JaffaCakes118_5b15d0b8b84ff551f1bfe01ae13185c2

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_5b15d0b8b84ff551f1bfe01ae13185c2
Size

164KB
MD5

5b15d0b8b84ff551f1bfe01ae13185c2
SHA1

218cd8fb0c65059f0cf14c8e49055120c1798835
SHA256

64b304dfc73f994fa741060a66dc9ce5dceced68d36f604782006de093dab90a
SHA512

18c8a1910c67deff9ca6409c3bc4e1c567afe0d6b49d1058efd5e6ef340c4fffd6778454c63c021f092aa2fbed2b41cc84ed47ffd694e67d9fa91e9cb4fd6f1c
SSDEEP

3072:E2mEMBnspASCSUYSjz6oBiVqbEWXv1LLNSg/X6e1e1yqPihEvfB5/Qxq+NMRwczt:ENBspSSUYDoBiUEqHdX6Sexiwv/gq2Mx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5b15d0b8b84ff551f1bfe01ae13185c2

Files

JaffaCakes118_5b15d0b8b84ff551f1bfe01ae13185c2
.exe windows:4 windows x86 arch:x86

aa2dfed55b114bd8d9bb3006f90759ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

oleacc

LresultFromObject
AccessibleObjectFromPoint

advapi32

RegRestoreKeyW
FreeSid
AllocateAndInitializeSid
CreateServiceW
LookupPrivilegeValueA
GetTokenInformation
QueryServiceStatus
LookupPrivilegeNameA
QueryServiceLockStatusW
EnumDependentServicesW
ChangeServiceConfigW
RegDeleteValueW
GetAce
InitializeAcl
OpenProcessToken
RegCloseKey
SetSecurityDescriptorDacl
GetSecurityInfo
EqualSid
GetNamedSecurityInfoW
AdjustTokenPrivileges
LookupPrivilegeDisplayNameA
RegQueryValueExW
RegSetValueExW
OpenServiceW
ControlService
CloseServiceHandle
RegCreateKeyExW
ChangeServiceConfig2W
AddAce
RegDeleteKeyW
GetSecurityDescriptorControl
SetEntriesInAclA
StartServiceA
RegEnumKeyExW
SetEntriesInAclW
GetAclInformation
IsValidAcl
LookupAccountSidW
IsValidSecurityDescriptor
InitializeSecurityDescriptor
DeleteService
RegGetKeySecurity
SetNamedSecurityInfoW
GetInheritanceSourceW
RegOpenKeyExW
UnlockServiceDatabase
QueryServiceConfigW
SetSecurityInfo
OpenSCManagerW
LockServiceDatabase
FreeInheritedFromArray
RegSaveKeyW
RegEnumValueW

shell32

SHGetFolderPathW

kernel32

UnhandledExceptionFilter
HeapFree
GetConsoleOutputCP
LCMapStringA
HeapCreate
LoadLibraryA
SetEnvironmentVariableA
GetACP
GetTimeZoneInformation
RaiseException
QueryPerformanceCounter
IsDebuggerPresent
SetFilePointer
FreeLibrary
HeapSize
InitializeCriticalSection
SetStdHandle
LCMapStringW
CompareStringA
GetTimeFormatA
GetCPInfo
GetCurrentProcessId
LeaveCriticalSection
GetOEMCP
IsValidCodePage
GetTickCount
SetUnhandledExceptionFilter
EnumResourceTypesA
HeapReAlloc
WriteConsoleA
CompareStringW
HeapDestroy
GetSystemTimeAsFileTime
RtlUnwind
MultiByteToWideChar
GetDateFormatA
WriteFile
CreateNamedPipeW
VirtualAlloc
SetEndOfFile
ReadFile
GetLocaleInfoA
VirtualFree
EnterCriticalSection
GetStringTypeW
GetCurrentProcess
TerminateProcess
GetStringTypeA

newdev

UpdateDriverForPlugAndPlayDevicesW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa2dfed55b114bd8d9bb3006f90759ad

Headers

File Characteristics

Imports

mprapi

oleacc

advapi32

shell32

kernel32

newdev

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 3KB - Virtual size: 407KB

.data Size: 99KB - Virtual size: 99KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 3KB - Virtual size: 407KB

.data
Size: 99KB - Virtual size: 99KB

.rsrc
Size: 512B - Virtual size: 4KB