JaffaCakes118_a06350dd8a08e4ba0a021847749b1947

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_a06350dd8a08e4ba0a021847749b1947
Size

176KB
MD5

a06350dd8a08e4ba0a021847749b1947
SHA1

97e17d778825bab1acc4eed8731ce3b04fda60e9
SHA256

5507df659e34048b56fa2a0c83b89d82353fb80769316d3900b94c38a42857ab
SHA512

0718fdfec8480d1a0212e4a3db9c34dd183ffe3ea5b1d0b3a685dc443b83398b24db161575b10f8db8ab7a84a071336bd4cde694f05396916a793e386bd22cb9
SSDEEP

3072:NLkOdfcvLpJFuHEGbb/vrL2AyaYRjKQrB9YlbX/2HbAvEhWersSm69Lpl:NLkIwp2zbD20Y1KlbX/D2Wc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_a06350dd8a08e4ba0a021847749b1947

Files

JaffaCakes118_a06350dd8a08e4ba0a021847749b1947
.exe windows:4 windows x86 arch:x86

906c40688589ecfc0a060bfd34771673

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateWindowExW
GetDlgItem
IsWindow
EnumChildWindows
SendMessageA
DestroyWindow
GetWindowThreadProcessId

rpcrt4

UuidCreate

shell32

SHGetFolderPathW

advapi32

RegEnumKeyExW
OpenServiceW
EnumDependentServicesW
AllocateAndInitializeSid
QueryServiceStatus
DeleteService
LookupAccountSidW
SetEntriesInAclW
GetInheritanceSourceW
LookupPrivilegeValueA
GetSecurityInfo
ControlService
OpenProcessToken
InitializeAcl
UnlockServiceDatabase
CreateServiceW
GetAce
IsValidAcl
RegDeleteKeyW
IsValidSecurityDescriptor
QueryServiceLockStatusW
RegGetKeySecurity
InitializeSecurityDescriptor
RegCreateKeyExW
GetNamedSecurityInfoW
LookupPrivilegeDisplayNameA
RegDeleteValueW
LockServiceDatabase
CloseServiceHandle
ChangeServiceConfigW
EqualSid
RegOpenKeyExW
QueryServiceConfigW
AddAce
GetAclInformation
RegSaveKeyW
AdjustTokenPrivileges
RegRestoreKeyW
GetTokenInformation
RegSetValueExW
SetSecurityInfo
SetEntriesInAclA
FreeSid
RegCloseKey
SetSecurityDescriptorDacl
OpenSCManagerW
SetNamedSecurityInfoW
StartServiceA
ChangeServiceConfig2W
RegQueryValueExW
FreeInheritedFromArray
GetSecurityDescriptorControl
LookupPrivilegeNameA
RegEnumValueW

ole32

CoGetMalloc
CoInitializeEx
CoQueryProxyBlanket
CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
CoSetProxyBlanket
StringFromGUID2

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyA
SetupOpenInfFileA
SetupDiGetClassDescriptionW
SetupDiEnumDeviceInfo
SetupGetInfFileListA
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceInstallParamsA
SetupCloseInfFile
SetupDiGetClassDevsA
SetupDiBuildClassInfoList
SetupDiClassNameFromGuidW
SetupGetLineTextA
SetupDiCallClassInstaller
SetupDiClassGuidsFromNameW
SetupDiSetClassInstallParamsW
SetupDiCreateDeviceInfoA
SetupDiDeleteDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsW
SetupDiSetDeviceRegistryPropertyW
SetupCopyOEMInfW
CM_Get_DevNode_Status

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

iphlpapi

GetIpAddrTable

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

QueryPerformanceCounter
TlsFree
ReadFile
GetCalendarInfoW
CreateEventA
SetUnhandledExceptionFilter
SetFileAttributesW
SetEvent
GetLastError
GetStdHandle
FreeEnvironmentStringsW
HeapCreate
GetStringTypeW
SetFilePointer
GetVersionExW
GetFileAttributesW
MoveFileExW
InterlockedDecrement
VirtualAlloc
FlushFileBuffers
GetSystemDirectoryW
GetFileType
GetVersionExA
LeaveCriticalSection
HeapReAlloc
HeapSize
LocalFree
LoadLibraryA
GetCurrentProcess
EnterCriticalSection
GetCPInfo
GetConsoleMode
ResetEvent
CreateFileW
GetCurrentThreadId
GetEnvironmentVariableW
SetWaitableTimer
GetTimeFormatA
GetLocaleInfoA
FileTimeToLocalFileTime
SetLastError
GetEnvironmentStrings
VirtualFree
FreeEnvironmentStringsA
CreateFileA
InitializeCriticalSection
SystemTimeToFileTime
Sleep
WideCharToMultiByte
GetCurrentProcessId
GetDateFormatA
SetEnvironmentVariableA
GetOEMCP
IsValidCodePage
TlsSetValue
CreateFileMappingA
CreateThread
CreateDirectoryW
LCMapStringA
LoadLibraryExW
DeleteCriticalSection
GetCommandLineA
CompareStringA
EnumResourceNamesA
MultiByteToWideChar
DeleteFileW
GetEnvironmentStringsW
HeapFree
GetModuleHandleW
FileTimeToSystemTime
UnmapViewOfFile
WriteConsoleW
MapViewOfFile
CreateProcessW
FreeLibrary
GetConsoleOutputCP
GetSystemTimeAsFileTime
WaitForSingleObject
WriteFile
CloseHandle
TlsGetValue
GetConsoleCP
GetTempPathW
LocalAlloc
GetStartupInfoA
GetModuleHandleA
GetSystemTime
UnhandledExceptionFilter
SetHandleCount
CancelWaitableTimer
GetProcessHeap
InitializeCriticalSection
RaiseException
HeapDestroy
GetModuleFileNameA
IsDebuggerPresent
DeviceIoControl
SetEndOfFile
CopyFileW
InterlockedIncrement
RtlUnwind
LCMapStringW
TlsAlloc
HeapAlloc
GetExitCodeProcess
GetProcAddress
SetStdHandle
GetTickCount
GetACP
WriteConsoleA
GetTimeZoneInformation
CreateWaitableTimerA
ExpandEnvironmentStringsW
CompareStringW
TerminateProcess
ExitProcess
GetStringTypeA

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

906c40688589ecfc0a060bfd34771673

Headers

File Characteristics

Imports

user32

rpcrt4

shell32

advapi32

ole32

setupapi

mprapi

iphlpapi

newdev

kernel32

Sections

.text Size: 97KB - Virtual size: 96KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 71KB - Virtual size: 70KB

.rsrc Size: 1024B - Virtual size: 244KB

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 71KB - Virtual size: 70KB

.rsrc
Size: 1024B - Virtual size: 244KB