392052388e92cf4074de1b5098a40d96_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

392052388e92cf4074de1b5098a40d96_JaffaCakes118
Size

179KB
MD5

392052388e92cf4074de1b5098a40d96
SHA1

60782ff08e5e8ffed38ca50c1d69501832449b3b
SHA256

dfb63baa1eb6eac704276df69e3a5dc4f558a8c1798a6c1ec3e60e698806d4c4
SHA512

7f38246ac6344ee878f3a17728df89676f2f2e66362e9522032fd156968f41a0d8463da581cdd2be24d7b39431ba51c94a4ac0fa5d9ffdbb8b86f8f804d0897c
SSDEEP

3072:JPKGwgPCiOWtD3qTsBih0pCKDuGCI3Byl/hsT4l5iilPI:QGwgPCiOWdlBih0p015iw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
392052388e92cf4074de1b5098a40d96_JaffaCakes118

Files

392052388e92cf4074de1b5098a40d96_JaffaCakes118
.exe windows:4 windows x86 arch:x86

21d07bafaeb7bd9d488df3176602d5c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

shell32

SHGetFolderPathW

oleacc

LresultFromObject
AccessibleObjectFromPoint

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

GetCPInfo
CompareStringW
HeapFree
SetUnhandledExceptionFilter
RaiseException
HeapReAlloc
GetCurrentProcess
GetCurrentProcessId
LCMapStringW
EnterCriticalSection
RtlUnwind
QueryPerformanceCounter
LCMapStringA
WriteConsoleA
GetTimeFormatA
IsValidCodePage
GetConsoleOutputCP
CompareStringA
HeapSize
GetStringTypeW
UnhandledExceptionFilter
EnumResourceTypesA
VirtualAlloc
SetFilePointer
SetEnvironmentVariableA
GetTickCount
LeaveCriticalSection
ReadFile
WriteFile
SetStdHandle
CreateNamedPipeW
SetEndOfFile
HeapDestroy
GetACP
TerminateProcess
MultiByteToWideChar
GetSystemTimeAsFileTime
IsDebuggerPresent
VirtualFree
HeapCreate
InitializeCriticalSection
GetOEMCP
GetTimeZoneInformation
LoadLibraryA
GetDateFormatA
GetLocaleInfoA
FreeLibrary
GetStringTypeA

advapi32

OpenSCManagerW
GetSecurityDescriptorControl
InitializeAcl
StartServiceA
ControlService
QueryServiceLockStatusW
FreeSid
RegSaveKeyW
AllocateAndInitializeSid
ChangeServiceConfig2W
SetSecurityDescriptorDacl
RegEnumKeyExW
QueryServiceStatus
EnumDependentServicesW
EqualSid
SetNamedSecurityInfoW
LookupPrivilegeValueA
RegQueryValueExW
GetAclInformation
LookupPrivilegeNameA
ChangeServiceConfigW
CreateServiceW
InitializeSecurityDescriptor
CloseServiceHandle
QueryServiceConfigW
GetSecurityInfo
IsValidAcl
UnlockServiceDatabase
SetSecurityInfo
RegCloseKey
RegDeleteValueW
AdjustTokenPrivileges
GetAce
LockServiceDatabase
IsValidSecurityDescriptor
GetInheritanceSourceW
RegDeleteKeyW
SetEntriesInAclW
FreeInheritedFromArray
RegGetKeySecurity
OpenProcessToken
RegSetValueExW
LookupPrivilegeDisplayNameA
GetNamedSecurityInfoW
RegRestoreKeyW
GetTokenInformation
SetEntriesInAclA
AddAce
DeleteService
RegOpenKeyExW
OpenServiceW
RegCreateKeyExW
LookupAccountSidW
RegEnumValueW

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21d07bafaeb7bd9d488df3176602d5c7

Headers

File Characteristics

Imports

mprapi

shell32

oleacc

newdev

kernel32

advapi32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 3KB - Virtual size: 151KB

.data Size: 110KB - Virtual size: 109KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 3KB - Virtual size: 151KB

.data
Size: 110KB - Virtual size: 109KB

.rsrc
Size: 512B - Virtual size: 4KB