5d047e0e1eaf2974d95de086a16eac2d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5d047e0e1eaf2974d95de086a16eac2d_JaffaCakes118
Size

139KB
MD5

5d047e0e1eaf2974d95de086a16eac2d
SHA1

04d58dd05992bd4d771a4620a685935dac7f600f
SHA256

1b7b5f95717b0d0f001561ba11b4ff0a008c1897791c4a85b9a3cd6392654600
SHA512

2ae2b85720e650d910e90d2c4cec5356aa704eb94a40d986068bad2cf52ff75bb8011a4466b7839658d9ae561f3efb029cd91189e2abe4660b04cad56917aada
SSDEEP

3072:NDW9lND5nFEPIF7m02aWX1x0VAGtd2bhj11TsSsLpYcLUdq:ND6lBQPIF7m00XUmhj11QLbU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d047e0e1eaf2974d95de086a16eac2d_JaffaCakes118

Files

5d047e0e1eaf2974d95de086a16eac2d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

087869f8cf490ebca41621fd4b9f9df1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
FreeResource
FindResourceExA
SizeofResource
LoadResource
CreateFileA
MulDiv
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
GetCurrentProcess
LoadLibraryExA
IsBadReadPtr
GetVersionExA
Sleep
GetCommandLineA
GetPrivateProfileSectionA
GetModuleFileNameA
LockResource
lstrcmpA
ReleaseSemaphore
GlobalDeleteAtom
GlobalGetAtomNameA
CreateThread
GetLastError
WaitForSingleObject
CloseHandle
GetExitCodeThread
TerminateThread
GetTickCount
CreateSemaphoreA
GlobalAddAtomA
GetTempPathA
GetTempFileNameA
lstrlenA
DeleteFileA
GetProcAddress
lstrcpyA
lstrcatA
LoadLibraryA
FreeLibrary
GetLocaleInfoW
TlsGetValue
SetEndOfFile
GetLocaleInfoA
FlushFileBuffers
SetStdHandle
SetFilePointer
IsBadCodePtr
IsBadWritePtr
GetStringTypeW
GetStringTypeA
VirtualAlloc
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteFile
VirtualFree
HeapCreate
HeapDestroy
ReadFile
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
MultiByteToWideChar
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapAlloc
HeapFree
TerminateProcess
RaiseException
InterlockedIncrement
InterlockedDecrement
RtlUnwind
ExitProcess
GetVersion
GetStartupInfoA
GetModuleHandleA

user32

RegisterClassA
CreateWindowExA
DefWindowProcA
IsWindow
UpdateWindow
GetSysColor
DestroyWindow
GetMessageA
MoveWindow
DispatchMessageA
SendDlgItemMessageA
WinHelpA
LoadCursorA
SetCursor
GetDlgItem
EnableWindow
ShowWindow
LoadStringA
SetDlgItemTextA
MessageBoxA
LoadIconA
SendMessageA
AppendMenuA
InsertMenuA
GetSystemMenu
SetClassLongA
LoadBitmapA
PostQuitMessage
SetForegroundWindow
InvalidateRect
TrackPopupMenu
GetCursorPos
EnableMenuItem
CreatePopupMenu
IsDialogMessageA
GetWindowRect
IsIconic
DestroyMenu
DialogBoxIndirectParamA
GetMenuItemCount
SetPropA
SetWindowLongA
CallWindowProcA
RemovePropA
GetPropA
SetWindowTextA
GetParent
PtInRect
ClientToScreen
MapWindowPoints
GetClientRect
IsWindowEnabled
GetWindowLongA
CreateDialogIndirectParamA
MessageBeep
EndDialog
CreateDialogParamA
DialogBoxParamA
EndPaint
BeginPaint
SetFocus
CheckRadioButton
CheckDlgButton
IsDlgButtonChecked
GetDlgCtrlID
DrawTextA
GetWindowTextA
ReleaseDC
ScreenToClient
GetDC
IsWindowVisible
ChildWindowFromPoint
EnumChildWindows
SetWindowPos
PostMessageA
FindWindowA
TranslateMessage

gdi32

CreateFontIndirectA
GetObjectA
SetMapMode
CreateSolidBrush
DeleteObject
GetTextExtentPoint32A
SetTextColor
GetDeviceCaps
SetBkMode
DPtoLP
GetMapMode
DeleteDC
SetBkColor
CreateBitmap
CreateCompatibleBitmap
PatBlt
CreateCompatibleDC
SelectObject
BitBlt

