f83d393ededf2766adf11b8e51015a33_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f83d393ededf2766adf11b8e51015a33_JaffaCakes118
Size

168KB
MD5

f83d393ededf2766adf11b8e51015a33
SHA1

ff07e287c98c842ed42e0fbaf8147d3f23f06a6a
SHA256

8df096d7ac5fbbf87d5f117c370590f0f177f5963e873171451af1a5674ce521
SHA512

70a4bd41aa05c53b44c439d5f6c9fa58425a23b520915bc5a2ba7b74e899d199fa5a915f12c95b4321477f8bc66e1745ca955f5bc17207e243184e8d0fe7397e
SSDEEP

3072:k02RCXtj4OB2EEkxjtiLz00T1pOYvcEr4SF6Evm3b2syXxAP:n2QdR2qxjtiX00hcE5xvUHyhK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f83d393ededf2766adf11b8e51015a33_JaffaCakes118

Files

f83d393ededf2766adf11b8e51015a33_JaffaCakes118
.exe windows:4 windows x86 arch:x86

32e7af7d4a558c84cf88da7fffcdc166

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate

kernel32

GetStdHandle
GetModuleHandleA
MoveFileExW
ExpandEnvironmentStringsW
GetTimeFormatA
EnterCriticalSection
VirtualAlloc
Sleep
InitializeCriticalSection
FreeEnvironmentStringsW
CreateThread
FlushFileBuffers
LoadLibraryExW
GetTickCount
SystemTimeToFileTime
WriteFile
GetModuleFileNameA
DeviceIoControl
CreateProcessW
GetCalendarInfoW
GetVersionExW
GetCommandLineA
SetWaitableTimer
SetEndOfFile
LocalFree
GetProcessHeap
GetStartupInfoA
GetVersionExA
GetEnvironmentStringsW
CreateFileA
FileTimeToLocalFileTime
SetHandleCount
CreateEventA
SetEvent
RaiseException
TerminateProcess
LeaveCriticalSection
IsValidCodePage
CompareStringA
GetStringTypeW
GetExitCodeProcess
GetFileAttributesW
GetSystemTimeAsFileTime
GetConsoleMode
HeapAlloc
GetCurrentThreadId
CreateFileW
CloseHandle
GetFileType
CompareStringW
GetTimeZoneInformation
InterlockedIncrement
WaitForSingleObject
GetLastError
GetDateFormatA
GetEnvironmentStrings
HeapFree
TlsGetValue
LoadLibraryA
MapViewOfFile
GetLocaleInfoA
GetCPInfo
HeapCreate
WriteConsoleW
GetSystemTime
GetProcAddress
WideCharToMultiByte
SetFileAttributesW
GetSystemDirectoryW
EnumResourceNamesA
RtlUnwind
UnmapViewOfFile
GetOEMCP
QueryPerformanceCounter
CreateWaitableTimerA
InitializeCriticalSection
SetFilePointer
WriteConsoleA
TlsAlloc
CopyFileW
DeleteFileW
MultiByteToWideChar
GetEnvironmentVariableW
HeapSize
FreeLibrary
IsDebuggerPresent
HeapDestroy
CreateFileMappingA
GetConsoleCP
TlsFree
LocalAlloc
LCMapStringA
FileTimeToSystemTime
CreateDirectoryW
DeleteCriticalSection
SetStdHandle
GetConsoleOutputCP
SetUnhandledExceptionFilter
GetCurrentProcess
GetTempPathW
SetLastError
InterlockedDecrement
GetACP
ExitProcess
CancelWaitableTimer
ResetEvent
UnhandledExceptionFilter
TlsSetValue
GetCurrentProcessId
HeapReAlloc
ReadFile
SetEnvironmentVariableA
VirtualFree
LCMapStringW
FreeEnvironmentStringsA
GetModuleHandleW
GetStringTypeA

ole32

CoGetMalloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoQueryProxyBlanket
StringFromGUID2

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

advapi32

LookupPrivilegeValueA
RegDeleteValueW
OpenSCManagerW
LookupPrivilegeDisplayNameA
CloseServiceHandle
IsValidAcl
AddAce
EqualSid
InitializeSecurityDescriptor
GetInheritanceSourceW
QueryServiceConfigW
IsValidSecurityDescriptor
UnlockServiceDatabase
RegEnumKeyExW
FreeInheritedFromArray
RegQueryValueExW
ControlService
SetNamedSecurityInfoW
LookupPrivilegeNameA
SetSecurityDescriptorDacl
LookupAccountSidW
GetNamedSecurityInfoW
GetTokenInformation
SetEntriesInAclA
RegSaveKeyW
RegCloseKey
StartServiceA
AllocateAndInitializeSid
CreateServiceW
QueryServiceLockStatusW
DeleteService
AdjustTokenPrivileges
RegDeleteKeyW
LockServiceDatabase
FreeSid
RegGetKeySecurity
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
SetSecurityInfo
GetSecurityDescriptorControl
OpenServiceW
QueryServiceStatus
GetAce
GetSecurityInfo
InitializeAcl
SetEntriesInAclW
RegRestoreKeyW
ChangeServiceConfig2W
ChangeServiceConfigW
GetAclInformation
OpenProcessToken
EnumDependentServicesW
RegEnumValueW

iphlpapi

GetIpAddrTable

newdev

UpdateDriverForPlugAndPlayDevicesW

setupapi

SetupDiSetClassInstallParamsW
SetupCloseInfFile
SetupDiClassGuidsFromNameW
SetupGetLineTextA
SetupDiCreateDeviceInfoList
SetupCopyOEMInfW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiBuildClassInfoList
SetupDiEnumDeviceInfo
CMP_WaitNoPendingInstallEvents
SetupDiGetClassDevsW
SetupDiDeleteDeviceInfo
SetupDiGetDeviceInstallParamsA
SetupDiClassNameFromGuidW
SetupDiCreateDeviceInfoA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdW
SetupDiCallClassInstaller
SetupGetInfFileListA
SetupDiSetDeviceRegistryPropertyW
SetupOpenInfFileA
SetupDiGetClassDescriptionW
CM_Get_DevNode_Status

shell32

SHGetFolderPathW

user32

CreateWindowExW
EnumChildWindows
GetDlgItem
IsWindow
SendMessageA
DestroyWindow
GetWindowThreadProcessId

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32e7af7d4a558c84cf88da7fffcdc166

Headers

File Characteristics

Imports

rpcrt4

kernel32

ole32

mprapi

advapi32

iphlpapi

newdev

setupapi

shell32

user32

Sections

.text Size: 90KB - Virtual size: 89KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 69KB - Virtual size: 69KB

.rsrc Size: 1024B - Virtual size: 96KB

.text
Size: 90KB - Virtual size: 89KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 69KB - Virtual size: 69KB

.rsrc
Size: 1024B - Virtual size: 96KB