bb32e2e9c4b0a7bfb7dd26ae32fa9671_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bb32e2e9c4b0a7bfb7dd26ae32fa9671_JaffaCakes118
Size

165KB
MD5

bb32e2e9c4b0a7bfb7dd26ae32fa9671
SHA1

996b05f7cfcdf44e2c53cbc2e12caf324aea42b2
SHA256

2483d634a562248dba404122ffa8cbb2eb441e43cfb3f8647094dd6343780572
SHA512

1f6c1225696ba508e54110b422e418241009e1c64085cc22c70455477b79432cab25a01cc29c34c6faff5872898fe2610ca95d7fa9a88abd3943c417ea67e66e
SSDEEP

3072:VIYJGU9mOtBLNbNtk6+jn8AoXo4lepWz2XA/6d4iCrGakKzhBEM9LgpPV:VIYjme9NhX+j8AoXonpWz2Q/hiS3EMZ0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb32e2e9c4b0a7bfb7dd26ae32fa9671_JaffaCakes118

Files

bb32e2e9c4b0a7bfb7dd26ae32fa9671_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e668394dc157d8824410956892645e52

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

oleacc

LresultFromObject
AccessibleObjectFromPoint

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

GetSystemTimeAsFileTime
GetTimeZoneInformation
FreeLibrary
SetEnvironmentVariableA
RaiseException
HeapFree
GetACP
IsValidCodePage
MultiByteToWideChar
GetCurrentProcess
EnterCriticalSection
CompareStringA
TerminateProcess
HeapSize
ReadFile
LCMapStringW
LoadLibraryA
GetStringTypeW
GetCurrentProcessId
RtlUnwind
VirtualFree
SetUnhandledExceptionFilter
LCMapStringA
EnumResourceTypesA
WriteConsoleA
GetTimeFormatA
LeaveCriticalSection
GetTickCount
GetConsoleOutputCP
SetFilePointer
VirtualAlloc
CompareStringW
CreateNamedPipeA
UnhandledExceptionFilter
WriteFile
IsDebuggerPresent
QueryPerformanceCounter
GetOEMCP
HeapReAlloc
SetEndOfFile
GetDateFormatA
GetLocaleInfoA
SetStdHandle
HeapDestroy
InitializeCriticalSection
GetCPInfo
HeapCreate
GetStringTypeA

advapi32

RegDeleteKeyW
EnumDependentServicesW
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
OpenProcessToken
UnlockServiceDatabase
StartServiceA
GetNamedSecurityInfoW
SetSecurityInfo
DeleteService
RegCloseKey
ChangeServiceConfigW
GetAce
EqualSid
InitializeAcl
LockServiceDatabase
GetInheritanceSourceW
RegRestoreKeyW
IsValidAcl
FreeSid
AddAce
RegSaveKeyW
QueryServiceConfigW
ControlService
RegQueryValueExW
GetTokenInformation
QueryServiceLockStatusW
RegDeleteValueW
AdjustTokenPrivileges
QueryServiceStatus
LookupAccountSidW
RegOpenKeyExW
OpenServiceW
AllocateAndInitializeSid
LookupPrivilegeNameA
RegSetValueExW
LookupPrivilegeValueA
IsValidSecurityDescriptor
RegCreateKeyExW
FreeInheritedFromArray
ChangeServiceConfig2W
CloseServiceHandle
SetEntriesInAclA
RegGetKeySecurity
GetSecurityInfo
RegEnumKeyExW
CreateServiceW
SetNamedSecurityInfoW
OpenSCManagerW
InitializeSecurityDescriptor
GetAclInformation
SetEntriesInAclW
LookupPrivilegeDisplayNameA
RegEnumValueW

shell32

SHGetFolderPathW

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e668394dc157d8824410956892645e52

Headers

File Characteristics

Imports

mprapi

oleacc

newdev

kernel32

advapi32

shell32

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 3KB - Virtual size: 403KB

.data Size: 115KB - Virtual size: 114KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 3KB - Virtual size: 403KB

.data
Size: 115KB - Virtual size: 114KB

.rsrc
Size: 512B - Virtual size: 4KB