JaffaCakes118_793b164fbc24330e512d3f739f113784

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_793b164fbc24330e512d3f739f113784
Size

180KB
MD5

793b164fbc24330e512d3f739f113784
SHA1

91c0c1e5b0dcb4890706afde962dad0312e334db
SHA256

2194e3586812e02a34217a3595a401b2773d3f6a79e4540223e1db08020a5b1f
SHA512

6c681c60d0ef247f4f13990575cd0b50679ccfb823dc1e247dddd1c73edc033b52ecb23a13ed928fbe219af2f06596e3e964dfdfe1355c7057bb77b84e6db4e1
SSDEEP

3072:cGOkBoMfT2CXXcPhro8CwnFGUSzbMYT6rezPbEaWfXYyEDx2Kkk+DGavz5:cGOk6loXcJk87TY2rejbEaWfoH27k+yi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_793b164fbc24330e512d3f739f113784

Files

JaffaCakes118_793b164fbc24330e512d3f739f113784
.exe windows:4 windows x86 arch:x86

c5d9f057807269c898ff41901d2319c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

newdev

UpdateDriverForPlugAndPlayDevicesW

rpcrt4

UuidCreate

kernel32

GetLastError
GetLocaleInfoA
CopyFileW
FreeLibrary
CancelWaitableTimer
SetStdHandle
GetSystemTimeAsFileTime
UnmapViewOfFile
GetVersionExW
QueryPerformanceCounter
GetCurrentProcessId
SetFileAttributesW
DeleteCriticalSection
SetEvent
HeapReAlloc
GetExitCodeProcess
SetLastError
GetCalendarInfoW
GetTickCount
MoveFileExW
CreateThread
Sleep
GetModuleHandleA
TlsGetValue
GetModuleFileNameA
SetUnhandledExceptionFilter
GetStartupInfoA
LocalAlloc
GetSystemDirectoryW
GetStringTypeW
LoadLibraryA
DeleteFileW
DeviceIoControl
CreateProcessW
GetACP
InitializeCriticalSection
LoadLibraryExW
GetCommandLineA
GetCurrentProcess
MultiByteToWideChar
CreateFileW
HeapSize
GetSystemTime
CreateFileA
ExitProcess
GetConsoleOutputCP
CreateEventA
LCMapStringA
GetTimeZoneInformation
GetFileAttributesW
RtlUnwind
VirtualAlloc
LCMapStringW
LeaveCriticalSection
GetFileType
TlsAlloc
InterlockedDecrement
LocalFree
ExpandEnvironmentStringsW
GetConsoleCP
WriteConsoleW
SetWaitableTimer
GetTimeFormatA
CloseHandle
TlsSetValue
GetProcAddress
GetModuleHandleW
EnumResourceNamesA
FlushFileBuffers
HeapAlloc
ResetEvent
InitializeCriticalSection
GetConsoleMode
SetHandleCount
HeapDestroy
RaiseException
SystemTimeToFileTime
VirtualFree
GetOEMCP
CreateWaitableTimerA
SetEnvironmentVariableA
IsValidCodePage
GetCPInfo
TlsFree
HeapCreate
FileTimeToLocalFileTime
WriteConsoleA
GetEnvironmentStrings
SetEndOfFile
GetVersionExA
WaitForSingleObject
GetStdHandle
WideCharToMultiByte
CompareStringW
GetProcessHeap
GetCurrentThreadId
CreateFileMappingA
CompareStringA
FreeEnvironmentStringsW
ReadFile
GetDateFormatA
UnhandledExceptionFilter
WriteFile
FileTimeToSystemTime
MapViewOfFile
SetFilePointer
FreeEnvironmentStringsA
HeapFree
InterlockedIncrement
TerminateProcess
EnterCriticalSection
CreateDirectoryW
GetEnvironmentVariableW
GetTempPathW
GetEnvironmentStringsW
IsDebuggerPresent
GetStringTypeA

ole32

CoGetMalloc
CoQueryProxyBlanket
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
StringFromGUID2

shell32

SHGetFolderPathW

setupapi

SetupDiBuildClassInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiCreateDeviceInfoA
SetupDiClassNameFromGuidW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstallParamsA
SetupDiDeleteDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupCopyOEMInfW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiClassGuidsFromNameW
SetupDiGetClassDevsA
SetupGetInfFileListA
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupOpenInfFileA
CMP_WaitNoPendingInstallEvents
SetupGetLineTextA
SetupCloseInfFile
SetupDiGetClassDescriptionW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyA
CM_Get_DevNode_Status

advapi32

GetAclInformation
InitializeAcl
CreateServiceW
RegCloseKey
InitializeSecurityDescriptor
RegEnumKeyExW
ControlService
FreeSid
LookupPrivilegeValueA
EnumDependentServicesW
GetAce
FreeInheritedFromArray
DeleteService
SetEntriesInAclA
QueryServiceConfigW
RegDeleteValueW
IsValidSecurityDescriptor
QueryServiceLockStatusW
RegQueryValueExW
LookupAccountSidW
AddAce
IsValidAcl
LookupPrivilegeNameA
GetNamedSecurityInfoW
SetSecurityInfo
ChangeServiceConfigW
LockServiceDatabase
CloseServiceHandle
RegGetKeySecurity
OpenSCManagerW
QueryServiceStatus
RegRestoreKeyW
SetNamedSecurityInfoW
RegCreateKeyExW
RegDeleteKeyW
GetSecurityDescriptorControl
AllocateAndInitializeSid
GetSecurityInfo
UnlockServiceDatabase
SetSecurityDescriptorDacl
RegSetValueExW
StartServiceA
AdjustTokenPrivileges
LookupPrivilegeDisplayNameA
GetInheritanceSourceW
OpenServiceW
SetEntriesInAclW
RegSaveKeyW
OpenProcessToken
ChangeServiceConfig2W
GetTokenInformation
RegOpenKeyExW
EqualSid
RegEnumValueW

user32

DestroyWindow
EnumChildWindows
CreateWindowExW
SendMessageA
IsWindow
GetDlgItem
GetWindowThreadProcessId

iphlpapi

GetIpAddrTable

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5d9f057807269c898ff41901d2319c4

Headers

File Characteristics

Imports

mprapi

newdev

rpcrt4

kernel32

ole32

shell32

setupapi

advapi32

user32

iphlpapi

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 76KB - Virtual size: 75KB

.rsrc Size: 1024B - Virtual size: 256KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 76KB - Virtual size: 75KB

.rsrc
Size: 1024B - Virtual size: 256KB