JaffaCakes118_31fffaa5d66382123a7b8a370d0385bb

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_31fffaa5d66382123a7b8a370d0385bb
Size

277KB
MD5

31fffaa5d66382123a7b8a370d0385bb
SHA1

16d25219311d0816a21b7e95f22b49195632d15f
SHA256

815787a2431956b90164f8b2d8ddbdd0376584a5b7fdcaf1aa2f4bf95607354c
SHA512

ce2a4aded46c64abb0df39016681cc0b2ac881f40e73eeb97cc3882755b41216c4a5eb6abc3ce2f6cc5fe9505afbde13c2af20a7e156c7ae2fb553b91e2f4b8b
SSDEEP

6144:j6FyHwU+uQ5Srp3ybPFQNu8MDKkqZyft8T8cEfkXb1lcD8aDiuYnNlnx5:j7zUAZSKu8U7l5cEG3oTDiVnJ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_31fffaa5d66382123a7b8a370d0385bb

Files

JaffaCakes118_31fffaa5d66382123a7b8a370d0385bb
.exe windows:4 windows x86 arch:x86

b956c59907e4d0c4d315ad83d100d333

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSidLengthRequired
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
MakeAbsoluteSD
RegDeleteKeyW
GetTokenInformation
OpenThreadToken
ConvertStringSidToSidW
GetSecurityDescriptorDacl
RegCreateKeyExW
ConvertSidToStringSidW
GetSidSubAuthority
OpenProcessToken
InitializeSecurityDescriptor
InitializeSid
RegCloseKey
GetLengthSid
MakeSelfRelativeSD
InitializeAcl
IsValidSid
GetSidSubAuthorityCount
LookupAccountSidW
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
EqualSid
GetSecurityDescriptorGroup
CopySid
GetSecurityDescriptorControl
SetSecurityDescriptorOwner
GetSecurityDescriptorOwner
RegOpenKeyExW
RegDeleteValueW
GetAclInformation
AddAce
GetSecurityDescriptorSacl

oleaut32

SafeArrayGetVartype
SysAllocString
SysAllocStringByteLen
SafeArrayUnlock
SysFreeString
VariantClear
VariantCopy
VarCmp
SafeArrayCreate
VariantInit
SysStringByteLen
SysAllocStringLen
SafeArrayRedim
VariantChangeType
SysStringLen
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
VarBstrCmp
LoadRegTypeLi
SetErrorInfo
SafeArrayLock
SafeArrayGetLBound
VariantCopyInd
CreateErrorInfo
SafeArrayDestroy
RegisterTypeLi
SafeArrayCopy
SafeArrayGetUBound

kernel32

DeleteCriticalSection
LoadLibraryExW
FindResourceExW
HeapFree
HeapSize
HeapDestroy
FormatMessageW
LocalFree
SetThreadLocale
GetThreadLocale
EnterCriticalSection
HeapReAlloc
FreeLibrary
CreateEventW
UnhandledExceptionFilter
lstrlenW
LeaveCriticalSection
LoadResource
ResetEvent
GetCurrentThreadId
SizeofResource
GetModuleHandleW
IsDebuggerPresent
GetACP
LockResource
RaiseException
SetUnhandledExceptionFilter
FindResourceW
GetSystemTimeAsFileTime
GetProcessHeap
CloseHandle
lstrcmpiW
HeapAlloc
LoadLibraryA
VirtualAlloc

ole32

ProgIDFromCLSID
CoTaskMemAlloc
CoTaskMemFree
CoRevertToSelf
StringFromGUID2
CoTaskMemRealloc
CoCreateInstance
CoImpersonateClient

user32

UnregisterClassA
LoadStringW
wsprintfW
CharNextW

userenv

UnloadUserProfile

esent

JetCreateTable
JetRetrieveTaggedColumnList
JetDetachDatabase2
JetSetTableSequential
JetGetLogInfo
JetInit3
JetRetrieveColumns
JetEndExternalBackupInstance
JetGetAttachInfoInstance
JetAttachDatabase2
JetExternalRestore
ese
JetGetTruncateLogInfoInstance
JetSetSystemParameter
JetDeleteColumn2

mspatcha

GetFilePatchSignatureW

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 246KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b956c59907e4d0c4d315ad83d100d333

Headers

File Characteristics

Imports

advapi32

oleaut32

kernel32

ole32

user32

userenv

esent

mspatcha

Sections

.text Size: 17KB - Virtual size: 16KB

.data Size: 246KB - Virtual size: 1.1MB

.rdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 9KB - Virtual size: 34KB

.text
Size: 17KB - Virtual size: 16KB

.data
Size: 246KB - Virtual size: 1.1MB

.rdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 9KB - Virtual size: 34KB