b65bd370eaf39e14154951a65f18dfe0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b65bd370eaf39e14154951a65f18dfe0_JaffaCakes118
Size

198KB
MD5

b65bd370eaf39e14154951a65f18dfe0
SHA1

de029269795a39433188e726bbf5606ac4693da7
SHA256

0223b5223e62f95e7d0f9e7c51155cdbe8bda96ca8a6adad75b6c4fb8188b3a2
SHA512

216ec6e41dc56b3546e6214aaf1ec1da1b86ef55135f4c716160593b2667e9073678f41c24c848de6f76badbeb7975c2c248ba154f638320807f8437be687d48
SSDEEP

3072:Qx+6YB0gqVh+6DMBrm+Cbz+FSFzEVgazpKNlZLKudV8E1ET9DjNuXB39s:Qx+TB0gb6wxyz+8F87K7qE29/Na39s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b65bd370eaf39e14154951a65f18dfe0_JaffaCakes118

Files

b65bd370eaf39e14154951a65f18dfe0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b91fc242ff2ba9b74c6833671193c811

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate

advapi32

ChangeServiceConfig2W
DeleteService
CreateServiceW
RegDeleteKeyW
RegEnumKeyExW
RegGetKeySecurity
SetEntriesInAclA
QueryServiceConfigW
OpenServiceW
GetAce
CloseServiceHandle
RegCreateKeyExW
UnlockServiceDatabase
IsValidAcl
AddAce
LockServiceDatabase
AllocateAndInitializeSid
InitializeAcl
FreeSid
LookupPrivilegeNameA
GetSecurityInfo
SetSecurityDescriptorDacl
LookupPrivilegeValueA
RegOpenKeyExW
RegSaveKeyW
AdjustTokenPrivileges
LookupPrivilegeDisplayNameA
OpenProcessToken
GetInheritanceSourceW
OpenSCManagerW
QueryServiceLockStatusW
RegSetValueExW
GetSecurityDescriptorControl
RegRestoreKeyW
EnumDependentServicesW
RegQueryValueExW
SetSecurityInfo
ChangeServiceConfigW
LookupAccountSidW
IsValidSecurityDescriptor
ControlService
GetNamedSecurityInfoW
SetNamedSecurityInfoW
EqualSid
GetTokenInformation
QueryServiceStatus
StartServiceA
RegCloseKey
GetAclInformation
FreeInheritedFromArray
RegDeleteValueW
SetEntriesInAclW
InitializeSecurityDescriptor
RegEnumValueW

ole32

CoGetMalloc
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoQueryProxyBlanket
CoInitializeSecurity
CoUninitialize
StringFromGUID2

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiGetClassDescriptionW
SetupDiSetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupCopyOEMInfW
CMP_WaitNoPendingInstallEvents
SetupDiGetClassDevsW
SetupDiBuildClassInfoList
SetupDiGetDeviceInstanceIdW
SetupDiClassGuidsFromNameW
SetupDiGetDeviceInstallParamsA
SetupDiDeleteDeviceInfo
SetupOpenInfFileA
SetupDiCreateDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupCloseInfFile
SetupDiCreateDeviceInfoA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiClassNameFromGuidW
SetupDiSetClassInstallParamsW
SetupGetInfFileListA
SetupGetLineTextA
CM_Get_DevNode_Status

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

kernel32

GetOEMCP
IsValidCodePage
DeleteCriticalSection
LocalAlloc
SetEnvironmentVariableA
GetSystemDirectoryW
LCMapStringA
GetSystemTime
CancelWaitableTimer
CreateFileA
GetVersionExW
GetTempPathW
WideCharToMultiByte
GetVersionExA
QueryPerformanceCounter
GetCalendarInfoW
GetConsoleOutputCP
GetConsoleCP
HeapReAlloc
GetTimeZoneInformation
DeleteFileW
GetProcessHeap
SetUnhandledExceptionFilter
HeapCreate
SetEvent
CreateThread
CompareStringA
FileTimeToLocalFileTime
TlsGetValue
GetCurrentProcess
ExitProcess
RaiseException
FreeLibrary
GetCommandLineA
SetStdHandle
InterlockedIncrement
SetWaitableTimer
GetDateFormatA
GetEnvironmentVariableW
IsDebuggerPresent
LCMapStringW
GetModuleHandleW
SystemTimeToFileTime
WriteFile
GetACP
GetConsoleMode
GetTickCount
MultiByteToWideChar
GetCPInfo
CreateEventA
UnmapViewOfFile
WriteConsoleA
CloseHandle
FlushFileBuffers
SetLastError
GetCurrentThreadId
FileTimeToSystemTime
FreeEnvironmentStringsA
EnumResourceNamesA
LeaveCriticalSection
RtlUnwind
MoveFileExW
TlsAlloc
InterlockedDecrement
WriteConsoleW
ReadFile
FreeEnvironmentStringsW
TlsFree
ExpandEnvironmentStringsW
CreateFileMappingA
EnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
HeapAlloc
TerminateProcess
GetFileType
GetLastError
ResetEvent
LoadLibraryExW
GetProcAddress
GetExitCodeProcess
GetStartupInfoA
GetStringTypeW
GetLocaleInfoA
HeapSize
LocalFree
Sleep
GetEnvironmentStringsW
VirtualFree
CreateWaitableTimerA
SetHandleCount
SetFilePointer
GetStdHandle
InitializeCriticalSection
GetTimeFormatA
MapViewOfFile
CompareStringW
GetFileAttributesW
WaitForSingleObject
InitializeCriticalSection
GetModuleHandleA
CreateProcessW
TlsSetValue
GetCurrentProcessId
GetModuleFileNameA
SetEndOfFile
CreateDirectoryW
DeviceIoControl
CopyFileW
GetEnvironmentStrings
GetSystemTimeAsFileTime
HeapFree
HeapDestroy
LoadLibraryA
CreateFileW
SetFileAttributesW
GetStringTypeA

shell32

SHGetFolderPathW

user32

DestroyWindow
SendMessageA
IsWindow
EnumChildWindows
GetDlgItem
CreateWindowExW
GetWindowThreadProcessId

newdev

UpdateDriverForPlugAndPlayDevicesW

iphlpapi

GetIpAddrTable

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b91fc242ff2ba9b74c6833671193c811

Headers

File Characteristics

Imports

rpcrt4

advapi32

ole32

setupapi

mprapi

kernel32

shell32

user32

newdev

iphlpapi

Sections

.text Size: 105KB - Virtual size: 104KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 84KB - Virtual size: 84KB

.rsrc Size: 1024B - Virtual size: 348KB

.text
Size: 105KB - Virtual size: 104KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 84KB - Virtual size: 84KB

.rsrc
Size: 1024B - Virtual size: 348KB