95eadbc7c098acfb6805c2ceb10add48_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

95eadbc7c098acfb6805c2ceb10add48_JaffaCakes118
Size

266KB
MD5

95eadbc7c098acfb6805c2ceb10add48
SHA1

a25aaa6708538a81e4f8865fd0ac57d3e9d6de03
SHA256

748101d608f72bf08f6945b21a4d22a31ddf0f6a57bf7019fa466f994b28604e
SHA512

07d0c6e52a9ffd02f599369b6afe1b3f05b56dc88cc9354168eb20e6ac956ca3d52a503ac32ad7aff12b5a3ee6a063bc5faae259b195e16fba8a1979a3295b93
SSDEEP

6144:vibwnAswVyCFuctB7wVN3OTaZ1og3kmgkPTPX5Asfp/IlidulFq93Pm:ar4ctB8xRZ1P3kmg2+sf2RlkZ+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95eadbc7c098acfb6805c2ceb10add48_JaffaCakes118

Files

95eadbc7c098acfb6805c2ceb10add48_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eee5797f0ceb8e4c17407e8ed996c73c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

advapi32

RegGetKeySecurity
RegSaveKeyW
SetSecurityDescriptorDacl
GetNamedSecurityInfoW
ChangeServiceConfig2W
LookupPrivilegeNameA
LockServiceDatabase
EnumDependentServicesW
GetTokenInformation
InitializeAcl
QueryServiceStatus
IsValidAcl
StartServiceA
AdjustTokenPrivileges
SetEntriesInAclW
ChangeServiceConfigW
SetSecurityInfo
RegSetValueExW
FreeInheritedFromArray
CreateServiceW
AddAce
SetNamedSecurityInfoW
FreeSid
GetAce
GetAclInformation
RegQueryValueExW
RegDeleteValueW
GetSecurityInfo
OpenServiceW
ControlService
RegEnumKeyExW
RegCloseKey
LookupPrivilegeDisplayNameA
RegCreateKeyExW
DeleteService
GetInheritanceSourceW
LookupPrivilegeValueA
EqualSid
RegDeleteKeyW
RegRestoreKeyW
RegOpenKeyExW
GetSecurityDescriptorControl
AllocateAndInitializeSid
LookupAccountSidW
QueryServiceLockStatusW
QueryServiceConfigW
OpenProcessToken
IsValidSecurityDescriptor
InitializeSecurityDescriptor
SetEntriesInAclA
UnlockServiceDatabase
OpenSCManagerW
CloseServiceHandle
RegEnumValueW

oleacc

LresultFromObject
AccessibleObjectFromPoint

kernel32

FreeLibrary
HeapFree
HeapReAlloc
SetFilePointer
GetOEMCP
LoadLibraryA
GetCurrentProcess
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
HeapSize
LCMapStringA
IsDebuggerPresent
GetACP
GetStringTypeW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LCMapStringW
GetDateFormatA
VirtualFree
HeapDestroy
RaiseException
SetUnhandledExceptionFilter
SetEndOfFile
EnumResourceTypesA
GetSystemTimeAsFileTime
RtlUnwind
GetLocaleInfoA
QueryPerformanceCounter
WriteFile
ReadFile
WriteConsoleA
HeapCreate
CreateNamedPipeA
GetCPInfo
GetTickCount
GetConsoleOutputCP
SetEnvironmentVariableA
GetTimeZoneInformation
IsValidCodePage
VirtualAlloc
CompareStringA
GetTimeFormatA
MultiByteToWideChar
CompareStringW
SetStdHandle
GetStringTypeA

newdev

UpdateDriverForPlugAndPlayDevicesW

shell32

SHGetFolderPathW

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eee5797f0ceb8e4c17407e8ed996c73c

Headers

File Characteristics

Imports

mprapi

advapi32

oleacc

kernel32

newdev

shell32

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 3KB - Virtual size: 147KB

.data Size: 197KB - Virtual size: 196KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 3KB - Virtual size: 147KB

.data
Size: 197KB - Virtual size: 196KB

.rsrc
Size: 512B - Virtual size: 4KB