541b27839f7bc9a32757e4d91a7516ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

541b27839f7bc9a32757e4d91a7516ff_JaffaCakes118
Size

178KB
MD5

541b27839f7bc9a32757e4d91a7516ff
SHA1

38287e4e0950a7df3b4cf6cd065e11e3a55f2fb3
SHA256

22048640b90b1b76e7a6d5db2cbe4489db1cd83a9983397c3a3e4e909a6d9cb2
SHA512

0ddb9f331261b3dee8580b66d7c2f3e7791029866dcdc623f23e11e0be000ae36fdfdaee5f9d3894688f6e2f4f4f997d4bfa8bcd1289a3455faacb79d607ae67
SSDEEP

3072:RPqJg2DcXIJ7CmAoRJqD67wDNuVB4ijlKimuCiogMXV+FtV6HeOEH6FjaZN+hP:RPqbcu7wUqpJuVBxoIFtY+Om0jdh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
541b27839f7bc9a32757e4d91a7516ff_JaffaCakes118

Files

541b27839f7bc9a32757e4d91a7516ff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2f9fc8edd36ca160e2215c66602ac973

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetIpAddrTable

newdev

UpdateDriverForPlugAndPlayDevicesW

user32

CreateWindowExW
EnumChildWindows
GetDlgItem
DestroyWindow
IsWindow
SendMessageA
GetWindowThreadProcessId

shell32

SHGetFolderPathW

advapi32

SetSecurityInfo
AddAce
GetSecurityDescriptorControl
EnumDependentServicesW
RegCloseKey
GetSecurityInfo
UnlockServiceDatabase
GetInheritanceSourceW
FreeInheritedFromArray
SetNamedSecurityInfoW
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
GetNamedSecurityInfoW
ChangeServiceConfig2W
GetAclInformation
ControlService
StartServiceA
RegRestoreKeyW
RegEnumKeyExW
LookupPrivilegeNameA
QueryServiceLockStatusW
QueryServiceStatus
LookupPrivilegeValueA
InitializeAcl
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegSaveKeyW
GetTokenInformation
OpenProcessToken
LookupPrivilegeDisplayNameA
RegDeleteValueW
SetEntriesInAclA
LookupAccountSidW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
RegQueryValueExW
AdjustTokenPrivileges
CreateServiceW
IsValidAcl
RegDeleteKeyW
CloseServiceHandle
DeleteService
QueryServiceConfigW
FreeSid
GetAce
IsValidSecurityDescriptor
EqualSid
RegGetKeySecurity
SetSecurityDescriptorDacl
LockServiceDatabase
RegEnumValueW

rpcrt4

UuidCreate

ole32

CoGetMalloc
CoUninitialize
CoQueryProxyBlanket
CoSetProxyBlanket
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoInitializeSecurity
StringFromGUID2

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

setupapi

SetupCopyOEMInfW
SetupDiCallClassInstaller
CMP_WaitNoPendingInstallEvents
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetClassDescriptionW
SetupGetLineTextA
SetupDiCreateDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoA
SetupDiEnumDeviceInfo
SetupDiClassNameFromGuidW
SetupOpenInfFileA
SetupGetInfFileListA
SetupCloseInfFile
SetupDiDeleteDeviceInfo
SetupDiBuildClassInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceInstallParamsA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdW
SetupDiSetClassInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiClassGuidsFromNameW
CM_Get_DevNode_Status

kernel32

CreateFileW
EnterCriticalSection
IsDebuggerPresent
TlsFree
ResetEvent
GetCalendarInfoW
CopyFileW
GetConsoleMode
GetModuleFileNameA
SetStdHandle
GetTempPathW
FreeLibrary
ExpandEnvironmentStringsW
GetEnvironmentStrings
GetTimeFormatA
InterlockedIncrement
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
HeapAlloc
GetOEMCP
HeapSize
HeapCreate
GetTimeZoneInformation
DeviceIoControl
GetTickCount
CreateFileA
InitializeCriticalSection
GetCurrentProcessId
GetProcAddress
WriteConsoleA
HeapFree
GetLastError
VirtualFree
GetProcessHeap
GetCurrentProcess
DeleteCriticalSection
RtlUnwind
TlsGetValue
LoadLibraryA
DeleteFileW
TerminateProcess
LocalAlloc
GetSystemTime
CreateProcessW
VirtualAlloc
RaiseException
CompareStringA
GetModuleHandleW
Sleep
HeapDestroy
MapViewOfFile
MoveFileExW
CreateWaitableTimerA
LoadLibraryExW
SetEndOfFile
FileTimeToLocalFileTime
SetLastError
WriteConsoleW
HeapReAlloc
TlsSetValue
GetStartupInfoA
GetCommandLineA
GetFileType
GetVersionExW
EnumResourceNamesA
ReadFile
GetACP
GetEnvironmentVariableW
UnhandledExceptionFilter
GetLocaleInfoA
CreateFileMappingA
SystemTimeToFileTime
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
MultiByteToWideChar
QueryPerformanceCounter
CreateDirectoryW
SetFileAttributesW
CancelWaitableTimer
SetFilePointer
GetCurrentThreadId
SetEnvironmentVariableA
CreateEventA
SetEvent
GetDateFormatA
GetConsoleCP
GetSystemDirectoryW
GetModuleHandleA
IsValidCodePage
SetWaitableTimer
LCMapStringW
ExitProcess
LocalFree
InitializeCriticalSection
GetCPInfo
UnmapViewOfFile
WideCharToMultiByte
SetHandleCount
WriteFile
CreateThread
GetFileAttributesW
GetExitCodeProcess
FlushFileBuffers
GetStdHandle
CloseHandle
GetConsoleOutputCP
GetEnvironmentStringsW
LCMapStringA
CompareStringW
InterlockedDecrement
FileTimeToSystemTime
GetStringTypeW
WaitForSingleObject
LeaveCriticalSection
TlsAlloc
GetVersionExA
GetStringTypeA

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f9fc8edd36ca160e2215c66602ac973

Headers

File Characteristics

Imports

iphlpapi

newdev

user32

shell32

advapi32

rpcrt4

ole32

mprapi

setupapi

kernel32

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 76KB - Virtual size: 75KB

.rsrc Size: 1024B - Virtual size: 380KB

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 76KB - Virtual size: 75KB

.rsrc
Size: 1024B - Virtual size: 380KB