountSidW
InitializeAcl
GetTokenInformation
GetNamedSecurityInfoW
SetEntriesInAclA
CreateServiceW
LookupPrivilegeNameA
LookupPrivilegeValueA
RegCloseKey
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
EnumDependentServicesW
CloseServiceHandle
RegEnumValueW

shell32

SHGetFolderPathW

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba75e06c22c1f4ace4291afe6567fb8d

Headers

File Characteristics

Imports

mprapi

oleacc

newdev

kernel32

advapi32

shell32

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 3KB - Virtual size: 151KB

.data Size: 125KB - Virtual size: 125KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 3KB - Virtual size: 151KB

.data
Size: 125KB - Virtual size: 125KB

.rsrc
Size: 512B - Virtual size: 4KB