JaffaCakes118_704e15d238f6caf2d1549e42023df8f4

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_704e15d238f6caf2d1549e42023df8f4
Size

266KB
MD5

704e15d238f6caf2d1549e42023df8f4
SHA1

569f17e1dc2d5d632719519bcd19d668c4747461
SHA256

e46deb98494ab0ecf5e6a201dfc8aa058752220fb3b066077aff3f8b45e9644b
SHA512

bf1dc34d1955d8fec8f6ddaf30dba087f46b153f93050412d48bffcd57b7e665994151fb0ee54ea0a725ca84538672f6648e7716db6394a8d9c154fd11686502
SSDEEP

6144:vibWnAswVyCFuctB7wVN3OTaZ1og3kmgkPTPX5Asfp/IlidulFq93Pm:ap4ctB8xRZ1P3kmg2+sf2RlkZ+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_704e15d238f6caf2d1549e42023df8f4

Files

JaffaCakes118_704e15d238f6caf2d1549e42023df8f4
.exe windows:4 windows x86 arch:x86

eee5797f0ceb8e4c17407e8ed996c73c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

advapi32

RegGetKeySecurity
RegSaveKeyW
SetSecurityDescriptorDacl
GetNamedSecurityInfoW
ChangeServiceConfig2W
LookupPrivilegeNameA
LockServiceDatabase
EnumDependentServicesW
GetTokenInformation
InitializeAcl
QueryServiceStatus
IsValidAcl
StartServiceA
AdjustTokenPrivileges
SetEntriesInAclW
ChangeServiceConfigW
SetSecurityInfo
RegSetValueExW
FreeInheritedFromArray
CreateServiceW
AddAce
SetNamedSecurityInfoW
FreeSid
GetAce
GetAclInformation
RegQueryValueExW
RegDeleteValueW
GetSecurityInfo
OpenServiceW
ControlService
RegEnumKeyExW
RegCloseKey
LookupPrivilegeDisplayNameA
RegCreateKeyExW
DeleteService
GetInheritanceSourceW
LookupPrivilegeValueA
EqualSid
RegDeleteKeyW
RegRestoreKeyW
RegOpenKeyExW
GetSecurityDescriptorControl
AllocateAndInitializeSid
LookupAccountSidW
QueryServiceLockStatusW
QueryServiceConfigW
OpenProcessToken
IsValidSecurityDescriptor
InitializeSecurityDescriptor
SetEntriesInAclA
UnlockServiceDatabase
OpenSCManagerW
CloseServiceHandle
RegEnumValueW

oleacc

LresultFromObject
AccessibleObjectFromPoint

kernel32

FreeLibrary
HeapFree
HeapReAlloc
SetFilePointer
GetOEMCP
LoadLibraryA
GetCurrentProcess
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
HeapSize
LCMapStringA
IsDebuggerPresent
GetACP
GetStringTypeW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LCMapStringW
GetDateFormatA
VirtualFree
HeapDestroy
RaiseException
SetUnhandledExceptionFilter
SetEndOfFile
EnumResourceTypesA
GetSystemTimeAsFileTime
RtlUnwind
GetLocaleInfoA
QueryPerformanceCounter
WriteFile
ReadFile
WriteConsoleA
HeapCreate
CreateNamedPipeA
GetCPInfo
GetTickCount
GetConsoleOutputCP
SetEnvironmentVariableA
GetTimeZoneInformation
IsValidCodePage
VirtualAlloc
CompareStringA
GetTimeFormatA
MultiByteToWideChar
CompareStringW
SetStdHandle
GetStringTypeA

newdev

UpdateDriverForPlugAndPlayDevicesW

shell32

SHGetFolderPathW

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eee5797f0ceb8e4c17407e8ed996c73c

Headers

File Characteristics

Imports

mprapi

advapi32

oleacc

kernel32

newdev

shell32

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 3KB - Virtual size: 147KB

.data Size: 197KB - Virtual size: 196KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 3KB - Virtual size: 147KB

.data
Size: 197KB - Virtual size: 196KB

.rsrc
Size: 512B - Virtual size: 4KB