958162c949474be7aa23b3b9b06c63f7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

958162c949474be7aa23b3b9b06c63f7_JaffaCakes118
Size

176KB
MD5

958162c949474be7aa23b3b9b06c63f7
SHA1

ed5131d199e53f2ae7c94d0bb0e7a3b59378da19
SHA256

f9d4178c9c77c3f8d7c23ed504c163e5284489c650d76ef045663b789122835b
SHA512

301bf3bfca479f1ace90432ec26d7fee59ff6f4f585c8f080b853ae2929f99dc7f7f3a0c3b901529090cc4a589a8846d0b56f18c8900e5bf49bfee4824346db7
SSDEEP

3072:ONXDOeAKT8rvCgg9mU0G/L51S1bd39HYIxnlfNGWkxiXIOYrGXv0ajrjUA:OTOeFT8rvCr/11Sh1g0XIzGXZrjUA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
958162c949474be7aa23b3b9b06c63f7_JaffaCakes118

Files

958162c949474be7aa23b3b9b06c63f7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

61eb7443023fd43815b4ae2afc190222

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoGetMalloc
CoSetProxyBlanket
CoUninitialize
CoQueryProxyBlanket
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoInitializeSecurity
StringFromGUID2

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

user32

GetDlgItem
DestroyWindow
IsWindow
EnumChildWindows
SendMessageA
CreateWindowExW
GetWindowThreadProcessId

newdev

UpdateDriverForPlugAndPlayDevicesW

advapi32

RegDeleteValueW
SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeNameA
ChangeServiceConfigW
InitializeSecurityDescriptor
GetAclInformation
LookupAccountSidW
OpenServiceW
RegCloseKey
LookupPrivilegeValueA
GetSecurityDescriptorControl
RegSetValueExW
RegCreateKeyExW
IsValidSecurityDescriptor
LockServiceDatabase
FreeSid
GetInheritanceSourceW
GetNamedSecurityInfoW
QueryServiceStatus
SetEntriesInAclW
RegEnumKeyExW
RegGetKeySecurity
AllocateAndInitializeSid
IsValidAcl
SetNamedSecurityInfoW
ChangeServiceConfig2W
SetEntriesInAclA
DeleteService
OpenSCManagerW
InitializeAcl
QueryServiceConfigW
FreeInheritedFromArray
EnumDependentServicesW
GetSecurityInfo
ControlService
RegDeleteKeyW
CreateServiceW
RegOpenKeyExW
EqualSid
SetSecurityInfo
AddAce
RegSaveKeyW
UnlockServiceDatabase
AdjustTokenPrivileges
RegRestoreKeyW
CloseServiceHandle
QueryServiceLockStatusW
StartServiceA
LookupPrivilegeDisplayNameA
GetAce
RegQueryValueExW
GetTokenInformation
RegEnumValueW

kernel32

GetTimeFormatA
CreateWaitableTimerA
SetFilePointer
CreateFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeleteFileW
CreateProcessW
GetCommandLineA
UnmapViewOfFile
SetFileAttributesW
GetDateFormatA
GetVersionExA
GetCurrentProcess
CopyFileW
GetCalendarInfoW
ExpandEnvironmentStringsW
FlushFileBuffers
LCMapStringA
CreateFileMappingA
ReadFile
GetLocaleInfoA
SetEvent
SystemTimeToFileTime
TlsFree
FreeEnvironmentStringsA
SetStdHandle
GetEnvironmentStringsW
CompareStringW
LoadLibraryExW
WaitForSingleObject
WideCharToMultiByte
GetProcAddress
LoadLibraryA
VirtualFree
GetStartupInfoA
CreateDirectoryW
GetConsoleOutputCP
DeleteCriticalSection
SetEnvironmentVariableA
MultiByteToWideChar
GetStringTypeW
GetSystemTimeAsFileTime
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
GetACP
ResetEvent
GetConsoleMode
HeapSize
RaiseException
SetLastError
RtlUnwind
CreateThread
TlsAlloc
InterlockedIncrement
CreateFileW
HeapFree
FileTimeToSystemTime
GetModuleHandleW
GetTempPathW
EnumResourceNamesA
VirtualAlloc
MapViewOfFile
HeapCreate
ExitProcess
LocalAlloc
Sleep
LCMapStringW
GetSystemTime
InitializeCriticalSection
MoveFileExW
DeviceIoControl
HeapAlloc
TerminateProcess
FileTimeToLocalFileTime
HeapDestroy
GetCurrentProcessId
SetWaitableTimer
InitializeCriticalSection
CreateEventA
GetCurrentThreadId
EnterCriticalSection
GetFileAttributesW
GetFileType
GetModuleHandleA
GetExitCodeProcess
LeaveCriticalSection
IsValidCodePage
GetCPInfo
WriteFile
SetHandleCount
HeapReAlloc
TlsGetValue
GetEnvironmentStrings
CompareStringA
IsDebuggerPresent
SetEndOfFile
CancelWaitableTimer
QueryPerformanceCounter
CloseHandle
GetEnvironmentVariableW
FreeLibrary
GetLastError
GetConsoleCP
GetTickCount
GetSystemDirectoryW
WriteConsoleW
WriteConsoleA
TlsSetValue
GetVersionExW
LocalFree
GetProcessHeap
GetOEMCP
FreeEnvironmentStringsW
GetStringTypeA

iphlpapi

GetIpAddrTable

rpcrt4

UuidCreate

shell32

SHGetFolderPathW

setupapi

SetupGetInfFileListA
SetupDiDeleteDeviceInfo
SetupDiClassGuidsFromNameW
SetupOpenInfFileA
SetupDiCreateDeviceInfoA
SetupCloseInfFile
SetupDiGetDeviceRegistryPropertyW
SetupGetLineTextA
SetupDiCreateDeviceInfoList
SetupDiSetDeviceRegistryPropertyW
SetupDiClassNameFromGuidW
CMP_WaitNoPendingInstallEvents
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupCopyOEMInfW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiBuildClassInfoList
SetupDiGetClassDescriptionW
SetupDiGetClassDevsW
SetupDiGetDeviceInstallParamsA
SetupDiCallClassInstaller
CM_Get_DevNode_Status

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61eb7443023fd43815b4ae2afc190222

Headers

File Characteristics

Imports

ole32

mprapi

user32

newdev

advapi32

kernel32

iphlpapi

rpcrt4

shell32

setupapi

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 71KB - Virtual size: 71KB

.rsrc Size: 1024B - Virtual size: 244KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 71KB - Virtual size: 71KB

.rsrc
Size: 1024B - Virtual size: 244KB