JaffaCakes118_637f1cfbbae238337cfc8bc289caf6f3

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_637f1cfbbae238337cfc8bc289caf6f3
Size

266KB
MD5

637f1cfbbae238337cfc8bc289caf6f3
SHA1

6ef8e4ffcd68a3e82f10ba4bceb9d47c2cdb7c23
SHA256

75659a5e8b6aada20110c6ef856b588094a081293dc7cc05f53f72babc0aa8e5
SHA512

65b606481590518ad026ec398fd89537a445d34ba5d10ded8c6cbe7f08362b5f43b5984d6263ac65db36b52c6cff2a56f718b42c80235fc1e859fbbb781a91b6
SSDEEP

6144:tyLd1/nHa8+e5F4dsULG0jTQHHYWtGRkRm:tyT/6W4SULG0jMnltG0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_637f1cfbbae238337cfc8bc289caf6f3

Files

JaffaCakes118_637f1cfbbae238337cfc8bc289caf6f3
.exe windows:4 windows x86 arch:x86

ac833dad8881cbfa6ba75e5303eed79c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

kernel32

HeapSize
IsDebuggerPresent
TerminateProcess
QueryPerformanceCounter
GetOEMCP
VirtualAlloc
CompareStringW
HeapFree
SetFilePointer
RtlUnwind
GetCurrentProcess
IsValidCodePage
CompareStringA
GetACP
SetUnhandledExceptionFilter
LeaveCriticalSection
GetTickCount
SetEndOfFile
GetStringTypeW
GetConsoleOutputCP
EnumResourceTypesA
UnhandledExceptionFilter
GetCurrentProcessId
GetTimeZoneInformation
InitializeCriticalSection
GetSystemTimeAsFileTime
WriteFile
MultiByteToWideChar
SetEnvironmentVariableA
LCMapStringA
GetDateFormatA
GetCPInfo
GetLocaleInfoA
CreateNamedPipeA
GetTimeFormatA
LCMapStringW
RaiseException
VirtualFree
SetStdHandle
HeapCreate
FreeLibrary
WriteConsoleA
HeapReAlloc
EnterCriticalSection
ReadFile
HeapDestroy
LoadLibraryA
GetStringTypeA

advapi32

SetSecurityDescriptorDacl
GetInheritanceSourceW
SetEntriesInAclW
ControlService
GetSecurityInfo
RegDeleteValueW
InitializeAcl
SetNamedSecurityInfoW
LookupPrivilegeValueA
LockServiceDatabase
RegSaveKeyW
AllocateAndInitializeSid
QueryServiceStatus
CloseServiceHandle
DeleteService
InitializeSecurityDescriptor
RegCloseKey
RegSetValueExW
SetSecurityInfo
QueryServiceConfigW
OpenServiceW
RegRestoreKeyW
LookupAccountSidW
IsValidAcl
UnlockServiceDatabase
RegCreateKeyExW
OpenSCManagerW
FreeSid
OpenProcessToken
RegEnumKeyExW
CreateServiceW
LookupPrivilegeNameA
ChangeServiceConfigW
FreeInheritedFromArray
IsValidSecurityDescriptor
ChangeServiceConfig2W
AdjustTokenPrivileges
QueryServiceLockStatusW
GetAclInformation
RegOpenKeyExW
SetEntriesInAclA
GetAce
EqualSid
EnumDependentServicesW
AddAce
RegQueryValueExW
StartServiceA
GetNamedSecurityInfoW
RegDeleteKeyW
LookupPrivilegeDisplayNameA
RegGetKeySecurity
GetSecurityDescriptorControl
GetTokenInformation
RegEnumValueW

oleacc

LresultFromObject
AccessibleObjectFromPoint

shell32

SHGetFolderPathW

newdev

UpdateDriverForPlugAndPlayDevicesW

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac833dad8881cbfa6ba75e5303eed79c

Headers

File Characteristics

Imports

mprapi

kernel32

advapi32

oleacc

shell32

newdev

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 3KB - Virtual size: 147KB

.data Size: 197KB - Virtual size: 196KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 3KB - Virtual size: 147KB

.data
Size: 197KB - Virtual size: 196KB

.rsrc
Size: 512B - Virtual size: 4KB