d16da67bb1dc404796105f8b7e8798b6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d16da67bb1dc404796105f8b7e8798b6_JaffaCakes118
Size

176KB
MD5

d16da67bb1dc404796105f8b7e8798b6
SHA1

cc6ae15cf294dade08a72a0bf9bd5492c31a0042
SHA256

c51b351681f80ae2bf6941721a91938676d8dc4e06be731bbf7b6c2cbd0a2028
SHA512

3bbbb5b9d02b43a0afb3a24f1554eb4fb5345244d13a6ae815dcc007a7a0331ab7f52bd1e80c9fbeef5b917500005286c9c1d8eda196e620e38d1d640a5a8d10
SSDEEP

3072:5EMuEtH8LDHtW+nHO3JDssosFmnZlJDt5uN8sPI2P1T1CmeCGlZEVRzLZAIz:eMuEtcLrXOZD//F2ZWNuo3UClT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d16da67bb1dc404796105f8b7e8798b6_JaffaCakes118

Files

d16da67bb1dc404796105f8b7e8798b6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28047f2adbe4d438938a69c6919d2b32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetIpAddrTable

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

ole32

CoGetMalloc
CoInitializeSecurity
CoQueryProxyBlanket
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket
CoInitializeEx
StringFromGUID2

advapi32

OpenProcessToken
AdjustTokenPrivileges
GetNamedSecurityInfoW
InitializeSecurityDescriptor
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
GetTokenInformation
LockServiceDatabase
GetAclInformation
SetSecurityDescriptorDacl
EqualSid
RegDeleteKeyW
RegSaveKeyW
RegEnumKeyExW
SetEntriesInAclW
LookupPrivilegeDisplayNameA
DeleteService
ChangeServiceConfig2W
IsValidAcl
FreeSid
LookupPrivilegeNameA
AllocateAndInitializeSid
SetSecurityInfo
QueryServiceConfigW
ControlService
RegQueryValueExW
LookupAccountSidW
GetSecurityInfo
GetInheritanceSourceW
OpenServiceW
RegGetKeySecurity
FreeInheritedFromArray
LookupPrivilegeValueA
AddAce
RegDeleteValueW
UnlockServiceDatabase
QueryServiceStatus
GetSecurityDescriptorControl
QueryServiceLockStatusW
InitializeAcl
CreateServiceW
RegCloseKey
ChangeServiceConfigW
OpenSCManagerW
StartServiceA
SetEntriesInAclA
RegRestoreKeyW
SetNamedSecurityInfoW
CloseServiceHandle
EnumDependentServicesW
IsValidSecurityDescriptor
GetAce
RegEnumValueW

rpcrt4

UuidCreate

user32

DestroyWindow
IsWindow
GetDlgItem
SendMessageA
CreateWindowExW
EnumChildWindows
GetWindowThreadProcessId

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

CreateProcessW
GetCommandLineA
LocalAlloc
CreateFileW
CopyFileW
InterlockedDecrement
UnhandledExceptionFilter
HeapCreate
CreateThread
SetHandleCount
FreeEnvironmentStringsW
GetTimeZoneInformation
CancelWaitableTimer
GetCalendarInfoW
GetModuleFileNameA
HeapDestroy
VirtualAlloc
GetEnvironmentStringsW
GetProcessHeap
GetLocaleInfoA
InterlockedIncrement
SetLastError
HeapReAlloc
GetTickCount
SetUnhandledExceptionFilter
SetStdHandle
HeapSize
TlsGetValue
GetSystemTimeAsFileTime
GetConsoleMode
LocalFree
LCMapStringW
MultiByteToWideChar
TlsSetValue
WriteConsoleW
GetLastError
LoadLibraryA
CreateDirectoryW
CloseHandle
GetConsoleCP
CompareStringA
GetVersionExW
WaitForSingleObject
GetCurrentThreadId
CreateFileMappingA
QueryPerformanceCounter
MapViewOfFile
FreeEnvironmentStringsA
GetCurrentProcessId
SetEndOfFile
GetModuleHandleW
GetStartupInfoA
RaiseException
GetStdHandle
GetEnvironmentVariableW
RtlUnwind
GetSystemTime
HeapAlloc
EnumResourceNamesA
ExpandEnvironmentStringsW
WriteConsoleA
SetFilePointer
HeapFree
GetStringTypeW
FileTimeToLocalFileTime
TlsFree
CreateEventA
DeviceIoControl
GetCurrentProcess
GetFileType
UnmapViewOfFile
GetTimeFormatA
IsDebuggerPresent
ResetEvent
GetModuleHandleA
GetEnvironmentStrings
FileTimeToSystemTime
SystemTimeToFileTime
LCMapStringA
SetEnvironmentVariableA
TlsAlloc
IsValidCodePage
GetCPInfo
GetSystemDirectoryW
CreateWaitableTimerA
GetVersionExA
CreateFileA
InitializeCriticalSection
GetOEMCP
SetWaitableTimer
ExitProcess
WideCharToMultiByte
SetFileAttributesW
GetConsoleOutputCP
DeleteCriticalSection
FreeLibrary
InitializeCriticalSection
SetEvent
CompareStringW
GetProcAddress
GetTempPathW
GetExitCodeProcess
EnterCriticalSection
ReadFile
MoveFileExW
TerminateProcess
GetDateFormatA
LeaveCriticalSection
WriteFile
DeleteFileW
GetFileAttributesW
LoadLibraryExW
GetACP
Sleep
FlushFileBuffers
VirtualFree
GetStringTypeA

setupapi

SetupGetInfFileListA
SetupDiGetClassDevsA
SetupGetLineTextA
CMP_WaitNoPendingInstallEvents
SetupDiClassNameFromGuidW
SetupDiGetClassDescriptionW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupOpenInfFileA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiDeleteDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoA
SetupCloseInfFile
SetupDiCreateDeviceInfoList
SetupCopyOEMInfW
SetupDiGetClassDevsW
SetupDiBuildClassInfoList
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstallParamsA
SetupDiSetDeviceRegistryPropertyW
SetupDiClassGuidsFromNameW
CM_Get_DevNode_Status

shell32

SHGetFolderPathW

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28047f2adbe4d438938a69c6919d2b32

Headers

File Characteristics

Imports

iphlpapi

mprapi

ole32

advapi32

rpcrt4

user32

newdev

kernel32

setupapi

shell32

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 72KB - Virtual size: 71KB

.rsrc Size: 1024B - Virtual size: 248KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 72KB - Virtual size: 71KB

.rsrc
Size: 1024B - Virtual size: 248KB