b8b1525b8b07ff4f15be719df21c23a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b8b1525b8b07ff4f15be719df21c23a7_JaffaCakes118
Size

801KB
MD5

b8b1525b8b07ff4f15be719df21c23a7
SHA1

5b692f5d93a1bf06404708e5330d84d6f969c69a
SHA256

cba6e1e5ca650b4d97fe7329be9ecbf7af4db9560868e22d26873af216b81b21
SHA512

c999594375434a2829554edd42dcfef2db8c6715ec62c02a18068d5796ac065918427fc2214afc559ea06df4408de185c33d73472df5472e086abd7d1440bfef
SSDEEP

12288:Y1Qn1lpCSg+fply1HWndLdjHLl4wiKIasG+o0eY7YGAZ5lHVW:yehEWLHLl4ftasDodmY9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8b1525b8b07ff4f15be719df21c23a7_JaffaCakes118

Files

b8b1525b8b07ff4f15be719df21c23a7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e8e1c9a8bdcceb6c39aa393c0d234263

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bwa\iTunesWin-1022.12.1\srcroot\BuildResults\Production\iPodService.pdb

Imports

cfgmgr32

CM_Get_Device_ID_Size
CM_Get_Device_IDA
CM_Get_Parent
CM_Get_DevNode_Status
CM_Query_And_Remove_SubTreeW
CM_Setup_DevNode
CMP_WaitNoPendingInstallEvents

setupapi

SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceInstallParamsA
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

rpcrt4

UuidFromStringW

kernel32

CloseHandle
OpenMutexA
GetCommandLineA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
CreateMutexA
SetErrorMode
WaitForSingleObject
CreateEventA
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
Sleep
CreateThread
OutputDebugStringA
SetEvent
WaitForMultipleObjects
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcpyA
OpenEventA
TerminateThread
GetExitCodeThread
DeviceIoControl
CreateFileA
GetOverlappedResult
LoadLibraryA
GetTimeZoneInformation
ReadFile
GetFileSize
GetVolumeInformationA
GetTickCount
GetLocalTime
GetSystemTimeAsFileTime
IsDBCSLeadByte
FlushFileBuffers
WriteFile
GetLogicalDrives
GetFileAttributesA
InitializeCriticalSectionAndSpinCount
GetDiskFreeSpaceExA
GetFileAttributesExA
GetLogicalDriveStringsA
CopyFileW
SetFilePointer
CreateFileW
GetModuleFileNameW
DebugBreak
ReleaseSemaphore
CreateSemaphoreA
HeapSetInformation
GlobalFree
GlobalAlloc
GetLocaleInfoW
GetUserDefaultLCID
GetSystemDefaultLangID
HeapFree
GetProcessHeap
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetFileType
SetHandleCount
GetStdHandle
ExitProcess
HeapCreate
VirtualFree
LCMapStringW
LCMapStringA
SetLastError
SetEnvironmentVariableA
TlsFree
TlsSetValue
TlsAlloc
GetModuleHandleW
GetModuleFileNameA
lstrcmpiA
lstrlenA
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
LoadLibraryW
GetProcAddress
FreeLibrary
VerSetConditionMask
VerifyVersionInfoA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
TryEnterCriticalSection
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
HeapReAlloc
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc

user32

LoadStringA
CharNextA
RegisterClassA
CreateWindowExA
PostQuitMessage
RegisterDeviceNotificationA
GetPropA
DefWindowProcA
DestroyWindow
SetPropA
SetTimer
SendMessageA
wsprintfA
GetMessageA
DispatchMessageA
TranslateMessage
MessageBoxA
CharNextW
PostThreadMessageA
CharUpperA
UnregisterDeviceNotification

advapi32

RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegQueryInfoKeyA
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
OpenThreadToken
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSid
GetLengthSid
CopySid
LockServiceDatabase
ChangeServiceConfig2A
UnlockServiceDatabase
QueryServiceStatusEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
ControlService
DeleteService
CreateServiceA
RegEnumKeyExA
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenSCManagerA
OpenServiceA
RegDeleteKeyA

ole32

CoTaskMemFree
CoUninitialize
CoTaskMemRealloc
CoInitializeEx
StringFromGUID2
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoSuspendClassObjects
CoInitializeSecurity
CoResumeClassObjects
IIDFromString
CoTaskMemAlloc

oleaut32

UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreateVector
VariantClear
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

Sections

.text
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8e1c9a8bdcceb6c39aa393c0d234263

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cfgmgr32

setupapi

version

rpcrt4

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 293KB - Virtual size: 292KB

.rdata Size: 79KB - Virtual size: 78KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 386KB - Virtual size: 386KB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 293KB - Virtual size: 292KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 386KB - Virtual size: 386KB

.reloc
Size: 28KB - Virtual size: 27KB