a64442e59e31f15781e7a230e427a878_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a64442e59e31f15781e7a230e427a878_JaffaCakes118
Size

267KB
MD5

a64442e59e31f15781e7a230e427a878
SHA1

6e637108490274d891a62b90aba3c7d34f24057e
SHA256

fe7aa0f420e341161143fd62662013211a960fc1858e9c4180c6126606a82279
SHA512

bd70661b91c908b5c17819531ce5f0d06fe10506e3129bedaa621f62d992365481176d0b1fb660eafd325681c7f11305cf65df718109a4ae64482af673b0b950
SSDEEP

6144:2Z++CjuJzJhdrHDnh68C7AkUd07gnYYD/SY/qq/YqZcWbhd:20SzPdrH7h68vkl79i/Sql

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a64442e59e31f15781e7a230e427a878_JaffaCakes118

Files

a64442e59e31f15781e7a230e427a878_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ad21df0654e4a198404b89ba7100bdbb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

shell32

SHGetFolderPathW

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

LCMapStringW
RaiseException
HeapCreate
HeapFree
LoadLibraryA
ReadFile
LeaveCriticalSection
IsDebuggerPresent
GetCurrentProcessId
LCMapStringA
HeapReAlloc
UnhandledExceptionFilter
CompareStringW
GetACP
GetTickCount
IsValidCodePage
QueryPerformanceCounter
FreeLibrary
SetEndOfFile
CompareStringA
EnterCriticalSection
HeapDestroy
EnumResourceTypesA
RtlUnwind
GetTimeZoneInformation
SetFilePointer
GetCPInfo
GetCurrentProcess
HeapSize
SetEnvironmentVariableA
VirtualAlloc
CreateNamedPipeW
GetStringTypeW
GetOEMCP
GetSystemTimeAsFileTime
SetStdHandle
GetConsoleOutputCP
MultiByteToWideChar
GetLocaleInfoA
SetUnhandledExceptionFilter
GetDateFormatA
WriteFile
TerminateProcess
GetTimeFormatA
VirtualFree
InitializeCriticalSection
WriteConsoleA
GetStringTypeA

advapi32

OpenServiceW
AdjustTokenPrivileges
OpenSCManagerW
LookupAccountSidW
StartServiceA
AllocateAndInitializeSid
SetSecurityDescriptorDacl
CreateServiceW
RegSetValueExW
RegSaveKeyW
RegCloseKey
RegRestoreKeyW
SetSecurityInfo
LookupPrivilegeNameA
LookupPrivilegeDisplayNameA
EnumDependentServicesW
RegDeleteKeyW
SetEntriesInAclW
DeleteService
ChangeServiceConfigW
GetTokenInformation
ChangeServiceConfig2W
FreeInheritedFromArray
InitializeAcl
QueryServiceStatus
GetSecurityInfo
SetEntriesInAclA
RegQueryValueExW
GetAce
GetNamedSecurityInfoW
GetInheritanceSourceW
CloseServiceHandle
QueryServiceConfigW
GetAclInformation
RegOpenKeyExW
ControlService
LookupPrivilegeValueA
UnlockServiceDatabase
RegEnumKeyExW
GetSecurityDescriptorControl
IsValidSecurityDescriptor
RegGetKeySecurity
OpenProcessToken
EqualSid
InitializeSecurityDescriptor
LockServiceDatabase
RegCreateKeyExW
AddAce
IsValidAcl
FreeSid
SetNamedSecurityInfoW
RegDeleteValueW
QueryServiceLockStatusW
RegEnumValueW

oleacc

LresultFromObject
AccessibleObjectFromPoint

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad21df0654e4a198404b89ba7100bdbb

Headers

File Characteristics

Imports

mprapi

shell32

newdev

kernel32

advapi32

oleacc

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 3KB - Virtual size: 143KB

.data Size: 197KB - Virtual size: 197KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 3KB - Virtual size: 143KB

.data
Size: 197KB - Virtual size: 197KB

.rsrc
Size: 512B - Virtual size: 4KB