9071898241ee80dc0e52c7d81b0624c9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9071898241ee80dc0e52c7d81b0624c9_JaffaCakes118
Size

181KB
MD5

9071898241ee80dc0e52c7d81b0624c9
SHA1

b81cf0a4301253c2479da43ce7f8d7a31694da7b
SHA256

e9c4eb8d6852effc2d532045026c8919985e0c4952cfb6031b2576e9fb38523b
SHA512

35fd277b1c4066624a67dc8c5ca32dd27e05e809ac041f387f7ccbf660243f1634f574cd1cd31d1c643e0b6a591781c66d71f3efb3895285f886281b50398cf2
SSDEEP

3072:aDc3QjJdZq6PQQIjlUEWF6jxVSEAmnp8jRzc/vqB/y17MNyuuYm:acgj4iUH86jJp8jVc/vq4DuuV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9071898241ee80dc0e52c7d81b0624c9_JaffaCakes118

Files

9071898241ee80dc0e52c7d81b0624c9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6e17da66b0cc3e43290946de3ed37855

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateWindowExW
SendMessageA
DestroyWindow
GetDlgItem
EnumChildWindows
IsWindow
GetWindowThreadProcessId

shell32

SHGetFolderPathW

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

GetStartupInfoA
GetCalendarInfoW
TlsSetValue
CreateWaitableTimerA
SetEvent
HeapReAlloc
HeapAlloc
TerminateProcess
GetCPInfo
SetFilePointer
GetCurrentProcessId
CreateFileMappingA
LoadLibraryA
FileTimeToSystemTime
CompareStringA
GetTempPathW
ReadFile
VirtualFree
SetUnhandledExceptionFilter
CompareStringW
CloseHandle
MultiByteToWideChar
GetTickCount
InitializeCriticalSection
GetLocaleInfoA
SetEnvironmentVariableA
VirtualAlloc
ExpandEnvironmentStringsW
CancelWaitableTimer
WriteConsoleA
DeleteCriticalSection
CreateFileA
UnhandledExceptionFilter
Sleep
GetConsoleMode
CreateDirectoryW
GetTimeZoneInformation
EnterCriticalSection
TlsGetValue
GetSystemTime
SystemTimeToFileTime
TlsAlloc
GetVersionExA
SetFileAttributesW
HeapFree
SetHandleCount
GetStdHandle
GetSystemDirectoryW
FileTimeToLocalFileTime
CopyFileW
GetModuleHandleW
FreeEnvironmentStringsA
MapViewOfFile
GetLastError
GetSystemTimeAsFileTime
GetExitCodeProcess
GetProcAddress
GetDateFormatA
RtlUnwind
EnumResourceNamesA
HeapSize
GetTimeFormatA
GetEnvironmentStrings
FreeEnvironmentStringsW
HeapCreate
GetConsoleCP
FreeLibrary
IsDebuggerPresent
GetStringTypeW
SetLastError
LocalAlloc
ResetEvent
GetACP
ExitProcess
InitializeCriticalSection
GetFileAttributesW
FlushFileBuffers
WriteFile
SetStdHandle
LocalFree
DeleteFileW
GetEnvironmentVariableW
GetEnvironmentStringsW
LCMapStringA
CreateEventA
GetModuleHandleA
IsValidCodePage
CreateFileW
CreateThread
WriteConsoleW
CreateProcessW
QueryPerformanceCounter
WideCharToMultiByte
GetCurrentThreadId
GetCurrentProcess
SetEndOfFile
UnmapViewOfFile
GetConsoleOutputCP
SetWaitableTimer
GetProcessHeap
LCMapStringW
WaitForSingleObject
GetOEMCP
RaiseException
LoadLibraryExW
HeapDestroy
GetCommandLineA
DeviceIoControl
GetVersionExW
InterlockedIncrement
GetModuleFileNameA
TlsFree
MoveFileExW
GetFileType
InterlockedDecrement
LeaveCriticalSection
GetStringTypeA

iphlpapi

GetIpAddrTable

rpcrt4

UuidCreate

setupapi

SetupOpenInfFileA
SetupDiEnumDeviceInfo
CMP_WaitNoPendingInstallEvents
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdW
SetupDiSetClassInstallParamsW
SetupDiDeleteDeviceInfo
SetupDiCallClassInstaller
SetupCloseInfFile
SetupDiSetDeviceRegistryPropertyW
SetupGetLineTextA
SetupDiBuildClassInfoList
SetupDiGetClassDescriptionW
SetupCopyOEMInfW
SetupDiClassGuidsFromNameW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstallParamsA
SetupDiClassNameFromGuidW
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoList
SetupGetInfFileListA
SetupDiCreateDeviceInfoA
CM_Get_DevNode_Status

ole32

CoGetMalloc
CoInitializeSecurity
CoTaskMemFree
CoQueryProxyBlanket
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoUninitialize
StringFromGUID2

advapi32

FreeSid
QueryServiceLockStatusW
GetSecurityInfo
EnumDependentServicesW
RegRestoreKeyW
InitializeAcl
SetNamedSecurityInfoW
RegSaveKeyW
LockServiceDatabase
RegCloseKey
CloseServiceHandle
RegCreateKeyExW
InitializeSecurityDescriptor
GetAce
RegEnumKeyExW
GetInheritanceSourceW
OpenSCManagerW
GetNamedSecurityInfoW
RegDeleteKeyW
DeleteService
UnlockServiceDatabase
QueryServiceStatus
CreateServiceW
GetAclInformation
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeDisplayNameA
SetEntriesInAclW
FreeInheritedFromArray
AddAce
SetEntriesInAclA
ChangeServiceConfig2W
StartServiceA
IsValidAcl
ChangeServiceConfigW
LookupAccountSidW
SetSecurityInfo
QueryServiceConfigW
RegGetKeySecurity
AllocateAndInitializeSid
LookupPrivilegeValueA
RegQueryValueExW
LookupPrivilegeNameA
OpenProcessToken
ControlService
OpenServiceW
GetSecurityDescriptorControl
GetTokenInformation
EqualSid
IsValidSecurityDescriptor
RegSetValueExW
RegDeleteValueW
SetSecurityDescriptorDacl
RegEnumValueW

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e17da66b0cc3e43290946de3ed37855

Headers

File Characteristics

Imports

user32

shell32

mprapi

newdev

kernel32

iphlpapi

rpcrt4

setupapi

ole32

advapi32

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 73KB - Virtual size: 73KB

.rsrc Size: 1024B - Virtual size: 252KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 73KB - Virtual size: 73KB

.rsrc
Size: 1024B - Virtual size: 252KB