comctl32

PropertySheetA

winspool.drv

GetPrinterA
OpenPrinterA
ClosePrinter

advapi32

OpenProcessToken
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid

shell32

Shell_NotifyIconA
ShellExecuteA

hpw8bus

?StartBusMan@Bus@@QAAHXZ
?StopStatusSystem@Bus@@QAAHXZ
?Instance@Bus@@SAPAV1@XZ
?DestroyPrinterPortList@Bus@@QAAHAAVCSList@@AAVCSListIterator@@@Z
?EnumPrinterPortList@Bus@@QAAKAAVCSList@@AAVCSListIterator@@@Z
?StartStatusSystem@Bus@@QAAHXZ
?PollForTraps@Bus@@QAAKK@Z
?GetPrinterPortType@Bus@@QAE?AW4EnumPortType@@PAD0@Z
?ClearTicket@Bus@@QAAHK@Z
?Disconnect@Bus@@QAAKK@Z
?DisableTrap@Bus@@QAAHKPAUHWND__@@GPADK111@Z
?EnableTrap@Bus@@QAAHKPAUHWND__@@GPADK111@Z
?Connect@Bus@@QAAKKPAUDiscoverInfo@@PAD11@Z
?GetTicket@Bus@@QAAKPAUPrinterPortInfo@@@Z
?QueryPrinter@Bus@@QAAHKGKPAXK@Z
?RespondToEvent@Bus@@QAAHKPAXK@Z

hpw8c95

?StoreDWord@PerCIS@@QAE?AW4PerPrinterErr@@PBDAAK@Z
??0CISStringList@@QAE@XZ
CSChar2iChar
?CSCenterWindow@@YAXKK@Z
CSStrlen
CSStrcmpi
?CSCompareMemory@@YAHPBX0K@Z
?CSCopyMemory@@YAXPBXPAXK@Z
CSiStrncpy
?Delete@CSList@@QAEXAAVCSListIterator@@@Z
?Append@CSList@@QAEJAAVCSListIterator@@PAX@Z
?Tail@CSListIterator@@QAEAAV1@XZ
?CSGetComputerName@@YAHPADK@Z
?CSGetDefaultUserName@@YAHPADK@Z
?CSGenerateJobID@@YAIPAD0G0G@Z
CSStrcpy
?CSMakeTransparentBitmap@@YAXKK@Z
?CSDrawBitmap@@YAXKK@Z
CSiStrstr
CSiStrtok
CSiTexttoint
CSiStrncmp
CSiStrcmpi
CSiStrchr
?StoreWord@PerCIS@@QAE?AW4PerPrinterErr@@PBDAAG@Z
?StoreStr@PerCIS@@QAE?AW4PerPrinterErr@@PBD0@Z
CSiStrlen
?Count@CSList@@QAEJXZ
CSiStrncmpi
?CSZeroMemory@@YAXPAXK@Z
?RetrieveStr@PerCIS@@QAE?AW4PerPrinterErr@@PBDPADG@Z
?Head@CSListIterator@@QAEAAV1@XZ
CSiStrcmp
?GetNext@CSListIterator@@QAEXXZ
?Ord@CSListIterator@@QAEJXZ
??0CSList@@QAE@XZ
?CSGetOSVersion@@YA?AW4CSOSVersion@@XZ
?RetrieveOrStoreDWord@PerCIS@@QAEKPBDAAK@Z
??1CSList@@QAE@XZ
CSiSprintf
??0PerToolbox@@QAE@AAW4PerPrinterErr@@@Z
?RetrieveOrStoreWord@PerCIS@@QAEGPBDAAG@Z
??1PerCIS@@UAE@XZ
??1PerToolbox@@UAE@XZ
CSiStrcat
CSiStrcpy
??4CSListIterator@@QAEAAV0@ABV0@@Z
??0CSListIterator@@QAE@AAVCSList@@@Z
?IsValid@CSListIterator@@QAEHXZ
??ACSListIterator@@QAEAAV0@J@Z
??1CSListIterator@@QAE@XZ
?Peek@CSList@@QAEPAXAAVCSListIterator@@@Z
?Find@CISStringList@@QAEPBDE@Z
??1CISStringList@@QAE@XZ

hpw8svc

?GetStrDataFromSPC@@YAHPADIPAXPAK@Z
?Instance@CToolboxCap@@SAPAV1@XZ
?GetAllSupportedRealnames@@YAHPAVCISStringList@@@Z
?GetDataFromSPC@@YAHPADIPAXPAK@Z
DisplayHardwareInfo
?GetPrinterBaseID@CToolboxCap@@QAEHPAD@Z
?GetAllSupportedRealnames@CToolboxCap@@QAEHPAVCISStringList@@@Z
?GetStrData@CToolboxCap@@QAEHPADIPAXPAK@Z

Exports

Exports

??4_EventDataInfo@@QAEAAU0@ABU0@@Z

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

087869f8cf490ebca41621fd4b9f9df1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

winspool.drv

advapi32

shell32

hpw8bus

hpw8c95

hpw8svc

Exports

Exports

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 3KB - Virtual size: 23KB

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 3KB - Virtual size: 23KB