dbb6858d9e9275405404c40bf5c39cb4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dbb6858d9e9275405404c40bf5c39cb4_JaffaCakes118
Size

179KB
MD5

dbb6858d9e9275405404c40bf5c39cb4
SHA1

18ce267bb4529b297bad971f758b310ac7b27124
SHA256

894c891dc44384c687238b7142c0a6934261be7151cc4ee41c9462d86d1f9f63
SHA512

28d4fc9736165fd7afea55e0311d00a74014442e8283a362b4b1297977362f2d351e39aba1a64b27204f592699eb5e6e436d86a09be3a721c4d5b1600a987121
SSDEEP

3072:O8Dd7ZvPeBjWR9zvOon0AGtG2JHOV9FZ5OwqAc9z4qUiwGtlZNxRCfn:O8D5ZO1WRFJ0Az2scAwlFNxwfn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbb6858d9e9275405404c40bf5c39cb4_JaffaCakes118

Files

dbb6858d9e9275405404c40bf5c39cb4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1253afb97d76bfa746c3c374133c94aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoGetMalloc
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoQueryProxyBlanket
CoTaskMemFree
CoUninitialize
StringFromGUID2

rpcrt4

UuidCreate

user32

IsWindow
SendMessageA
DestroyWindow
GetDlgItem
EnumChildWindows
CreateWindowExW
GetWindowThreadProcessId

iphlpapi

GetIpAddrTable

shell32

SHGetFolderPathW

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

newdev

UpdateDriverForPlugAndPlayDevicesW

setupapi

SetupDiClassGuidsFromNameW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceInstallParamsA
SetupGetLineTextA
SetupDiDeleteDeviceInfo
SetupDiCallClassInstaller
SetupDiSetDeviceRegistryPropertyW
SetupGetInfFileListA
SetupDiCreateDeviceInfoA
SetupDiClassNameFromGuidW
SetupDiCreateDeviceInfoList
SetupCloseInfFile
CMP_WaitNoPendingInstallEvents
SetupCopyOEMInfW
SetupDiSetClassInstallParamsW
SetupDiGetClassDescriptionW
SetupDiBuildClassInfoList
SetupOpenInfFileA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

kernel32

FreeEnvironmentStringsW
SetFileAttributesW
ExpandEnvironmentStringsW
HeapAlloc
RtlUnwind
GetCPInfo
FileTimeToSystemTime
UnmapViewOfFile
GetCalendarInfoW
GetProcessHeap
VirtualAlloc
DeleteFileW
UnhandledExceptionFilter
CopyFileW
GetFileAttributesW
MapViewOfFile
TlsSetValue
TerminateProcess
SystemTimeToFileTime
GetLastError
GetStdHandle
FileTimeToLocalFileTime
HeapReAlloc
GetDateFormatA
WriteConsoleA
ResetEvent
CreateProcessW
GetStringTypeW
FreeLibrary
CreateThread
GetACP
GetCommandLineA
GetTempPathW
FlushFileBuffers
SetHandleCount
ExitProcess
HeapCreate
LeaveCriticalSection
SetEvent
CancelWaitableTimer
TlsGetValue
GetEnvironmentStrings
GetModuleFileNameA
GetLocaleInfoA
RaiseException
LoadLibraryA
WideCharToMultiByte
GetConsoleCP
ReadFile
IsValidCodePage
GetConsoleOutputCP
SetLastError
CreateFileA
GetVersionExW
IsDebuggerPresent
WriteFile
GetCurrentThreadId
DeviceIoControl
SetUnhandledExceptionFilter
GetProcAddress
MultiByteToWideChar
VirtualFree
EnumResourceNamesA
FreeEnvironmentStringsA
SetStdHandle
WaitForSingleObject
QueryPerformanceCounter
GetModuleHandleA
CreateDirectoryW
GetCurrentProcessId
Sleep
LCMapStringW
CompareStringA
CloseHandle
InterlockedDecrement
TlsFree
EnterCriticalSection
CreateFileMappingA
LoadLibraryExW
GetEnvironmentVariableW
SetEndOfFile
InitializeCriticalSection
CreateWaitableTimerA
GetExitCodeProcess
GetCurrentProcess
GetStartupInfoA
CompareStringW
LocalAlloc
SetEnvironmentVariableA
MoveFileExW
GetConsoleMode
WriteConsoleW
GetTickCount
HeapFree
GetSystemTimeAsFileTime
SetFilePointer
GetEnvironmentStringsW
GetOEMCP
GetFileType
DeleteCriticalSection
GetModuleHandleW
HeapDestroy
CreateFileW
GetSystemTime
CreateEventA
GetTimeFormatA
GetVersionExA
SetWaitableTimer
LCMapStringA
GetSystemDirectoryW
InterlockedIncrement
GetTimeZoneInformation
LocalFree
HeapSize
TlsAlloc
InitializeCriticalSection
GetStringTypeA

advapi32

CreateServiceW
IsValidAcl
SetEntriesInAclA
RegOpenKeyExW
DeleteService
RegCloseKey
RegRestoreKeyW
SetNamedSecurityInfoW
FreeInheritedFromArray
RegEnumKeyExW
QueryServiceLockStatusW
LookupPrivilegeNameA
UnlockServiceDatabase
LookupPrivilegeValueA
StartServiceA
GetSecurityDescriptorControl
AddAce
GetInheritanceSourceW
EnumDependentServicesW
OpenServiceW
QueryServiceConfigW
InitializeSecurityDescriptor
FreeSid
AdjustTokenPrivileges
SetSecurityInfo
RegSaveKeyW
SetSecurityDescriptorDacl
RegDeleteKeyW
RegCreateKeyExW
RegGetKeySecurity
RegSetValueExW
GetNamedSecurityInfoW
GetAce
LockServiceDatabase
IsValidSecurityDescriptor
OpenSCManagerW
EqualSid
RegQueryValueExW
OpenProcessToken
QueryServiceStatus
GetSecurityInfo
ChangeServiceConfigW
SetEntriesInAclW
ChangeServiceConfig2W
ControlService
GetAclInformation
RegDeleteValueW
AllocateAndInitializeSid
GetTokenInformation
CloseServiceHandle
InitializeAcl
LookupPrivilegeDisplayNameA
LookupAccountSidW
RegEnumValueW

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1253afb97d76bfa746c3c374133c94aa

Headers

File Characteristics

Imports

ole32

rpcrt4

user32

iphlpapi

shell32

mprapi

newdev

setupapi

kernel32

advapi32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 71KB - Virtual size: 70KB

.rsrc Size: 1024B - Virtual size: 380KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 71KB - Virtual size: 70KB

.rsrc
Size: 1024B - Virtual size: 380KB