2798b547563d815fc15e71d98f654156_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2798b547563d815fc15e71d98f654156_JaffaCakes118
Size

119KB
MD5

2798b547563d815fc15e71d98f654156
SHA1

e7de00963e05920eb2b07e07fce5f1a9d549929e
SHA256

686ae6106e9a7331a312cfe09bb90ae9d6ff693901437bdafea05326f91d6508
SHA512

6160b1124bdeb2be9d5b084a42fe8e057341212c72b56e0f2e0d7044562456b49f1a419850f6c34f8748705ed42e4beb0b7e41c7c289a516ce7e603a0bd19ca0
SSDEEP

1536:wqI8UAxqgL4hfgTqnZwnaHGYZjZ++alZ8wWYyTsr+kyZtSOj1MlVMwvpZx:wqIjAx5u4GnQPlGYr+kyZtSOuTvXx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2798b547563d815fc15e71d98f654156_JaffaCakes118

Files

2798b547563d815fc15e71d98f654156_JaffaCakes118
.exe windows:4 windows x86 arch:x86

91dfc3bb697808c0903ea3563e25b2db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupOpenInfFileA
SetupDiSetDeviceRegistryPropertyA
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupGetInfInformationA
SetupQueryInfVersionInformationA
SetupCopyOEMInfA
SetupDiClassGuidsFromNameA
SetupInstallFromInfSectionA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo

newdev

UpdateDriverForPlugAndPlayDevicesA

shlwapi

SHDeleteEmptyKeyA

kernel32

GetStringTypeW
GetStringTypeA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryA
FreeLibrary
GetWindowsDirectoryA
LocalFree
FormatMessageA
CloseHandle
GetCurrentProcess
GetModuleFileNameA
GetCurrentDirectoryA
CreateProcessA
FindNextFileA
FindFirstFileA
FindClose
RemoveDirectoryA
GetLocaleInfoA
FlushFileBuffers
SetStdHandle
SetEndOfFile
ReadFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLastError
GetStartupInfoA
HeapFree
RtlUnwind
GetModuleHandleA
ExitProcess
DeleteFileA
SetFileAttributesA
GetFileAttributesA
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
HeapSize
CreateFileA
SetFilePointer
GetConsoleCP
GetConsoleMode

user32

WaitForInputIdle

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
PrivilegeCheck
RegCreateKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

91dfc3bb697808c0903ea3563e25b2db

Headers

File Characteristics

Imports

setupapi

newdev

shlwapi

kernel32

user32

advapi32

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 28KB - Virtual size: 27KB

.trdata Size: 3KB - Virtual size: 3KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 28KB - Virtual size: 27KB

.trdata
Size: 3KB - Virtual size: 3KB