e0bd82eb013203eaec45dc296fa6e81e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e0bd82eb013203eaec45dc296fa6e81e_JaffaCakes118
Size

176KB
MD5

e0bd82eb013203eaec45dc296fa6e81e
SHA1

b902079a0c6df094435175860cae9e034f308727
SHA256

8fc134e7cfe97fa0ecf3ab0ed87e0905b111759c61089b63e49b980713fbbcc1
SHA512

22a7d867636d775ac6406aab7793a7ae4ba8a6fba8455ed71d8891e08a8c1b271e77711775b72190a3e2a114826814fcfd3a7aad8d1f13021880acd88ef9e73b
SSDEEP

3072:dIg7DU1gwqnT7D5xUqsC4BYWDqR1xNDUkuSRORw19tYxkHXwHHEd65:drU1gjDnbwV29NDUw9Gkaf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0bd82eb013203eaec45dc296fa6e81e_JaffaCakes118

Files

e0bd82eb013203eaec45dc296fa6e81e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ad71f7012913dd6df06337260691d24d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

HeapFree
SetUnhandledExceptionFilter
GetConsoleOutputCP
GetCurrentProcessId
UnhandledExceptionFilter
WriteFile
LoadLibraryA
IsValidCodePage
GetDateFormatA
HeapCreate
SetEnvironmentVariableA
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
GetStringTypeW
SetEndOfFile
VirtualAlloc
HeapDestroy
RaiseException
GetTickCount
SetStdHandle
SetFilePointer
CompareStringA
EnumResourceTypesA
WriteConsoleA
FreeLibrary
GetSystemTimeAsFileTime
LCMapStringW
ReadFile
GetLocaleInfoA
HeapReAlloc
EnterCriticalSection
VirtualFree
CreateMailslotW
IsDebuggerPresent
GetOEMCP
GetTimeZoneInformation
GetACP
LeaveCriticalSection
GetTimeFormatA
RtlUnwind
MultiByteToWideChar
HeapSize
QueryPerformanceCounter
LCMapStringA
GetCPInfo
CompareStringW
GetStringTypeA

oleacc

LresultFromObject
AccessibleObjectFromPoint

shell32

SHGetFolderPathW

advapi32

SetSecurityDescriptorDacl
OpenProcessToken
AddAce
LookupPrivilegeValueA
RegDeleteValueW
InitializeSecurityDescriptor
RegCreateKeyExW
GetNamedSecurityInfoW
CreateServiceW
InitializeAcl
LookupPrivilegeDisplayNameA
UnlockServiceDatabase
QueryServiceConfigW
FreeSid
CloseServiceHandle
GetAclInformation
SetEntriesInAclA
OpenSCManagerW
RegSetValueExW
RegSaveKeyW
LockServiceDatabase
LookupPrivilegeNameA
ControlService
GetTokenInformation
GetSecurityInfo
OpenServiceW
DeleteService
RegOpenKeyExW
RegGetKeySecurity
EqualSid
GetInheritanceSourceW
QueryServiceLockStatusW
IsValidAcl
AdjustTokenPrivileges
SetSecurityInfo
ChangeServiceConfig2W
RegDeleteKeyW
AllocateAndInitializeSid
EnumDependentServicesW
GetSecurityDescriptorControl
RegRestoreKeyW
SetNamedSecurityInfoW
IsValidSecurityDescriptor
ChangeServiceConfigW
RegQueryValueExW
FreeInheritedFromArray
QueryServiceStatus
RegCloseKey
RegEnumKeyExW
StartServiceA
LookupAccountSidW
GetAce
SetEntriesInAclW
RegEnumValueW

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad71f7012913dd6df06337260691d24d

Headers

File Characteristics

Imports

mprapi

newdev

kernel32

oleacc

shell32

advapi32

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 3KB - Virtual size: 155KB

.data Size: 128KB - Virtual size: 128KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 3KB - Virtual size: 155KB

.data
Size: 128KB - Virtual size: 128KB

.rsrc
Size: 512B - Virtual size: 4KB