d07629a8fc61cef41562f1d12cc25e75_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d07629a8fc61cef41562f1d12cc25e75_JaffaCakes118
Size

186KB
MD5

d07629a8fc61cef41562f1d12cc25e75
SHA1

a5275c1d5b5bb2420ee4feab5c092afb2d4d144b
SHA256

64dc974bc4e76daeac9d755c4ef8a03544f2d964f2f4f8a461170c2a46d409bc
SHA512

64eaf389383fbc55d30b7175e045f3e560f768f4bcf06014012c1951284b0f5a4dac89a7ab77b0fd78035f5e0e863b620c034318078b7b9a9ab965b625046692
SSDEEP

3072:uWT1u6/fjsatpUEq4sceA/RI+sEjrHIs2uCmtzyA8aFLdNChOzsjcXmmY2uJLge8:5Hf3tGEFtm+sCymtmA8aFIOzqc38J7Kr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d07629a8fc61cef41562f1d12cc25e75_JaffaCakes118

Files

d07629a8fc61cef41562f1d12cc25e75_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3f91166f70bd4c92c103ee98512fdadf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetIpAddrTable

kernel32

CreateProcessW
WriteFile
SetStdHandle
MoveFileExW
GetStartupInfoA
WriteConsoleA
LCMapStringA
SetWaitableTimer
GetCalendarInfoW
CopyFileW
GetSystemTime
MapViewOfFile
DeviceIoControl
DeleteCriticalSection
SetLastError
TlsSetValue
SystemTimeToFileTime
SetUnhandledExceptionFilter
GetProcAddress
FreeEnvironmentStringsW
SetEndOfFile
GetCurrentThreadId
ReadFile
GetEnvironmentVariableW
CreateFileW
MultiByteToWideChar
UnhandledExceptionFilter
FreeLibrary
FileTimeToLocalFileTime
WideCharToMultiByte
GetProcessHeap
FreeEnvironmentStringsA
CreateEventA
UnmapViewOfFile
GetModuleHandleW
WaitForSingleObject
RtlUnwind
GetTimeZoneInformation
GetACP
HeapFree
FileTimeToSystemTime
LocalAlloc
GetConsoleOutputCP
SetHandleCount
ResetEvent
Sleep
LocalFree
EnterCriticalSection
TlsAlloc
CreateDirectoryW
GetStdHandle
LeaveCriticalSection
SetFilePointer
GetConsoleMode
SetFileAttributesW
GetCommandLineA
GetSystemTimeAsFileTime
WriteConsoleW
GetEnvironmentStringsW
InterlockedIncrement
HeapAlloc
GetCPInfo
GetCurrentProcess
CreateFileMappingA
VirtualAlloc
HeapDestroy
EnumResourceNamesA
HeapSize
CreateThread
VirtualFree
GetTickCount
GetStringTypeW
ExpandEnvironmentStringsW
GetTimeFormatA
CompareStringA
FlushFileBuffers
HeapReAlloc
InitializeCriticalSection
InitializeCriticalSection
InterlockedDecrement
LoadLibraryExW
GetFileAttributesW
GetEnvironmentStrings
GetModuleHandleA
TerminateProcess
GetVersionExA
GetCurrentProcessId
GetDateFormatA
GetModuleFileNameA
SetEvent
GetSystemDirectoryW
GetTempPathW
CompareStringW
ExitProcess
GetFileType
GetExitCodeProcess
LCMapStringW
DeleteFileW
SetEnvironmentVariableA
RaiseException
GetConsoleCP
CreateFileA
GetLastError
CreateWaitableTimerA
QueryPerformanceCounter
CloseHandle
LoadLibraryA
GetLocaleInfoA
GetOEMCP
HeapCreate
TlsGetValue
TlsFree
IsDebuggerPresent
CancelWaitableTimer
GetVersionExW
IsValidCodePage
GetStringTypeA

advapi32

GetNamedSecurityInfoW
SetEntriesInAclW
OpenProcessToken
CloseServiceHandle
AdjustTokenPrivileges
SetNamedSecurityInfoW
RegSetValueExW
RegOpenKeyExW
RegRestoreKeyW
IsValidSecurityDescriptor
EqualSid
FreeSid
CreateServiceW
QueryServiceLockStatusW
SetSecurityInfo
SetSecurityDescriptorDacl
RegCloseKey
GetTokenInformation
RegGetKeySecurity
ChangeServiceConfig2W
LockServiceDatabase
RegSaveKeyW
InitializeAcl
LookupPrivilegeNameA
RegDeleteValueW
AddAce
QueryServiceConfigW
LookupPrivilegeDisplayNameA
GetSecurityDescriptorControl
RegQueryValueExW
GetInheritanceSourceW
RegCreateKeyExW
FreeInheritedFromArray
OpenSCManagerW
AllocateAndInitializeSid
EnumDependentServicesW
OpenServiceW
LookupPrivilegeValueA
IsValidAcl
RegEnumKeyExW
StartServiceA
ControlService
GetSecurityInfo
GetAce
GetAclInformation
LookupAccountSidW
QueryServiceStatus
ChangeServiceConfigW
UnlockServiceDatabase
DeleteService
RegDeleteKeyW
SetEntriesInAclA
InitializeSecurityDescriptor
RegEnumValueW

user32

IsWindow
EnumChildWindows
DestroyWindow
CreateWindowExW
GetDlgItem
SendMessageA
GetWindowThreadProcessId

ole32

CoGetMalloc
CoUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoQueryProxyBlanket
CoTaskMemFree
CoInitializeEx
StringFromGUID2

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiClassNameFromGuidW
SetupCopyOEMInfW
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstallParamsA
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupGetInfFileListA
SetupDiGetClassDevsA
SetupDiGetClassDescriptionW
SetupOpenInfFileA
SetupDiBuildClassInfoList
SetupCloseInfFile
SetupDiSetDeviceRegistryPropertyW
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiClassGuidsFromNameW
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoA
SetupDiDeleteDeviceInfo
SetupGetLineTextA
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

shell32

SHGetFolderPathW

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

rpcrt4

UuidCreate

newdev

UpdateDriverForPlugAndPlayDevicesW

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f91166f70bd4c92c103ee98512fdadf

Headers

File Characteristics

Imports

iphlpapi

kernel32

advapi32

user32

ole32

setupapi

shell32

mprapi

rpcrt4

newdev

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 78KB - Virtual size: 78KB

.rsrc Size: 1024B - Virtual size: 120KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 78KB - Virtual size: 78KB

.rsrc
Size: 1024B - Virtual size: 120KB