JaffaCakes118_137a225e7685a3c9752e8913127fee9f

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_137a225e7685a3c9752e8913127fee9f
Size

265KB
MD5

137a225e7685a3c9752e8913127fee9f
SHA1

fc6f4a775540661db6ba9fc562a8405e91f8b77a
SHA256

67ca397f562d9db70f49263dd1c8100abb80487062350f21da831f9fbfcba075
SHA512

b517a05d1c10d82d366dd32c0c4bfdf63c0019134149ef872e534981b3590ae1b1128b713881f5a6a5191154d6902dcb1a7f86470afbbab85b9f830a75d83177
SSDEEP

6144:/nwqNSBOnXraYQHcubk7QhvwiJ5GpuqFScsM4uUqBXKaLRrN:JSBMbaYKk7QhZLpKSYrUqBXKaL5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_137a225e7685a3c9752e8913127fee9f

Files

JaffaCakes118_137a225e7685a3c9752e8913127fee9f
.exe windows:4 windows x86 arch:x86

4813051e39569dbd84249155cfef7d90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

shell32

SHGetFolderPathW

newdev

UpdateDriverForPlugAndPlayDevicesW

advapi32

RegCloseKey
AdjustTokenPrivileges
IsValidSecurityDescriptor
OpenServiceW
EqualSid
RegOpenKeyExW
RegSaveKeyW
InitializeSecurityDescriptor
GetInheritanceSourceW
FreeInheritedFromArray
SetEntriesInAclW
CloseServiceHandle
SetSecurityInfo
OpenProcessToken
QueryServiceLockStatusW
AllocateAndInitializeSid
CreateServiceW
RegGetKeySecurity
RegCreateKeyExW
OpenSCManagerW
ChangeServiceConfig2W
RegEnumKeyExW
GetNamedSecurityInfoW
LookupPrivilegeDisplayNameA
RegRestoreKeyW
RegDeleteValueW
ChangeServiceConfigW
InitializeAcl
RegDeleteKeyW
UnlockServiceDatabase
GetSecurityDescriptorControl
GetAclInformation
IsValidAcl
RegQueryValueExW
FreeSid
LookupAccountSidW
GetAce
LookupPrivilegeValueA
ControlService
RegSetValueExW
DeleteService
GetSecurityInfo
LockServiceDatabase
LookupPrivilegeNameA
QueryServiceConfigW
SetNamedSecurityInfoW
SetEntriesInAclA
SetSecurityDescriptorDacl
EnumDependentServicesW
QueryServiceStatus
StartServiceA
AddAce
GetTokenInformation
RegEnumValueW

oleacc

LresultFromObject
AccessibleObjectFromPoint

kernel32

SetEnvironmentVariableA
GetTimeZoneInformation
HeapFree
TerminateProcess
GetStringTypeW
SetFilePointer
SetEndOfFile
WriteConsoleA
GetDateFormatA
RaiseException
FreeLibrary
GetTimeFormatA
HeapReAlloc
GetCurrentProcessId
VirtualFree
IsDebuggerPresent
SetUnhandledExceptionFilter
HeapSize
HeapDestroy
GetACP
HeapCreate
SetStdHandle
EnumResourceTypesA
GetOEMCP
RtlUnwind
VirtualAlloc
QueryPerformanceCounter
WriteFile
GetCPInfo
CompareStringW
UnhandledExceptionFilter
IsValidCodePage
LCMapStringW
CreateNamedPipeA
ReadFile
EnterCriticalSection
GetTickCount
GetCurrentProcess
InitializeCriticalSection
MultiByteToWideChar
GetConsoleOutputCP
CompareStringA
GetSystemTimeAsFileTime
LeaveCriticalSection
LoadLibraryA
GetLocaleInfoA
LCMapStringA
GetStringTypeA

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4813051e39569dbd84249155cfef7d90

Headers

File Characteristics

Imports

mprapi

shell32

newdev

advapi32

oleacc

kernel32

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 3KB - Virtual size: 151KB

.data Size: 203KB - Virtual size: 202KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 3KB - Virtual size: 151KB

.data
Size: 203KB - Virtual size: 202KB

.rsrc
Size: 512B - Virtual size: 4KB