5e0d9aa2f6f8598303ba43b6b4388660_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5e0d9aa2f6f8598303ba43b6b4388660_JaffaCakes118
Size

56KB
MD5

5e0d9aa2f6f8598303ba43b6b4388660
SHA1

16414f77a6466073a5f10ef137f37e3c2066e32a
SHA256

d317b5065b678d777f4850eae2641b5f8f56542edd124fc2c1f258143f0e57b9
SHA512

d4c8e337d01f8f62c994f9f542820970b8616fdd83fba85c1f432e3964b180ff80344981bc26f00c85a1e76684d2b75b27d6eb32ea3cc79cba24d255a3b51640
SSDEEP

768:PomzE4vnVpo2y+NaTp4sc4U0c2FvYM6IsA477ZDQV3D+JMepQSsEJ:PoCDny2aTHTci6IsA47yV29

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e0d9aa2f6f8598303ba43b6b4388660_JaffaCakes118

Files

5e0d9aa2f6f8598303ba43b6b4388660_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cc68f61c3d36bb0f29e4ee5b434d7e82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

spoolsv.pdb

Imports

msvcrt

exit
__initenv
_XcptFilter
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
wcsrchr
_exit
_c_exit
_stricmp
_wcsnicmp
wcslen
_wcsicmp

advapi32

SetServiceStatus
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDisablePredefinedCache
RegOpenKeyExW
RegCloseKey
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
FreeLibrary
InterlockedExchange
GetCurrentProcess
OpenProcess
ExitThread
CloseHandle
WaitForSingleObject
CreateEventW
CreateThread
ExitProcess
Sleep
OpenEventW
HeapSetInformation
GetProcessHeap
GetLastError
InitializeCriticalSectionAndSpinCount
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
SetEvent
SetLastError
LoadLibraryA
InterlockedIncrement
RaiseException
InterlockedDecrement
GetProcAddress
GetSystemDirectoryW
LocalAlloc
LocalFree

gdi32

bMakePathNameW
GdiInitSpool
GdiGetSpoolMessage

rpcrt4

NdrServerCall2
RpcRevertToSelf
RpcImpersonateClient
I_RpcBindingIsClientLocal
I_RpcSessionStrictContextHandle
RpcRaiseException
RpcServerRegisterIf2
RpcMgmtSetServerStackSize
RpcServerRegisterAuthInfoW
RpcServerListen
RpcServerUseProtseqEpA

ntdll

RtlValidRelativeSecurityDescriptor

Exports

Exports

YDriverUnloadComplete
YEndDocPrinter
YFlushPrinter
YGetPrinter
YGetPrinterDriver2
YGetPrinterDriverDirectory
YReadPrinter
YSeekPrinter
YSetJob
YSetPort
YSplReadPrinter
YWritePrinter

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc68f61c3d36bb0f29e4ee5b434d7e82

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

rpcrt4

ntdll

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 46KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 46KB - Virtual size: 46KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB