d3077250c4e3349bc0d512030cf04469_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d3077250c4e3349bc0d512030cf04469_JaffaCakes118
Size

186KB
MD5

d3077250c4e3349bc0d512030cf04469
SHA1

b0c3ac8518b484100b9d61c43bf930a8f007c784
SHA256

4fd07e4ba860cf2e651889e12511af622472194b80869ed10334d8575e4fcdb7
SHA512

67bc93775488e743ff1d10f537eb25811d22915f03e4d0a21c349eb8b24540b4e42d3292877e1ac6a5c270b36f7470d0a1813faefcc9e3efc731e20066135eb4
SSDEEP

3072:UX7KBgA6xRQqW/w/8gT2ayPiN8IL6GTYgoL+gl3vY8Nf:UrKB96x5WuKiCInTal3vDf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3077250c4e3349bc0d512030cf04469_JaffaCakes118

Files

d3077250c4e3349bc0d512030cf04469_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c14ffa51a6eb55487f1d72e47c665f65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoGetMalloc
CoSetProxyBlanket
CoUninitialize
CoQueryProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoTaskMemFree
StringFromGUID2

shell32

SHGetFolderPathW

kernel32

HeapDestroy
CreateDirectoryW
TerminateProcess
GetSystemTimeAsFileTime
CompareStringW
Sleep
HeapReAlloc
LoadLibraryExW
GetVersionExA
GetExitCodeProcess
LocalFree
VirtualAlloc
ExitProcess
GetCalendarInfoW
DeleteCriticalSection
GetTickCount
WriteConsoleW
ReadFile
GetConsoleCP
GetDateFormatA
FreeLibrary
QueryPerformanceCounter
GetProcAddress
SetWaitableTimer
TlsFree
SetLastError
TlsSetValue
GetEnvironmentStrings
LCMapStringW
UnmapViewOfFile
MultiByteToWideChar
SystemTimeToFileTime
DeleteFileW
GetModuleHandleA
GetCPInfo
CreateFileMappingA
GetCurrentProcess
CreateEventA
InitializeCriticalSection
HeapSize
GetFileAttributesW
FlushFileBuffers
GetStdHandle
InterlockedIncrement
GetCurrentThreadId
FileTimeToLocalFileTime
SetEvent
GetCurrentProcessId
CreateProcessW
TlsAlloc
GetStartupInfoA
GetOEMCP
FreeEnvironmentStringsW
GetTimeZoneInformation
SetUnhandledExceptionFilter
SetHandleCount
CopyFileW
SetEnvironmentVariableA
GetEnvironmentVariableW
LocalAlloc
WideCharToMultiByte
GetCommandLineA
GetTempPathW
GetConsoleMode
LeaveCriticalSection
EnumResourceNamesA
UnhandledExceptionFilter
GetSystemDirectoryW
CloseHandle
HeapFree
MoveFileExW
GetProcessHeap
IsDebuggerPresent
HeapCreate
GetTimeFormatA
SetStdHandle
CreateWaitableTimerA
CompareStringA
RtlUnwind
WriteFile
CreateFileA
CancelWaitableTimer
VirtualFree
CreateFileW
GetStringTypeW
GetModuleHandleW
SetEndOfFile
InitializeCriticalSection
SetFilePointer
GetConsoleOutputCP
WaitForSingleObject
GetSystemTime
MapViewOfFile
InterlockedDecrement
GetEnvironmentStringsW
GetACP
IsValidCodePage
GetVersionExW
GetFileType
EnterCriticalSection
WriteConsoleA
ResetEvent
ExpandEnvironmentStringsW
TlsGetValue
FreeEnvironmentStringsA
GetLastError
DeviceIoControl
RaiseException
LoadLibraryA
SetFileAttributesW
CreateThread
FileTimeToSystemTime
GetModuleFileNameA
GetLocaleInfoA
HeapAlloc
LCMapStringA
GetStringTypeA

newdev

UpdateDriverForPlugAndPlayDevicesW

iphlpapi

GetIpAddrTable

setupapi

SetupDiClassNameFromGuidW
SetupCloseInfFile
SetupGetInfFileListA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsA
SetupOpenInfFileA
SetupDiCreateDeviceInfoA
SetupCopyOEMInfW
SetupDiClassGuidsFromNameW
SetupGetLineTextA
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsA
SetupDiSetClassInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiDeleteDeviceInfo
SetupDiBuildClassInfoList
SetupDiCreateDeviceInfoList
SetupDiGetClassDescriptionW
CM_Get_DevNode_Status

user32

CreateWindowExW
DestroyWindow
SendMessageA
EnumChildWindows
GetDlgItem
IsWindow
GetWindowThreadProcessId

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

rpcrt4

UuidCreate

advapi32

QueryServiceConfigW
RegOpenKeyExW
LookupPrivilegeDisplayNameA
LockServiceDatabase
AdjustTokenPrivileges
CloseServiceHandle
RegQueryValueExW
QueryServiceLockStatusW
InitializeSecurityDescriptor
CreateServiceW
OpenProcessToken
SetEntriesInAclW
DeleteService
UnlockServiceDatabase
StartServiceA
FreeInheritedFromArray
ChangeServiceConfig2W
ControlService
InitializeAcl
RegDeleteKeyW
GetSecurityInfo
SetSecurityInfo
SetNamedSecurityInfoW
GetSecurityDescriptorControl
GetNamedSecurityInfoW
OpenServiceW
EqualSid
OpenSCManagerW
RegGetKeySecurity
AllocateAndInitializeSid
RegEnumKeyExW
SetEntriesInAclA
RegSaveKeyW
ChangeServiceConfigW
LookupPrivilegeNameA
GetAclInformation
GetInheritanceSourceW
RegRestoreKeyW
IsValidAcl
QueryServiceStatus
EnumDependentServicesW
RegDeleteValueW
RegSetValueExW
GetAce
RegCloseKey
LookupPrivilegeValueA
RegCreateKeyExW
LookupAccountSidW
AddAce
FreeSid
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
GetTokenInformation
RegEnumValueW

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c14ffa51a6eb55487f1d72e47c665f65

Headers

File Characteristics

Imports

ole32

shell32

kernel32

newdev

iphlpapi

setupapi

user32

mprapi

rpcrt4

advapi32

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 77KB - Virtual size: 76KB

.rsrc Size: 1024B - Virtual size: 116KB

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 77KB - Virtual size: 76KB

.rsrc
Size: 1024B - Virtual size: 116KB