6302afc5806e180796b3555c3135e1a5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6302afc5806e180796b3555c3135e1a5_JaffaCakes118
Size

26KB
MD5

6302afc5806e180796b3555c3135e1a5
SHA1

89bd1c78a35a1bf8296e7e6f9684b45fb5216f59
SHA256

776f43a88b0c1a0698699faf261a93642815dcbe25a32d368b4adf9d1fad3f9c
SHA512

a9c2c250af00cca8276815926c3e0c3b2a14cf8ef0067ac04dd50c6064fe3bdcec2b964235eeaa305b7b23c1f30b6fc665ef7c2c0c2187f3078737114abcbbe0
SSDEEP

768:5Z+BH3dDcL/fVvEejvomw53D+KuK0xjwQV:j+BH3tOvEejvjwhDVQV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6302afc5806e180796b3555c3135e1a5_JaffaCakes118

Files

6302afc5806e180796b3555c3135e1a5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

95da40c477b9a8edf5bc2c97d538ca42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

expsrv

rtR4FromErrVar
__vbaFpCDblR4
CreateIExprSrvObj
__vbaFpCSngR4
__vbaObjSetAddref
__vbaMidStmtBstr
GetMemObj
rtcCallByName
__vbaVarCmpGe
rtcRightTrimBstr
rtcDir
__vbaCopyBytes
rtcEnvironBstr
__vbaNextEachVar
__vbaI2ErrVar
__vbaEnd
__vbaVarVargNofree
__vbaStrCmp
__vbaLbound
__vbaCopyBytesZero
rtcSetDateBstr
rtcPartition
__vbaVarCmpLe
rtcVarDateFromVar
rtcArray
__vbaVarTstGt
rtcRightCharVar
_CIexp
__vbaHresultCheckNonvirt
rtcGetTimer
BASIC_CLASS_QueryInterface
__vbaVar2Vec
BASIC_CLASS_GetIDsOfNames
rtcInputCharCountVar
__vbaAryVarVarg
__vbaStrR8
rtcReplace
__vbaAryLock

ntprint

PSetupDriverInfoFromName
PSetupIsCompatibleDriver
PSetupGetSelectedDriverInfo
PSetupInstallPrinterDriver
PSetupFreeMem
PSetupCreatePrinterDeviceInfoList
PSetupInstallInboxDriverSilently
PSetupCreateMonitorInfo
PSetupIsDriverInstalled
PSetupDestroyMonitorInfo
PSetupGetDriverInfo3
PSetupIsTheDriverFoundInInfInstalled
PSetupPreSelectDriver
PSetupSetSelectDevTitleAndInstructions
PSetupShowBlockedDriverUI
PSetupSelectDriver
PSetupAssociateICMProfiles
PSetupDestroySelectedDriverInfo
PSetupSelectDeviceButtons
PSetupEnumMonitor
ClassInstall32
PSetupThisPlatform
PSetupBuildDriversFromPath
PSetupGetPathToSearch
PSetupDestroyPrinterDeviceInfoList
PSetupInstallICMProfiles
PSetupCreateDrvSetupPage
PSetupInstallMonitor
PSetupProcessPrinterAdded
PSetupGetLocalDataField
PSetupDestroyDriverInfo3
ServerInstallW
PSetupFreeDrvField

rsaenh

CPGetHashParam
CPDestroyHash
CPDuplicateKey
DllRegisterServer
CPSignHash
CPVerifySignature
CPSetKeyParam
CPDuplicateHash
CPCreateHash
CPDestroyKey
CPDeriveKey
CPExportKey
CPGenKey
CPSetHashParam
DllUnregisterServer
CPEncrypt
CPGetKeyParam
CPSetProvParam
CPHashData
CPReleaseContext
CPGenRandom
CPGetUserKey
CPAcquireContext
CPHashSessionKey
CPImportKey
CPGetProvParam
CPDecrypt

kernel32

_lopen
GetSystemDirectoryW
WriteFileEx
EnumLanguageGroupLocalesW
LZRead
VirtualAlloc
GetLongPathNameW
VirtualAllocEx
WaitNamedPipeW
GetConsoleInputExeNameW
VirtualFreeEx
GetSystemTimeAsFileTime
FindActCtxSectionStringA
GetSystemTimeAdjustment
UnmapViewOfFile
GetStringTypeA
InvalidateConsoleDIBits
GlobalGetAtomNameA
FormatMessageW
FindFirstFileA
GetPrivateProfileSectionNamesW
InterlockedCompareExchange
EnumSystemLocalesW
SetFileShortNameA
GetVersion
SetCurrentDirectoryW
WTSGetActiveConsoleSessionId
SetFileTime
GetEnvironmentStrings
Sleep
GetFileAttributesExA
Beep
GetNativeSystemInfo
GetConsoleAliasExesA

opengl32

glDrawArrays
glPixelStoref
glRasterPos3fv
wglCreateContext
glVertex4fv
glNormal3d
glCopyPixels
glRasterPos3i
glTexCoordPointer
glVertex2s
glGetTexGendv
glTexParameterf
glPixelZoom
glGetPixelMapfv
glGetLightfv
glTexGenf
glReadBuffer
glRotated
glRasterPos3d
glRasterPos2dv
glLightfv
glFogf
glRectfv
glGetMaterialfv
glPushClientAttrib
glVertex3s
glRects
glTexCoord1fv
GlmfEndPlayback

msdart

?IsReadUnlocked@CReaderWriterLock@@QBE_NXZ
?_Unlock@CSpinLock@@AAEXXZ
?GetSpinCount@CSpinLock@@QBEGXZ
?sm_wDefaultSpinCount@CSpinLock@@1GA
?_CurrentThreadId@CReaderWriterLock3@@CGJXZ
?IsReadLocked@CSpinLock@@QBE_NXZ
?_CmpExch@CReaderWriterLock3@@AAE_NJJ@Z
?WriteUnlock@CReaderWriterLock2@@QAEXXZ
?ReadLock@CLKRLinearHashTable@@QBEXXZ
?_CmpExch@CReaderWriterLock2@@AAE_NJJ@Z
?GetSpinCount@CReaderWriterLock@@QBEGXZ
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock@@SGNXZ
?ReadOrWriteUnlock@CReaderWriterLock3@@QAEX_N@Z
?ReadOrWriteLock@CCritSec@@QAE_NXZ
?_WriteLockSpin@CReaderWriterLock@@AAEXXZ
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGXN@Z
?ConvertExclusiveToShared@CLKRHashTable@@QBEXXZ
?IsWriteLocked@CLKRLinearHashTable@@QBE_NXZ
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA
SetMemHook
?InsertHead@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?ConvertExclusiveToShared@CCritSec@@QAEXXZ
?WriteUnlock@CLKRLinearHashTable@@QBEXXZ
?SetBucketLockSpinCount@CLKRHashTable@@QAEXG@Z
?_H1@CLKRLinearHashTable@@CGKKK@Z
MPDeleteCriticalSection
?TryReadLock@CSpinLock@@QAE_NXZ
?IsValid@CLKRLinearHashTable@@QBE_NXZ
??0CLockedDoubleList@@QAE@XZ
?_ReadLockSpin@CReaderWriterLock2@@AAEXXZ
?Last@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?IsReadUnlocked@CSmallSpinLock@@QBE_NXZ
?sm_pfnTryEnterCriticalSection@CCriticalSection@@0P6GHPAU_RTL_CRITICAL_SECTION@@@ZA
?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
?IsUnlocked@CLockedSingleList@@QBE_NXZ
?_TryLock@CSpinLock@@AAE_NXZ
?SetSpinCount@CCritSec@@SGKPAPAVCCriticalSection@@K@Z

lpk

LpkDrawTextEx
ftsWordBreak
LpkDllInitialize
LpkExtTextOut
LpkGetTextExtentExPoint
LpkUseGDIWidthCache
LpkEditControl
LpkTabbedTextOut
LpkInitialize
LpkPSMTextOut
LpkGetCharacterPlacement

user32

PostMessageA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

95da40c477b9a8edf5bc2c97d538ca42

Headers

DLL Characteristics

File Characteristics

Imports

expsrv

ntprint

rsaenh

kernel32

opengl32

msdart

lpk

user32

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB