2c0eea49c510c48f54d9ed0c31a280b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c0eea49c510c48f54d9ed0c31a280b3_JaffaCakes118
Size

700KB
MD5

2c0eea49c510c48f54d9ed0c31a280b3
SHA1

8f1265afaeb6afc3fab8e648d768e925f9c2f2cd
SHA256

1468ab8ac9e569b0f91cec4c6d381ae0139785ee54ec0b16390e7569590dbdb4
SHA512

630c73f3c67165d612afc8603efc4a1dc20806643a805115a60aaeb2683d4afd1113b791d8972a718495d9aabde8e4d6766bcd8d686ee3916cbd61b307fc0ef4
SSDEEP

6144:a9YvQHpfaUhzcp347yjTA6+eOsV9PBqzI1HQv/tsL9KJTygjNJw6:a9Y4tgp34GjTpO69PBqzI1wv/tqqugg6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c0eea49c510c48f54d9ed0c31a280b3_JaffaCakes118

Files

2c0eea49c510c48f54d9ed0c31a280b3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

73b0e2ac543c9ff6bd77556e1dfd5c08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

b:\Projects\CPE\HP Print Diagnostic Utility\PrintUtil\Release\PrintUtil.pdb

Imports

setupapi

CM_Get_Device_ID_Size
CM_Get_Device_IDA
SetupDiGetDeviceRegistryPropertyA
CM_Get_DevNode_Registry_Property_ExA
SetupDiOpenDevRegKey
SetupDiSetDeviceInstallParamsA
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoA
SetupDiGetDriverInfoDetailA
SetupDiDestroyDriverInfoList
CM_Connect_MachineA
CM_Locate_DevNode_ExA
CM_Reenumerate_DevNode_Ex
CM_Disconnect_Machine
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
CM_Get_DevNode_Status

comctl32

ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx

winspool.drv

ClosePrinter
GetPrinterDriverA
GetPrinterA
OpenPrinterA
EnumPrinterDriversA
SetPrinterA
EnumPortsA
ord202
ord201
EnumJobsA
EnumPrintersA

gdi32

DeleteDC
CreateFontA
CreateDCA
Escape
TextOutA
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt

kernel32

SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetConsoleMode
MultiByteToWideChar
WideCharToMultiByte
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
lstrlenW
lstrlenA
CompareStringA
CompareStringW
lstrcmpiA
LocalFree
LocalAlloc
Sleep
CloseHandle
GetCurrentProcess
InterlockedExchange
CreateFileA
WriteFile
SetFilePointer
GetLocalTime
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GlobalAlloc
GetCurrentThreadId
SetLastError
lstrcmpA
MulDiv
GetModuleFileNameA
GlobalUnlock
GlobalLock
GetVersionExA
GetUserDefaultLangID
GlobalFree
GlobalHandle
ReadFile
GetFileSize
CreateDirectoryA
GetTempPathA
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA
WaitForSingleObject
GetModuleHandleA
CreateThread
CreateEventA
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
SetEvent
FreeLibrary
LoadLibraryExA
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
HeapCreate
HeapDestroy
GetACP
GetLocaleInfoA
GetThreadLocale
HeapReAlloc
HeapSize
InterlockedCompareExchange
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetTickCount
GetOEMCP
GetCPInfo
GetStdHandle
GetStartupInfoA
ExitProcess
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualProtect

user32

GetMessageA
DispatchMessageA
TranslateMessage
SetForegroundWindow
MessageBoxA
EnableWindow
KillTimer
SetTimer
SendNotifyMessageA
LoadIconA
AppendMenuA
CreateDialogIndirectParamA
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
EndDialog
CharUpperA
SendMessageA
PostThreadMessageA
ExitWindowsEx
wsprintfA
SetWindowLongA
GetWindowLongA
GetSystemMenu
ShowWindow
DefWindowProcA
SetWindowPos
FindWindowA
UnregisterClassA
DialogBoxIndirectParamA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
CreateAcceleratorTableA
RegisterClassExA
LoadCursorA
GetClassInfoExA
DestroyAcceleratorTable
IsWindow
GetDesktopWindow
SetFocus
GetFocus
BeginPaint
GetActiveWindow
EndPaint
CallWindowProcA
CharNextA
FillRect
ReleaseCapture
GetClassNameA
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
GetClientRect
MoveWindow
GetSysColor
CreateWindowExA
DestroyWindow
MapDialogRect
SetWindowContextHelpId
GetWindow
ClientToScreen

advapi32

ControlService
ChangeServiceConfigA
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
QueryServiceConfigA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegEnumKeyA
RegCreateKeyA

ole32

CLSIDFromProgID
CoGetClassObject
CLSIDFromString
OleLockRunning
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoInitialize
CoUninitialize
OleRun
CoTaskMemAlloc

shell32

SHGetFolderPathA

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysStringByteLen
SysAllocStringLen
SysStringLen
SysAllocString
SysFreeString

shlwapi

SHDeleteValueA

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 336KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

73b0e2ac543c9ff6bd77556e1dfd5c08

Headers

File Characteristics

PDB Paths

Imports

setupapi

comctl32

winspool.drv

gdi32

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

Sections

.text Size: 232KB - Virtual size: 230KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 336KB - Virtual size: 334KB

.lrdata Size: 68KB - Virtual size: 68KB

.text
Size: 232KB - Virtual size: 230KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 336KB - Virtual size: 334KB

.lrdata
Size: 68KB - Virtual size: 68KB