a79d82f408f81af4f4df37ddad40cbdb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a79d82f408f81af4f4df37ddad40cbdb_JaffaCakes118
Size

142KB
MD5

a79d82f408f81af4f4df37ddad40cbdb
SHA1

5cfd3bf0a06761c3474e7e4ab4218f8933c29ec8
SHA256

f33eff8b7aee2e2d98867eed856a9ef29aa2d8ecdd5ad8655c2c4025ff994645
SHA512

67b08546335c6b20f2f9e473d69cb7a037fc1e1228b3cc9d10efa17f64c139384eee245b57a58ff4ce7052bfd43c6d92da24981e39e89f5cb2a1701d0b8237e4
SSDEEP

1536:RvsIAfZhOJifzi3KcWr5AjkAm1qfLZ5gS64jcJcHq8s2x8cPy02cheUeWqR5UcRy:lsFG6i3Kc9jsIk4aqxXPy02GeUe1VA/R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a79d82f408f81af4f4df37ddad40cbdb_JaffaCakes118

Files

a79d82f408f81af4f4df37ddad40cbdb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

782a1b4c6897b476fb895a50dda3fa36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SYSCORE4\buildsyscore\release\mfevtps.pdb

Imports

psapi

GetModuleInformation
GetMappedFileNameW
EnumProcessModules

advapi32

TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
PrivilegeCheck
LookupPrivilegeValueW
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW
QueryServiceStatus
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetSecurityDescriptorDacl
GetTokenInformation
CopySid
GetLengthSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
AddAccessAllowedAceEx
AddAccessDeniedAceEx
InitializeAcl
InitializeSecurityDescriptor
SetServiceObjectSecurity
RegOpenKeyW
RegCreateKeyExW

sfc

SfcIsFileProtected

kernel32

LoadLibraryW
GetLastError
DeviceIoControl
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
CreateEventW
SetEvent
CloseHandle
CreateThread
InitializeCriticalSection
GetVersionExW
LoadLibraryA
GetCurrentProcess
GetCurrentThread
Sleep
CreateFileW
InitializeCriticalSectionAndSpinCount
GetFileAttributesExW
GetSystemWindowsDirectoryW
QueryDosDeviceW
GetLogicalDriveStringsW
GetVersion
OpenProcess
DeleteCriticalSection
GetSystemDirectoryW
GetWindowsDirectoryW
GetEnvironmentVariableW
SetFilePointer
WriteFile
ReadFile
VirtualProtect
IsBadReadPtr
SetLastError
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
TlsAlloc
TlsSetValue
TlsGetValue
TerminateProcess
GetStdHandle
DebugBreak
HeapAlloc
HeapFree
RaiseException
GetVersionExA
HeapReAlloc
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsFree
OutputDebugStringA
HeapSize
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
LCMapStringW
RtlUnwind
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetSystemInfo
VirtualQuery
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
FreeLibrary
LocalAlloc
LocalFree
InterlockedCompareExchange

ntdll

_wcsnicmp

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bldvar
Size: 512B - Virtual size: 19B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

782a1b4c6897b476fb895a50dda3fa36

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

advapi32

sfc

kernel32

ntdll

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 26KB - Virtual size: 34KB

.bldvar Size: 512B - Virtual size: 19B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 26KB - Virtual size: 34KB

.bldvar
Size: 512B - Virtual size: 19B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB