fa4d4bf75a1b9f9262b7a75e13a35912_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fa4d4bf75a1b9f9262b7a75e13a35912_JaffaCakes118
Size

267KB
MD5

fa4d4bf75a1b9f9262b7a75e13a35912
SHA1

fe6c44a8a52417343554955d2c4256c089c8bfde
SHA256

3057ccd02a85862bea425e6b4777ad6998b0646557f5c5e1fae7029d8ee437d7
SHA512

447da809b03f6b036bce17075687290b37ec6c91098814a4aac0405d8fa14f1302b2a5ae1340a39f14c4193e74de3c7b437ac1420479d1cca8a42a9368929e30
SSDEEP

6144:e9nHPoWoWBVJjMCPnsWmoQKSdEOWlzwaKNmnsimFfmwOEt4fqfI:8AAIcnsWACeaKNPFdOEafb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa4d4bf75a1b9f9262b7a75e13a35912_JaffaCakes118

Files

fa4d4bf75a1b9f9262b7a75e13a35912_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1633be624b6989d44728ca30804540e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

oleacc

LresultFromObject
AccessibleObjectFromPoint

newdev

UpdateDriverForPlugAndPlayDevicesW

advapi32

GetSecurityInfo
RegEnumKeyExW
RegCloseKey
RegSetValueExW
CreateServiceW
SetSecurityInfo
RegDeleteValueW
StartServiceA
RegGetKeySecurity
AllocateAndInitializeSid
EqualSid
LookupPrivilegeDisplayNameA
RegRestoreKeyW
RegSaveKeyW
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
OpenProcessToken
CloseServiceHandle
GetAclInformation
LookupPrivilegeValueA
InitializeAcl
EnumDependentServicesW
AdjustTokenPrivileges
QueryServiceLockStatusW
InitializeSecurityDescriptor
GetNamedSecurityInfoW
QueryServiceStatus
RegQueryValueExW
ControlService
GetAce
GetTokenInformation
OpenServiceW
ChangeServiceConfigW
FreeInheritedFromArray
IsValidAcl
UnlockServiceDatabase
ChangeServiceConfig2W
DeleteService
LockServiceDatabase
GetInheritanceSourceW
RegDeleteKeyW
RegCreateKeyExW
SetEntriesInAclW
OpenSCManagerW
SetEntriesInAclA
FreeSid
LookupAccountSidW
AddAce
QueryServiceConfigW
RegOpenKeyExW
GetSecurityDescriptorControl
SetNamedSecurityInfoW
LookupPrivilegeNameA
RegEnumValueW

shell32

SHGetFolderPathW

kernel32

GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetACP
LCMapStringW
LoadLibraryA
HeapCreate
HeapFree
GetOEMCP
LeaveCriticalSection
GetCurrentProcessId
HeapDestroy
GetDateFormatA
GetCPInfo
WriteFile
WriteConsoleA
GetCurrentProcess
ReadFile
GetTickCount
HeapReAlloc
SetUnhandledExceptionFilter
SetFilePointer
TerminateProcess
GetLocaleInfoA
CompareStringW
GetTimeZoneInformation
EnumResourceTypesA
SetEndOfFile
CreateNamedPipeA
CompareStringA
MultiByteToWideChar
LCMapStringA
GetStringTypeW
FreeLibrary
SetStdHandle
InitializeCriticalSection
SetEnvironmentVariableA
VirtualFree
HeapSize
EnterCriticalSection
GetConsoleOutputCP
IsValidCodePage
GetTimeFormatA
VirtualAlloc
QueryPerformanceCounter
RaiseException
GetStringTypeA

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1633be624b6989d44728ca30804540e4

Headers

File Characteristics

Imports

mprapi

oleacc

newdev

advapi32

shell32

kernel32

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 3KB - Virtual size: 147KB

.data Size: 197KB - Virtual size: 197KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 3KB - Virtual size: 147KB

.data
Size: 197KB - Virtual size: 197KB

.rsrc
Size: 512B - Virtual size: 4KB