de183f2b4dc2f6d7870c44b1b43ae082_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

de183f2b4dc2f6d7870c44b1b43ae082_JaffaCakes118
Size

179KB
MD5

de183f2b4dc2f6d7870c44b1b43ae082
SHA1

ec6a166e3c27b72395206b6bdce0580774dee6c1
SHA256

4314f482de0603e2d08c4d7e02dda821b8d600c3627fede12ab5341cca84017d
SHA512

23ad663a52abc71d0ab17be8de4a8e6abf1732f92435f542921dad127710d87ff0af5bf7d363e3e5e2c069d07d9281bd2637438d46d659213c742321e8d5e3fd
SSDEEP

3072:qe03Q4e8G7c634tljelV848jH+Z9DJ+AkE+6Vps/pfIN0iS5P7Zg7qOOOiWJQqyu:qJ3QPC634tlj+846uD5jis0RVDx4Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de183f2b4dc2f6d7870c44b1b43ae082_JaffaCakes118

Files

de183f2b4dc2f6d7870c44b1b43ae082_JaffaCakes118
.exe windows:4 windows x86 arch:x86

82760295e36c02dfc40b535292140354

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

kernel32

IsValidCodePage
HeapFree
GetConsoleOutputCP
SetEnvironmentVariableA
GetLocaleInfoA
GetCurrentProcessId
EnterCriticalSection
FreeLibrary
TerminateProcess
GetCurrentProcess
WriteFile
HeapReAlloc
GetACP
RaiseException
SetFilePointer
GetCPInfo
GetSystemTimeAsFileTime
IsDebuggerPresent
GetOEMCP
LCMapStringA
HeapDestroy
LoadLibraryA
SetStdHandle
VirtualFree
SetUnhandledExceptionFilter
CompareStringW
HeapCreate
QueryPerformanceCounter
EnumResourceTypesA
UnhandledExceptionFilter
LCMapStringW
MultiByteToWideChar
InitializeCriticalSection
ReadFile
CompareStringA
GetStringTypeW
GetTimeFormatA
CreateNamedPipeW
SetEndOfFile
VirtualAlloc
HeapSize
GetDateFormatA
GetTimeZoneInformation
LeaveCriticalSection
GetTickCount
RtlUnwind
WriteConsoleA
GetStringTypeA

oleacc

LresultFromObject
AccessibleObjectFromPoint

advapi32

LookupPrivilegeDisplayNameA
EqualSid
AddAce
OpenProcessToken
QueryServiceConfigW
UnlockServiceDatabase
IsValidSecurityDescriptor
RegSaveKeyW
RegOpenKeyExW
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
RegGetKeySecurity
QueryServiceLockStatusW
ChangeServiceConfig2W
ChangeServiceConfigW
GetNamedSecurityInfoW
CloseServiceHandle
RegEnumKeyExW
FreeInheritedFromArray
GetAclInformation
AdjustTokenPrivileges
RegRestoreKeyW
GetAce
LookupPrivilegeValueA
GetSecurityInfo
QueryServiceStatus
GetTokenInformation
RegCreateKeyExW
RegQueryValueExW
SetEntriesInAclA
LockServiceDatabase
EnumDependentServicesW
GetInheritanceSourceW
CreateServiceW
ControlService
RegCloseKey
RegDeleteKeyW
AllocateAndInitializeSid
LookupAccountSidW
SetNamedSecurityInfoW
IsValidAcl
FreeSid
RegDeleteValueW
StartServiceA
SetSecurityInfo
LookupPrivilegeNameA
DeleteService
OpenServiceW
InitializeAcl
OpenSCManagerW
SetEntriesInAclW
InitializeSecurityDescriptor
RegSetValueExW
RegEnumValueW

shell32

SHGetFolderPathW

newdev

UpdateDriverForPlugAndPlayDevicesW

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82760295e36c02dfc40b535292140354

Headers

File Characteristics

Imports

mprapi

kernel32

oleacc

advapi32

shell32

newdev

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 3KB - Virtual size: 147KB

.data Size: 110KB - Virtual size: 109KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 3KB - Virtual size: 147KB

.data
Size: 110KB - Virtual size: 109KB

.rsrc
Size: 512B - Virtual size: 4KB