c892c2c48422d131e2d83d5136f051a3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c892c2c48422d131e2d83d5136f051a3_JaffaCakes118
Size

265KB
MD5

c892c2c48422d131e2d83d5136f051a3
SHA1

49b0078be29e62e00c7000de52a3286c26e2797e
SHA256

265b9c01615982c93c1b50fcb1b7d1361fc15715584ebb9e86357d2eb3f4ed0c
SHA512

ad46173dbe85fe874b12ceabad6e0b1c20faefcb91729568daee3da16abe617874bc62a28163caa7c3b0a20cd790f135fe3b270574f790dad052c6bfc24efecd
SSDEEP

6144:yQXoUiK29dT5mrijDTP5BjJY4Fu6oi9hRO/OmnrWoxdB7/RitHwlCcm:yQYJK291RFYgu619h2dY5woc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c892c2c48422d131e2d83d5136f051a3_JaffaCakes118

Files

c892c2c48422d131e2d83d5136f051a3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

811d43e2741f6e8e72dea7817bd62475

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

shell32

SHGetFolderPathW

oleacc

LresultFromObject
AccessibleObjectFromPoint

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

LoadLibraryA
SetUnhandledExceptionFilter
HeapFree
GetTickCount
RtlUnwind
GetCurrentProcessId
LCMapStringW
TerminateProcess
GetTimeFormatA
EnterCriticalSection
ReadFile
IsValidCodePage
CompareStringW
GetStringTypeW
GetCPInfo
GetConsoleOutputCP
VirtualFree
HeapReAlloc
SetStdHandle
GetLocaleInfoA
SetFilePointer
SetEnvironmentVariableA
EnumResourceTypesA
GetACP
VirtualAlloc
GetTimeZoneInformation
SetEndOfFile
InitializeCriticalSection
LCMapStringA
GetSystemTimeAsFileTime
IsDebuggerPresent
WriteFile
GetCurrentProcess
LeaveCriticalSection
MultiByteToWideChar
CreateNamedPipeA
CompareStringA
FreeLibrary
QueryPerformanceCounter
HeapDestroy
RaiseException
HeapCreate
UnhandledExceptionFilter
GetDateFormatA
HeapSize
WriteConsoleA
GetOEMCP
GetStringTypeA

advapi32

RegOpenKeyExW
DeleteService
QueryServiceConfigW
RegCloseKey
InitializeAcl
SetEntriesInAclW
AdjustTokenPrivileges
AddAce
LookupAccountSidW
ChangeServiceConfig2W
IsValidSecurityDescriptor
EnumDependentServicesW
StartServiceA
SetSecurityInfo
LockServiceDatabase
FreeInheritedFromArray
RegRestoreKeyW
RegSetValueExW
IsValidAcl
QueryServiceLockStatusW
GetTokenInformation
RegDeleteKeyW
CloseServiceHandle
AllocateAndInitializeSid
OpenSCManagerW
LookupPrivilegeDisplayNameA
RegCreateKeyExW
GetAclInformation
SetEntriesInAclA
OpenServiceW
SetSecurityDescriptorDacl
RegSaveKeyW
QueryServiceStatus
ChangeServiceConfigW
GetSecurityInfo
GetSecurityDescriptorControl
RegQueryValueExW
FreeSid
OpenProcessToken
GetInheritanceSourceW
CreateServiceW
GetNamedSecurityInfoW
UnlockServiceDatabase
LookupPrivilegeNameA
GetAce
RegEnumKeyExW
SetNamedSecurityInfoW
RegDeleteValueW
EqualSid
InitializeSecurityDescriptor
RegGetKeySecurity
LookupPrivilegeValueA
ControlService
RegEnumValueW

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

811d43e2741f6e8e72dea7817bd62475

Headers

File Characteristics

Imports

mprapi

shell32

oleacc

newdev

kernel32

advapi32

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 3KB - Virtual size: 151KB

.data Size: 203KB - Virtual size: 202KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 3KB - Virtual size: 151KB

.data
Size: 203KB - Virtual size: 202KB

.rsrc
Size: 512B - Virtual size: 4KB