70accf58ed9cb081ee92aa4da5707844_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

70accf58ed9cb081ee92aa4da5707844_JaffaCakes118
Size

182KB
MD5

70accf58ed9cb081ee92aa4da5707844
SHA1

d8f3940224f90d60abae383ac62d88bcdacc9a8e
SHA256

1e58a6747bd7eca1d2858134aa6494301b570844950c99bc751a6426dac126fe
SHA512

f2892b2a84921e435030c046a7821fda865e1f1ba070c99949293cda48df57cd7491fd99548d165b3588f47ad82968bc9213f1c4ca244f17b7a2891de837c5ea
SSDEEP

3072:efLSP+1HzsV+aGl4xl/bmH2zyjR/su8CJuVntj3WD:eLS0zVaGlGUHZEu8UYN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70accf58ed9cb081ee92aa4da5707844_JaffaCakes118

Files

70accf58ed9cb081ee92aa4da5707844_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

ef7e15f3dbb2b0b1859b2d6b8d23f6c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

prntvpt.pdb

Imports

msvcrt

malloc
free
_vsnwprintf
??_V@YAXPAX@Z
??2@YAPAXI@Z
??_U@YAPAXI@Z
memset
memcpy
_onexit
_lock
__dllonexit
_unlock
realloc
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_wcsicmp
_errno
wcschr
_wtoi
wcsncmp
??3@YAXPAX@Z

advapi32

RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW

kernel32

InterlockedCompareExchange
Sleep
InterlockedExchange
GetVersionExA
GetProcessHeap
HeapAlloc
LocalAlloc
LocalFree
GetCurrentProcess
GetCurrentThreadId
RtlUnwind
TlsGetValue
TlsFree
TlsAlloc
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
QueryPerformanceCounter
OutputDebugStringA
SetUnhandledExceptionFilter
HeapFree
GetTickCount
GetSystemDirectoryW
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
TlsSetValue
UnhandledExceptionFilter

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysFreeString
VariantClear
VariantInit
VarUI4FromStr
SysAllocStringLen
SysStringLen
SysAllocString
VariantChangeType
BSTR_UserFree

rpcrt4

NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
NdrDllCanUnloadNow
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
NdrOleFree
NdrOleAllocate
IUnknown_AddRef_Proxy

user32

CharNextW
LoadStringW
UnregisterClassA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winspool.drv

OpenPrinterW
IsValidDevmodeW
DeviceCapabilitiesW
DocumentPropertiesW
GetPrinterDriverW
GetPrinterW
ClosePrinter

gdi32

GetDeviceCaps
DeleteDC
CreateICW

Exports

Exports

BindPTProviderThunk
ConvertDevModeToPrintTicketThunk
ConvertDevModeToPrintTicketThunk2
ConvertPrintTicketToDevModeThunk
ConvertPrintTicketToDevModeThunk2
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetDeviceDefaultPrintTicketThunk
GetDeviceNamespacesThunk
GetPrintCapabilitiesThunk
GetPrintCapabilitiesThunk2
GetSchemaVersionThunk
MergeAndValidatePrintTicketThunk
MergeAndValidatePrintTicketThunk2
PTCloseProvider
PTConvertDevModeToPrintTicket
PTConvertPrintTicketToDevMode
PTGetPrintCapabilities
PTMergeAndValidatePrintTicket
PTOpenProvider
PTOpenProviderEx
PTQuerySchemaVersionSupport
PTReleaseMemory
UnbindPTProviderThunk

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef7e15f3dbb2b0b1859b2d6b8d23f6c8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ole32

oleaut32

rpcrt4

user32

version

winspool.drv

gdi32

Exports

Exports

Sections

.text Size: 105KB - Virtual size: 105KB

.orpc Size: 512B - Virtual size: 51B

.data Size: 67KB - Virtual size: 68KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 105KB - Virtual size: 105KB

.orpc
Size: 512B - Virtual size: 51B

.data
Size: 67KB - Virtual size: 68KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB