f667a1efbd3a8139526eb7775affa2eb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f667a1efbd3a8139526eb7775affa2eb_JaffaCakes118
Size

175KB
MD5

f667a1efbd3a8139526eb7775affa2eb
SHA1

c2c652f93b57f71bb2c529be4a2a79afdaa68582
SHA256

393291e3acdeeb91b0d00327a55785e7a549ba4e25451033ee1197ee0beee0f6
SHA512

285f83c910d12aa7f67b3615bb38c5e0edda613ff9f15d6dcdd7a25d85c309ed0ea7ab1c4175a784da9a97411e4ac7b7a97bdc0064f2c3fb34b3a101006faaa2
SSDEEP

3072:a5BtyHlQRB1lvEljPyVQ3fNcTRh+wyq9oVofL5+aualo8W:a8HlI1leLyS3fN3qQUDua6j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f667a1efbd3a8139526eb7775affa2eb_JaffaCakes118

Files

f667a1efbd3a8139526eb7775affa2eb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

017ec79d0025df1ba8953f1010dd74e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoGetMalloc
CoSetProxyBlanket
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoQueryProxyBlanket
StringFromGUID2

iphlpapi

GetIpAddrTable

advapi32

OpenProcessToken
RegSaveKeyW
GetSecurityDescriptorControl
RegOpenKeyExW
AdjustTokenPrivileges
EqualSid
QueryServiceConfigW
SetEntriesInAclA
OpenServiceW
ChangeServiceConfig2W
InitializeAcl
GetNamedSecurityInfoW
GetInheritanceSourceW
CloseServiceHandle
RegEnumKeyExW
RegSetValueExW
SetNamedSecurityInfoW
RegCreateKeyExW
GetTokenInformation
ControlService
FreeInheritedFromArray
LookupPrivilegeDisplayNameA
UnlockServiceDatabase
SetSecurityInfo
InitializeSecurityDescriptor
FreeSid
IsValidSecurityDescriptor
OpenSCManagerW
ChangeServiceConfigW
IsValidAcl
RegQueryValueExW
DeleteService
StartServiceA
SetSecurityDescriptorDacl
QueryServiceStatus
RegGetKeySecurity
AllocateAndInitializeSid
RegCloseKey
LookupAccountSidW
LockServiceDatabase
EnumDependentServicesW
SetEntriesInAclW
CreateServiceW
AddAce
GetAce
RegRestoreKeyW
LookupPrivilegeNameA
RegDeleteValueW
RegDeleteKeyW
GetAclInformation
LookupPrivilegeValueA
QueryServiceLockStatusW
GetSecurityInfo
RegEnumValueW

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupDiGetClassDescriptionW
CMP_WaitNoPendingInstallEvents
SetupDiCreateDeviceInfoA
SetupGetInfFileListA
SetupDiClassNameFromGuidW
SetupOpenInfFileA
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyA
SetupGetLineTextA
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyW
SetupDiBuildClassInfoList
SetupCopyOEMInfW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceInstallParamsA
SetupCloseInfFile
SetupDiEnumDeviceInfo
SetupDiClassGuidsFromNameW
SetupDiGetDeviceInstanceIdW
SetupDiSetClassInstallParamsW
SetupDiDeleteDeviceInfo
CM_Get_DevNode_Status

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

kernel32

LoadLibraryA
GetCalendarInfoW
HeapAlloc
CreateThread
GetConsoleOutputCP
GetVersionExA
InitializeCriticalSection
SetEndOfFile
IsValidCodePage
GetFileAttributesW
FreeLibrary
SetEvent
SetLastError
GetCPInfo
MapViewOfFile
ExitProcess
TlsGetValue
GetLocaleInfoA
LoadLibraryExW
MultiByteToWideChar
CopyFileW
GetModuleHandleA
MoveFileExW
WriteConsoleA
SetFileAttributesW
DeleteCriticalSection
IsDebuggerPresent
VirtualAlloc
TlsAlloc
SetHandleCount
FileTimeToSystemTime
TerminateProcess
GetCurrentThreadId
WriteFile
CreateDirectoryW
GetSystemTimeAsFileTime
WaitForSingleObject
GetVersionExW
FreeEnvironmentStringsW
TlsFree
RtlUnwind
GetLastError
LCMapStringW
GetCommandLineA
CreateFileW
HeapSize
InterlockedDecrement
SetEnvironmentVariableA
GetStringTypeW
ExpandEnvironmentStringsW
UnmapViewOfFile
GetStartupInfoA
EnumResourceNamesA
CompareStringA
GetTimeFormatA
GetConsoleCP
RaiseException
LocalAlloc
HeapCreate
FlushFileBuffers
GetTempPathW
GetCurrentProcessId
SetWaitableTimer
SystemTimeToFileTime
CloseHandle
CreateProcessW
GetModuleHandleW
CreateFileA
GetEnvironmentStrings
CreateWaitableTimerA
ResetEvent
GetOEMCP
CreateEventA
FileTimeToLocalFileTime
LCMapStringA
GetModuleFileNameA
Sleep
LeaveCriticalSection
VirtualFree
WriteConsoleW
TlsSetValue
SetUnhandledExceptionFilter
GetSystemDirectoryW
GetEnvironmentStringsW
CancelWaitableTimer
WideCharToMultiByte
DeviceIoControl
GetEnvironmentVariableW
CreateFileMappingA
SetFilePointer
InitializeCriticalSection
InterlockedIncrement
GetFileType
GetDateFormatA
GetTickCount
HeapFree
GetCurrentProcess
FreeEnvironmentStringsA
CompareStringW
EnterCriticalSection
GetTimeZoneInformation
UnhandledExceptionFilter
GetProcessHeap
GetExitCodeProcess
SetStdHandle
QueryPerformanceCounter
GetSystemTime
GetConsoleMode
GetStdHandle
DeleteFileW
ReadFile
HeapDestroy
HeapReAlloc
GetACP
GetProcAddress
LocalFree
GetStringTypeA

user32

DestroyWindow
SendMessageA
EnumChildWindows
CreateWindowExW
IsWindow
GetDlgItem
GetWindowThreadProcessId

rpcrt4

UuidCreate

newdev

UpdateDriverForPlugAndPlayDevicesW

shell32

SHGetFolderPathW

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

017ec79d0025df1ba8953f1010dd74e5

Headers

File Characteristics

Imports

ole32

iphlpapi

advapi32

setupapi

mprapi

kernel32

user32

rpcrt4

newdev

shell32

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 75KB - Virtual size: 74KB

.rsrc Size: 1024B - Virtual size: 248KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 75KB - Virtual size: 74KB

.rsrc
Size: 1024B - Virtual size: 248KB