d79ce7a4383a22b42527e4e3271663cb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d79ce7a4383a22b42527e4e3271663cb_JaffaCakes118
Size

265KB
MD5

d79ce7a4383a22b42527e4e3271663cb
SHA1

6435b07c4c203dabd75c993b27cd2616f0ade7c9
SHA256

6f45cb68bb37d81e2118468233bca43cfe92add46d8595ef34f55102b07fe2cc
SHA512

702bac42993a474ad949375c9f79a6ee0ee5fe0f1ad042d0016ab6c9fb23ab2e2ef739cb86395f2d0be086700f54402517fcbad35de755d5b3d45e76872bc2da
SSDEEP

6144:TTp+zLPpMCXYpUwVtyVVGqkibrcav/DBxYNWTjCPSfl:hyLPp5I1+1kOrcasNWTjCPU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d79ce7a4383a22b42527e4e3271663cb_JaffaCakes118

Files

d79ce7a4383a22b42527e4e3271663cb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ece98f152140eb0b44a88a56ddb100b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

shell32

SHGetFolderPathW

kernel32

WriteConsoleA
WriteFile
GetDateFormatA
IsDebuggerPresent
GetCPInfo
GetConsoleOutputCP
InitializeCriticalSection
HeapFree
GetOEMCP
GetTimeZoneInformation
VirtualFree
EnterCriticalSection
HeapCreate
GetTimeFormatA
SetStdHandle
RtlUnwind
LeaveCriticalSection
LCMapStringW
IsValidCodePage
SetFilePointer
LCMapStringA
LoadLibraryA
QueryPerformanceCounter
EnumResourceTypesA
GetCurrentProcess
GetCurrentProcessId
FreeLibrary
SetUnhandledExceptionFilter
CompareStringA
GetStringTypeW
RaiseException
GetTickCount
UnhandledExceptionFilter
HeapSize
CreateNamedPipeA
SetEndOfFile
ReadFile
CompareStringW
MultiByteToWideChar
HeapDestroy
GetACP
GetLocaleInfoA
HeapReAlloc
VirtualAlloc
TerminateProcess
SetEnvironmentVariableA
GetSystemTimeAsFileTime
GetStringTypeA

oleacc

LresultFromObject
AccessibleObjectFromPoint

advapi32

StartServiceA
GetSecurityDescriptorControl
DeleteService
SetEntriesInAclA
GetTokenInformation
AdjustTokenPrivileges
AllocateAndInitializeSid
RegDeleteKeyW
SetSecurityDescriptorDacl
GetNamedSecurityInfoW
LookupPrivilegeValueA
RegGetKeySecurity
RegEnumKeyExW
EnumDependentServicesW
QueryServiceConfigW
ChangeServiceConfigW
RegSaveKeyW
EqualSid
FreeSid
LockServiceDatabase
OpenProcessToken
CloseServiceHandle
RegCreateKeyExW
FreeInheritedFromArray
InitializeSecurityDescriptor
OpenSCManagerW
GetAclInformation
ControlService
IsValidAcl
OpenServiceW
RegRestoreKeyW
QueryServiceLockStatusW
LookupAccountSidW
RegDeleteValueW
CreateServiceW
InitializeAcl
RegQueryValueExW
LookupPrivilegeDisplayNameA
IsValidSecurityDescriptor
UnlockServiceDatabase
QueryServiceStatus
ChangeServiceConfig2W
RegOpenKeyExW
LookupPrivilegeNameA
RegCloseKey
SetEntriesInAclW
SetNamedSecurityInfoW
SetSecurityInfo
RegSetValueExW
GetInheritanceSourceW
GetAce
GetSecurityInfo
AddAce
RegEnumValueW

newdev

UpdateDriverForPlugAndPlayDevicesW

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ece98f152140eb0b44a88a56ddb100b7

Headers

File Characteristics

Imports

mprapi

shell32

kernel32

oleacc

advapi32

newdev

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 3KB - Virtual size: 151KB

.data Size: 203KB - Virtual size: 203KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 3KB - Virtual size: 151KB

.data
Size: 203KB - Virtual size: 203KB

.rsrc
Size: 512B - Virtual size: 4KB