eed1ae2cea6272571d038fa0fb9170ec_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eed1ae2cea6272571d038fa0fb9170ec_JaffaCakes118
Size

270KB
MD5

eed1ae2cea6272571d038fa0fb9170ec
SHA1

2bccf0386cb6a025ac3bdfa9387eed075864ae87
SHA256

a6a3e6782a784897ed435e1e6c01d4a3bff424521201c3f46cb6e1403e42596b
SHA512

d776f1b8a8dcfe2dbf2730c8ba3689f91a0050662183e6ab6113b8e44204c0639c704c7b6ee74ef2c3da2eb611128aed3b7f13605e881fa916df3e25554494e6
SSDEEP

6144:u6yAeTXyJh3Q+RcpDbn56/T55l9rIVtALSvd8V/2fEU92/SMHm:u6ajyn3GpDbn56bLrIaSOV+fD92rH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eed1ae2cea6272571d038fa0fb9170ec_JaffaCakes118

Files

eed1ae2cea6272571d038fa0fb9170ec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0c9aec04eab1a356a549238e9192df26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

advapi32

ChangeServiceConfig2W
LookupPrivilegeDisplayNameA
GetNamedSecurityInfoW
IsValidAcl
RegSetValueExW
LookupAccountSidW
CloseServiceHandle
SetEntriesInAclW
RegRestoreKeyW
LookupPrivilegeValueA
QueryServiceConfigW
RegDeleteKeyW
GetAclInformation
StartServiceA
UnlockServiceDatabase
GetSecurityInfo
RegQueryValueExW
DeleteService
GetTokenInformation
SetSecurityDescriptorDacl
InitializeAcl
LookupPrivilegeNameA
OpenProcessToken
AddAce
QueryServiceStatus
RegDeleteValueW
EqualSid
SetSecurityInfo
EnumDependentServicesW
GetSecurityDescriptorControl
RegCreateKeyExW
RegGetKeySecurity
RegEnumKeyExW
FreeInheritedFromArray
QueryServiceLockStatusW
SetEntriesInAclA
GetAce
InitializeSecurityDescriptor
OpenSCManagerW
OpenServiceW
IsValidSecurityDescriptor
AllocateAndInitializeSid
CreateServiceW
ChangeServiceConfigW
LockServiceDatabase
ControlService
RegSaveKeyW
GetInheritanceSourceW
RegOpenKeyExW
AdjustTokenPrivileges
SetNamedSecurityInfoW
FreeSid
RegCloseKey
RegEnumValueW

newdev

UpdateDriverForPlugAndPlayDevicesW

oleacc

LresultFromObject
AccessibleObjectFromPoint

shell32

SHGetFolderPathW

kernel32

RaiseException
GetTimeZoneInformation
LoadLibraryA
TerminateProcess
FreeLibrary
HeapFree
HeapSize
LeaveCriticalSection
CompareStringW
GetOEMCP
IsDebuggerPresent
HeapReAlloc
HeapCreate
EnterCriticalSection
VirtualFree
GetCurrentProcess
SetUnhandledExceptionFilter
GetTickCount
WriteConsoleA
GetStringTypeW
SetFilePointer
SetStdHandle
LCMapStringW
RtlUnwind
EnumResourceTypesA
HeapDestroy
QueryPerformanceCounter
GetCPInfo
WriteFile
InitializeCriticalSection
ReadFile
CreateNamedPipeW
UnhandledExceptionFilter
SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoA
VirtualAlloc
GetSystemTimeAsFileTime
GetConsoleOutputCP
LCMapStringA
MultiByteToWideChar
GetDateFormatA
GetCurrentProcessId
CompareStringA
GetACP
GetTimeFormatA
IsValidCodePage
GetStringTypeA

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c9aec04eab1a356a549238e9192df26

Headers

File Characteristics

Imports

mprapi

advapi32

newdev

oleacc

shell32

kernel32

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 3KB - Virtual size: 143KB

.data Size: 199KB - Virtual size: 198KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 3KB - Virtual size: 143KB

.data
Size: 199KB - Virtual size: 198KB

.rsrc
Size: 512B - Virtual size: 4KB