2e01a682ac7c716866ba4713e74d12f5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e01a682ac7c716866ba4713e74d12f5_JaffaCakes118
Size

315KB
MD5

2e01a682ac7c716866ba4713e74d12f5
SHA1

22b9b94a8a198c174c6011a7ac742f4a8a39066f
SHA256

d289ca350b3cadb8f95fb9244618d4bc091cf0ab35e8bc8c4116e6bed7c9b90d
SHA512

107879d83d9997bee041c14da791c4aa3c87e9be72d08d10601de032919c28c4bae2849259239ee60e32cdf765c0af3411ac15d9ec86c29a5790e3e61d05e605
SSDEEP

6144:G3qDEwv1+A8MGHqdVDInLy92N4GawO1lTuzRDXLv0M1ko6TQ:G3qDEwN8Mw6pQ22NDaw2lSLv0M6I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e01a682ac7c716866ba4713e74d12f5_JaffaCakes118

Files

2e01a682ac7c716866ba4713e74d12f5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

499a19149a16d42e6b81c4289ef776cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_XcptFilter
exit
_acmdln
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_exit

lz32

LZSeek

advapi32

RevertToSelf
LsaAddAccountRights
ReportEventA
UnlockServiceDatabase
GetAclInformation
IsValidSid
SetEntriesInAclA
LsaQueryTrustedDomainInfoByName
GetAuditedPermissionsFromAclW
GetUserNameW
GetPrivateObjectSecurity
CreateServiceA
MakeAbsoluteSD
GetTrusteeFormA
IsValidAcl
RegSaveKeyA
ObjectDeleteAuditAlarmW
CloseEventLog
OpenServiceA
RegCreateKeyW
LsaRetrievePrivateData
OpenBackupEventLogW
GetExplicitEntriesFromAclW
RegReplaceKeyW
EnumServicesStatusA
RegEnumValueW
LsaClose
LsaRemoveAccountRights
RegQueryMultipleValuesA
RegQueryInfoKeyW
RegUnLoadKeyA
OpenEventLogA
RegDeleteValueW
QueryServiceConfig2W
GetSidSubAuthority
GetSecurityDescriptorOwner
GetNumberOfEventLogRecords
LookupPrivilegeDisplayNameW
ChangeServiceConfig2A
RegQueryValueExA
OpenBackupEventLogA
LsaEnumerateAccountRights
ChangeServiceConfigW
AdjustTokenPrivileges
DeleteService
GetServiceDisplayNameW
MakeSelfRelativeSD
QueryServiceObjectSecurity
ObjectCloseAuditAlarmA
GetKernelObjectSecurity
GetOldestEventLogRecord
GetSidIdentifierAuthority
QueryServiceLockStatusW
ObjectOpenAuditAlarmW
RegisterEventSourceW
SetSecurityInfo
RegLoadKeyW
ReportEventW
GetNamedSecurityInfoW
ImpersonateSelf
RegEnumKeyExW
RegReplaceKeyA
LsaQueryTrustedDomainInfo
LookupAccountNameW
OpenServiceW
LookupPrivilegeNameW
QueryServiceConfigA
LookupSecurityDescriptorPartsW
AddAce
IsTokenRestricted
RegOpenKeyExW
RegOpenKeyA
RegCreateKeyExA
GetServiceKeyNameA
LookupPrivilegeValueA
SetFileSecurityA
BuildExplicitAccessWithNameW
LogonUserW
BackupEventLogA
MapGenericMask
GetSecurityInfo
GetTokenInformation
RegQueryMultipleValuesW
LsaEnumerateAccountsWithUserRight
AdjustTokenGroups
SetFileSecurityW
AccessCheck
PrivilegedServiceAuditAlarmW
RegCreateKeyExW
RegGetKeySecurity
SetThreadToken
GetSecurityDescriptorSacl
QueryServiceConfig2A
AccessCheckAndAuditAlarmA
ControlService
LogonUserA
GetSecurityDescriptorDacl
StartServiceA
RegisterEventSourceA
RegOpenKeyW
AbortSystemShutdownW
RegDeleteKeyA
RegDeleteKeyW
ObjectPrivilegeAuditAlarmA
CopySid
SetPrivateObjectSecurity
GetFileSecurityA
GetLengthSid
QueryServiceStatus
RegisterServiceCtrlHandlerW
RegSetValueA
QueryServiceLockStatusA
AllocateAndInitializeSid
RegOverridePredefKey
SetKernelObjectSecurity
RegisterServiceCtrlHandlerA
FreeSid
DecryptFileW
SetSecurityDescriptorSacl
RegQueryValueA
ReadEventLogW
BuildTrusteeWithNameW
SetServiceStatus
CloseServiceHandle
GetSecurityDescriptorLength
GetNamedSecurityInfoA
LsaOpenPolicy
AddAccessAllowedAce
SetNamedSecurityInfoA

user32

OemKeyScan
CreateDialogParamA

kernel32

GetPrivateProfileSectionA
DeleteFileA
FreeEnvironmentStringsA
AddAtomW
FindNextChangeNotification
GetTempFileNameA
GetCommProperties
CreateFileMappingW
GetPriorityClass
FileTimeToSystemTime
GetModuleHandleA
GetStartupInfoA

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

499a19149a16d42e6b81c4289ef776cd

Headers

File Characteristics

Imports

msvcrt

lz32

advapi32

user32

kernel32

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 3.0MB

.rsrc Size: 28KB - Virtual size: 26KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 3.0MB

.rsrc
Size: 28KB - Virtual size: 26KB