060d41f75055ed0ffd43a408e6a5801e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

060d41f75055ed0ffd43a408e6a5801e_JaffaCakes118
Size

345KB
MD5

060d41f75055ed0ffd43a408e6a5801e
SHA1

96a466c5dbc7e4a10257afb3bd8b790f965084d9
SHA256

34e1b92e38659dd6407c5065a3dd0cd8b791b182af5eaeb26b2a4573bc2177ea
SHA512

663cd0f6d73fd7a91a6b7058c201bfe8f6797c94b90f1690119ad7b80f560e8f913143ed8e46c8efcf5d1450aa4eb5b69a0ad1ffc2646fe86f53fc96ecb014ff
SSDEEP

6144:44oibXfchTduH5Gwqp5ASxhJq94C1ORG+v4igk72RC/kVp4uOebbkYCDG:NjbMQk5AOhJFGBmkVpvnkYz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
060d41f75055ed0ffd43a408e6a5801e_JaffaCakes118

Files

060d41f75055ed0ffd43a408e6a5801e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

62cad7e15ebdb26a48166d6844f228c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnumDesktopsA
SetTimer

kernel32

GetModuleHandleA
Heap32Next
EnumSystemCodePagesA
GetStartupInfoA

mpr

WNetEnumResourceW
WNetDisconnectDialog
WNetGetUserA
WNetGetConnectionW
WNetCloseEnum
WNetAddConnectionA
WNetOpenEnumA
WNetEnumResourceA
WNetGetUserW
MultinetGetConnectionPerformanceA
WNetUseConnectionA

rasapi32

RasGetProjectionInfoA

winmm

mmioDescend
PlaySoundW
midiOutClose
mmioOpenW
mixerGetDevCapsW
midiStreamOpen
midiInReset
mmioOpenA
mmioSetBuffer
mmioStringToFOURCCW
mciSendCommandW
mmioWrite
waveOutWrite
midiInOpen
mmioRead
waveOutGetDevCapsA
joySetThreshold
waveInClose
mmioSendMessage
mmioCreateChunk
midiOutCacheDrumPatches
waveOutGetID
GetDriverModuleHandle
waveOutGetPitch
mixerGetDevCapsA
midiOutUnprepareHeader
joyReleaseCapture
waveInGetPosition
waveOutOpen
mmioRenameA
midiOutGetID
PlaySoundA
waveInPrepareHeader
midiStreamStop
mmioClose
midiOutPrepareHeader
mmioStringToFOURCCA
mixerGetNumDevs
midiInMessage
midiStreamPause
mixerGetControlDetailsW
OpenDriver
midiOutGetErrorTextA
waveOutBreakLoop
midiOutReset
DefDriverProc
DrvGetModuleHandle
mciSendStringA
auxSetVolume
mixerGetLineControlsW
SendDriverMessage
mmioAscend
joyGetDevCapsW
mciGetDeviceIDA
midiOutGetVolume
midiInGetDevCapsA
waveOutClose
mixerClose
midiOutOpen
waveInStart
midiOutGetDevCapsA
mmioInstallIOProcW
mmioGetInfo
midiStreamClose
sndPlaySoundW
sndPlaySoundA
waveOutRestart
midiInStart
midiInGetErrorTextA
waveOutPause
midiInUnprepareHeader
waveInGetErrorTextA
mciGetYieldProc
midiInAddBuffer
mciSendCommandA
joyGetPosEx
waveOutGetDevCapsW
mciGetDeviceIDFromElementIDA
waveInGetID
mixerGetLineControlsA
timeSetEvent
waveOutSetPitch
midiInStop
midiOutGetDevCapsW
waveInMessage
mciGetDeviceIDFromElementIDW
mciGetDeviceIDW
waveInReset
joyGetNumDevs

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp
_except_handler3
__set_app_type
__p__fmode

advapi32

RegConnectRegistryA
GetKernelObjectSecurity
GetServiceKeyNameA
GetSecurityDescriptorDacl
ChangeServiceConfig2A
OpenBackupEventLogA
SetPrivateObjectSecurity
BuildTrusteeWithNameA
GetEffectiveRightsFromAclA
LsaEnumerateAccountRights
LsaFreeMemory
AddAuditAccessAce
LookupPrivilegeValueA
ObjectPrivilegeAuditAlarmA
GetExplicitEntriesFromAclW
SetKernelObjectSecurity
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
RegQueryValueExA
RegEnumValueW
LookupAccountNameA
EnumServicesStatusA
NotifyChangeEventLog
QueryServiceConfig2A
LsaLookupNames
RegSetValueW
AllocateAndInitializeSid
LsaEnumerateTrustedDomains
RegSetValueExW
ObjectOpenAuditAlarmW
LsaDeleteTrustedDomain
DuplicateToken
GetNumberOfEventLogRecords
AddAccessAllowedAce
LsaSetInformationPolicy
ObjectDeleteAuditAlarmW
GetSecurityDescriptorGroup
AccessCheckAndAuditAlarmA
SetNamedSecurityInfoW
CreateServiceA
RegEnumKeyA
AddAccessDeniedAce
AdjustTokenGroups
BuildImpersonateExplicitAccessWithNameA
PrivilegedServiceAuditAlarmW
LsaRetrievePrivateData
GetAce
OpenEventLogA
ControlService
GetExplicitEntriesFromAclA
LsaCreateTrustedDomainEx
RegCreateKeyA
IsValidSid
RegDeleteKeyW
ReportEventW
GetFileSecurityA
RegEnumKeyExW
ImpersonateSelf
ClearEventLogW
LsaNtStatusToWinError
LsaEnumerateAccountsWithUserRight
RegSetValueExA
GetNamedSecurityInfoA
LsaClose
CloseServiceHandle
RegOpenKeyA
OpenServiceA
GetServiceKeyNameW
RegReplaceKeyA
LsaQueryInformationPolicy
RegCreateKeyExA
RegDeleteValueW
RegSaveKeyA
InitializeSecurityDescriptor
CreateProcessAsUserA
RegConnectRegistryW
GetTrusteeNameW
AccessCheck
GetTokenInformation
OpenBackupEventLogW
RegSetKeySecurity
StartServiceA
AdjustTokenPrivileges
LsaOpenPolicy
MapGenericMask
QueryServiceLockStatusA
EncryptFileW
GetSidSubAuthority
IsTokenRestricted
LogonUserA
QueryServiceLockStatusW
RegReplaceKeyW
RegisterEventSourceW
DeregisterEventSource
AreAnyAccessesGranted
EqualSid
AddAce
GetServiceDisplayNameW
QueryServiceConfigA
GetLengthSid
GetNamedSecurityInfoW
CloseEventLog
ChangeServiceConfigA
SetFileSecurityA
RegOpenKeyExA
SetFileSecurityW
BuildExplicitAccessWithNameA
EnumDependentServicesW
GetUserNameW
OpenSCManagerW
FindFirstFreeAce
GetAuditedPermissionsFromAclW
MakeSelfRelativeSD
SetEntriesInAclA
LockServiceDatabase
EqualPrefixSid
SetSecurityInfo
GetSecurityInfo

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62cad7e15ebdb26a48166d6844f228c1

Headers

File Characteristics

Imports

user32

kernel32

mpr

rasapi32

winmm

msvcrt

advapi32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 1.5MB

.rsrc Size: 40KB - Virtual size: 36KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 1.5MB

.rsrc
Size: 40KB - Virtual size: 36KB