c151857646d48d5baa240b7391de69db_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c151857646d48d5baa240b7391de69db_JaffaCakes118
Size

851KB
MD5

c151857646d48d5baa240b7391de69db
SHA1

904a2a67b44b36b812972c93fc51813783d3a69b
SHA256

1426185d760eddcfef6f9d166821ba695ee27d59b630a0fd12b8fac32a49b02d
SHA512

a2c85482088523e5cf3639b6bbc50ba72ae3a2c7164b126ed5ca7a459d69fff6644e992734cb101318dd2ccb9c799224c7adeaa689aa4c23121b304f2ab02b48
SSDEEP

24576:9LGY2OvgPPSqV6DS7lBLsIj4ibzw9wzDu:zNqV60lJTj1D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c151857646d48d5baa240b7391de69db_JaffaCakes118

Files

c151857646d48d5baa240b7391de69db_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4abe443cc26bc4847a120963aeb54da9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

catsrvut

CGMIsAdministrator
??1CComPlusComponent@@UAE@XZ
StartMTSTOCOM
SysprepComplus
RunMTSToCom
??4CComPlusMethod@@QAEAAV0@ABV0@@Z
??_7CComPlusMethod@@6B@
??0CComPlusInterface@@QAE@ABV0@@Z
??0CComPlusComponent@@QAE@ABV0@@Z
SysprepComplus2
??4CComPlusTypelib@@QAEAAV0@ABV0@@Z
??_7CComPlusInterface@@6B@
??1CComPlusInterface@@UAE@XZ
QueryUserDllW
??4CComPlusObject@@QAEAAV0@ABV0@@Z
COMPlusUninstallActionW
??_7CComPlusComponent@@6B@
??4CComPlusComponent@@QAEAAV0@ABV0@@Z
??4CComPlusInterface@@QAEAAV0@ABV0@@Z
FindAssemblyModulesW
RegDBBackup
WinlogonHandlePendingInfOperations
RegDBRestore
??_7CComPlusObject@@6B@
ManagedRequestW

pdh

PdhMakeCounterPathA
PdhOpenQueryH
PdhSetQueryTimeRange
PdhReadRawLogRecord
PdhGetFormattedCounterArrayW
PdhGetFormattedCounterValue
PdhVbOpenQuery
PdhGetCounterInfoA
PdhEnumObjectItemsA
PdhExpandWildCardPathHW
PdhVbGetDoubleCounterValue
PdhCloseQuery
PdhTranslate009CounterA
PdhVerifySQLDBW
PdhTranslateLocaleCounterA
PdhVbAddCounter
PdhEnumObjectItemsW
PdhOpenQuery
PdhGetLogFileSize
PdhGetDefaultPerfObjectHA
PdhEnumObjectItemsHA

kernel32

_lwrite
WriteProfileSectionA
GetProcAddress
PurgeComm
GetThreadContext
ScrollConsoleScreenBufferW
GetConsoleFontSize
GetConsoleDisplayMode
GetSystemTimeAsFileTime
CreateEventW
ReplaceFileW
CreateHardLinkA
CreateFileMappingW
FindActCtxSectionStringA
LoadLibraryA
SetCurrentDirectoryW
InitializeCriticalSection
SetFileShortNameA
VirtualAlloc
GlobalSize
MultiByteToWideChar

msports

ComDBClaimPort
ComDBClose
ComDBReleasePort
SerialDisplayAdvancedSettings
ComDBResizeDatabase
ComDBClaimNextFreePort
ParallelPortPropPageProvider
ComDBGetCurrentPortUsage
PortsClassInstaller
ComDBOpen
SerialPortPropPageProvider

msdtcuiu

DtcPerfCollect
PerfDllRegisterServer
DtcPerfClose
DtcPerfOpen

Sections

.text
Size: 736KB - Virtual size: 735KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4abe443cc26bc4847a120963aeb54da9

Headers

DLL Characteristics

File Characteristics

Imports

catsrvut

pdh

kernel32

msports

msdtcuiu

Sections

.text Size: 736KB - Virtual size: 735KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 4KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 736KB - Virtual size: 735KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 4KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB