d6ce4e036572bfee17db9e184b64f445_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d6ce4e036572bfee17db9e184b64f445_JaffaCakes118
Size

179KB
MD5

d6ce4e036572bfee17db9e184b64f445
SHA1

b6626827485b119fde72e6919f0e9f32418a9b10
SHA256

951d63a2a8f8a6a308b9710030458b897fa3d8ba50f5c4a5c9c52fcf332bec3b
SHA512

33a33b3fcfbbd0e885828b90b60ff88a126d3610fc1336a6035ee30d4bae1615e09be92d2a534e0528e6954e7c2ce2ac96c80dc64adf572b66f54d8c3c1ec3f8
SSDEEP

3072:vpBnzXiSQvj5Ib4NhhMjgVoyIe1lSTcNmfwbtDSogsFRShZAQ1ZyyNme+qnm/H:3yR9LNMAee1lLB2VgSAkZ+vUmf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6ce4e036572bfee17db9e184b64f445_JaffaCakes118

Files

d6ce4e036572bfee17db9e184b64f445_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c642e0cca71ae765101b375714b7a770

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupAccountSidW
QueryServiceConfigW
GetAce
LookupPrivilegeValueA
GetSecurityDescriptorControl
LockServiceDatabase
RegGetKeySecurity
RegQueryValueExW
SetNamedSecurityInfoW
IsValidSecurityDescriptor
RegRestoreKeyW
RegEnumKeyExW
SetEntriesInAclA
OpenProcessToken
EnumDependentServicesW
LookupPrivilegeDisplayNameA
RegSaveKeyW
OpenServiceW
DeleteService
AllocateAndInitializeSid
ControlService
SetSecurityInfo
GetSecurityInfo
OpenSCManagerW
StartServiceA
AddAce
RegDeleteValueW
RegCloseKey
FreeInheritedFromArray
UnlockServiceDatabase
GetTokenInformation
IsValidAcl
ChangeServiceConfigW
LookupPrivilegeNameA
RegOpenKeyExW
GetInheritanceSourceW
GetAclInformation
ChangeServiceConfig2W
GetNamedSecurityInfoW
QueryServiceStatus
SetEntriesInAclW
RegCreateKeyExW
InitializeAcl
CloseServiceHandle
FreeSid
QueryServiceLockStatusW
AdjustTokenPrivileges
RegSetValueExW
RegDeleteKeyW
EqualSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CreateServiceW
RegEnumValueW

iphlpapi

GetIpAddrTable

shell32

SHGetFolderPathW

kernel32

LoadLibraryExW
GetCalendarInfoW
GetOEMCP
UnmapViewOfFile
CreateProcessW
GetLocaleInfoA
LocalAlloc
CreateEventA
SetLastError
LCMapStringW
SetUnhandledExceptionFilter
RtlUnwind
LocalFree
GetStringTypeW
DeviceIoControl
GetEnvironmentStringsW
UnhandledExceptionFilter
FlushFileBuffers
GetDateFormatA
GetTimeZoneInformation
FreeLibrary
GetStartupInfoA
ReadFile
GetModuleHandleW
HeapAlloc
GetCommandLineA
WriteConsoleW
GetLastError
InterlockedDecrement
TlsFree
GetCurrentProcessId
MultiByteToWideChar
CopyFileW
TlsAlloc
GetFileAttributesW
WriteConsoleA
HeapDestroy
GetProcAddress
GetTempPathW
GetModuleFileNameA
CreateFileA
TlsGetValue
MapViewOfFile
WideCharToMultiByte
HeapSize
WriteFile
GetConsoleCP
GetCPInfo
GetExitCodeProcess
FreeEnvironmentStringsW
GetTimeFormatA
GetConsoleOutputCP
CreateFileMappingA
SetWaitableTimer
SetEndOfFile
SetFileAttributesW
LeaveCriticalSection
GetSystemDirectoryW
DeleteFileW
EnumResourceNamesA
GetFileType
IsValidCodePage
ExpandEnvironmentStringsW
CloseHandle
ResetEvent
IsDebuggerPresent
SetEnvironmentVariableA
FileTimeToSystemTime
SetStdHandle
ExitProcess
GetTickCount
GetEnvironmentVariableW
CreateWaitableTimerA
RaiseException
TlsSetValue
TerminateProcess
InitializeCriticalSection
InterlockedIncrement
SetFilePointer
GetSystemTime
GetConsoleMode
EnterCriticalSection
LCMapStringA
CreateThread
Sleep
GetVersionExW
HeapReAlloc
DeleteCriticalSection
VirtualFree
CompareStringA
GetProcessHeap
GetCurrentProcess
CancelWaitableTimer
SetEvent
CreateDirectoryW
MoveFileExW
GetSystemTimeAsFileTime
InitializeCriticalSection
CompareStringW
VirtualAlloc
GetModuleHandleA
FileTimeToLocalFileTime
HeapCreate
SetHandleCount
SystemTimeToFileTime
GetVersionExA
HeapFree
QueryPerformanceCounter
GetACP
WaitForSingleObject
GetCurrentThreadId
GetEnvironmentStrings
LoadLibraryA
CreateFileW
FreeEnvironmentStringsA
GetStdHandle
GetStringTypeA

newdev

UpdateDriverForPlugAndPlayDevicesW

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

user32

DestroyWindow
CreateWindowExW
SendMessageA
IsWindow
EnumChildWindows
GetDlgItem
GetWindowThreadProcessId

setupapi

SetupDiCreateDeviceInfoList
SetupDiSetClassInstallParamsW
SetupGetLineTextA
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoA
CMP_WaitNoPendingInstallEvents
SetupOpenInfFileA
SetupDiGetClassDescriptionW
SetupDiDeleteDeviceInfo
SetupCloseInfFile
SetupDiCallClassInstaller
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiBuildClassInfoList
SetupDiClassNameFromGuidW
SetupDiDestroyDeviceInfoList
SetupCopyOEMInfW
SetupDiGetClassDevsW
SetupDiGetDeviceInstallParamsA
SetupDiSetDeviceRegistryPropertyW
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameW
SetupGetInfFileListA
CM_Get_DevNode_Status

rpcrt4

UuidCreate

ole32

CoGetMalloc
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoQueryProxyBlanket
StringFromGUID2

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c642e0cca71ae765101b375714b7a770

Headers

File Characteristics

Imports

advapi32

iphlpapi

shell32

kernel32

newdev

mprapi

user32

setupapi

rpcrt4

ole32

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 75KB - Virtual size: 74KB

.rsrc Size: 1024B - Virtual size: 380KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 75KB - Virtual size: 74KB

.rsrc
Size: 1024B - Virtual size: 380KB