fd67bacae904767f1a03549b40df8c2b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fd67bacae904767f1a03549b40df8c2b_JaffaCakes118
Size

186KB
MD5

fd67bacae904767f1a03549b40df8c2b
SHA1

19f9aee4123950ce0479248eebfb664dee965880
SHA256

554b6d86320bcde0116a2295ea88d08204a8954bde3a309292c1899ac089be89
SHA512

02bbb8b80023cb1442896e76121741419035d5c8ddecf8268dc8d1edf5271c0e9f3b22a4cb5dfdf5aae670e74018c948b62255faa37e766ee01a55f15dc7d35a
SSDEEP

3072:AHoD8YbYxBB7n+mD1//Csd/xcVzwllyVE2PdkPEPiLrz3NOJ99fNF9nC4Oien8pm:2Dxj6Y1nCkysRIuPEUOf9ZnUqICS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd67bacae904767f1a03549b40df8c2b_JaffaCakes118

Files

fd67bacae904767f1a03549b40df8c2b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

086ce7fa482bd120e1939fd9e7bf1641

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoGetMalloc
CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoQueryProxyBlanket
CoSetProxyBlanket
CoTaskMemFree
CoCreateInstance
StringFromGUID2

advapi32

RegEnumKeyExW
SetSecurityInfo
SetEntriesInAclA
QueryServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
UnlockServiceDatabase
LookupPrivilegeDisplayNameA
OpenSCManagerW
SetNamedSecurityInfoW
EnumDependentServicesW
GetInheritanceSourceW
RegGetKeySecurity
GetAce
ChangeServiceConfigW
GetSecurityInfo
QueryServiceStatus
EqualSid
RegDeleteValueW
LockServiceDatabase
RegDeleteKeyW
StartServiceA
FreeInheritedFromArray
RegSaveKeyW
QueryServiceLockStatusW
FreeSid
LookupPrivilegeNameA
CreateServiceW
LookupPrivilegeValueA
IsValidAcl
RegCreateKeyExW
LookupAccountSidW
RegQueryValueExW
SetSecurityDescriptorDacl
GetNamedSecurityInfoW
RegOpenKeyExW
GetTokenInformation
GetAclInformation
GetSecurityDescriptorControl
RegRestoreKeyW
OpenServiceW
AddAce
RegCloseKey
IsValidSecurityDescriptor
AdjustTokenPrivileges
DeleteService
RegSetValueExW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
InitializeAcl
ControlService
OpenProcessToken
RegEnumValueW

kernel32

GetCPInfo
ExpandEnvironmentStringsW
HeapAlloc
VirtualFree
CreateDirectoryW
GetLocaleInfoA
DeleteFileW
LoadLibraryA
GetTimeZoneInformation
FileTimeToLocalFileTime
GetCurrentProcessId
TlsFree
HeapReAlloc
GetVersionExW
GetStartupInfoA
GetModuleHandleW
SetWaitableTimer
DeviceIoControl
SetStdHandle
SetHandleCount
GetCalendarInfoW
GetExitCodeProcess
GetACP
GetSystemDirectoryW
CreateThread
FlushFileBuffers
HeapCreate
LeaveCriticalSection
TerminateProcess
GetOEMCP
GetDateFormatA
MoveFileExW
RtlUnwind
TlsAlloc
GetModuleFileNameA
IsValidCodePage
GetEnvironmentStrings
GetCommandLineA
CreateWaitableTimerA
WriteConsoleW
RaiseException
UnhandledExceptionFilter
CreateFileA
Sleep
IsDebuggerPresent
GetLastError
WaitForSingleObject
WriteConsoleA
EnumResourceNamesA
LCMapStringA
CompareStringW
LoadLibraryExW
GetSystemTime
InterlockedIncrement
GetVersionExA
HeapSize
CreateFileMappingA
SetEnvironmentVariableA
SystemTimeToFileTime
UnmapViewOfFile
HeapFree
TlsGetValue
GetConsoleOutputCP
MapViewOfFile
WriteFile
LocalAlloc
GetModuleHandleA
GetTempPathW
GetProcessHeap
SetEvent
GetConsoleCP
LCMapStringW
CancelWaitableTimer
WideCharToMultiByte
SetUnhandledExceptionFilter
QueryPerformanceCounter
SetFilePointer
GetFileAttributesW
GetFileType
CreateFileW
GetEnvironmentStringsW
InitializeCriticalSection
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
CreateProcessW
GetProcAddress
CloseHandle
CompareStringA
EnterCriticalSection
InterlockedDecrement
VirtualAlloc
HeapDestroy
FileTimeToSystemTime
ExitProcess
GetStringTypeW
GetTickCount
GetStdHandle
ResetEvent
GetEnvironmentVariableW
FreeLibrary
LocalFree
CreateEventA
DeleteCriticalSection
TlsSetValue
SetLastError
GetTimeFormatA
FreeEnvironmentStringsA
MultiByteToWideChar
CopyFileW
GetCurrentThreadId
InitializeCriticalSection
SetEndOfFile
GetCurrentProcess
SetFileAttributesW
ReadFile
GetConsoleMode
GetStringTypeA

user32

SendMessageA
IsWindow
DestroyWindow
CreateWindowExW
EnumChildWindows
GetDlgItem
GetWindowThreadProcessId

iphlpapi

GetIpAddrTable

setupapi

SetupDiClassGuidsFromNameW
SetupDiGetClassDevsA
CMP_WaitNoPendingInstallEvents
SetupDiDestroyDeviceInfoList
SetupGetLineTextA
SetupCloseInfFile
SetupDiDeleteDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInstallParamsA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDescriptionW
SetupDiGetClassDevsW
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupGetInfFileListA
SetupDiClassNameFromGuidW
SetupDiBuildClassInfoList
SetupDiCreateDeviceInfoList
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoA
SetupDiGetDeviceRegistryPropertyW
SetupOpenInfFileA
SetupDiEnumDeviceInfo
SetupCopyOEMInfW
CM_Get_DevNode_Status

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

rpcrt4

UuidCreate

shell32

SHGetFolderPathW

newdev

UpdateDriverForPlugAndPlayDevicesW

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

086ce7fa482bd120e1939fd9e7bf1641

Headers

File Characteristics

Imports

ole32

advapi32

kernel32

user32

iphlpapi

setupapi

mprapi

rpcrt4

shell32

newdev

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 78KB - Virtual size: 78KB

.rsrc Size: 1024B - Virtual size: 120KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 78KB - Virtual size: 78KB

.rsrc
Size: 1024B - Virtual size: 120KB