828fe6c70f4fe3ef4c25735f1202e21a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

828fe6c70f4fe3ef4c25735f1202e21a_JaffaCakes118
Size

389KB
MD5

828fe6c70f4fe3ef4c25735f1202e21a
SHA1

863b2e57ce9982a68ce6229cc4195f3faaaec8ad
SHA256

95288a3d7b17e864b4b6954f4feab446f0fcb89d0e07deb6d688e3c1da3253eb
SHA512

c52a5938489d70c08291e19506f0ccd854b674e2d5ade68c0807f95b18ab0e0d4cf93195bcf5405c58fcbf464bc6f01f5aec8f2ab341dd473db8ee49dd33510c
SSDEEP

6144:1b3ff4LOM5xoOZD5f9A97h787P6JrDSZ8SPwxNb+fP8z8MHanyZXmTRLeU:1TIOM0OZD9e36HUxNb8a8M6yZXke

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
828fe6c70f4fe3ef4c25735f1202e21a_JaffaCakes118

Files

828fe6c70f4fe3ef4c25735f1202e21a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1c4c6d9b6841acf4e6431b6b1b38255b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

localspl.pdb

Imports

msvcrt

wcsrchr
iswctype
_ftol
free
_initterm
malloc
_adjust_fdiv
_wcsnicmp
wcsncmp
wcscmp
wcsstr
_wsplitpath
iswalpha
isdigit
isspace
_wcslwr
fclose
fwprintf
_wfopen
wcschr
_vsnwprintf
wcslen
_wcsicmp
memmove
isprint
isupper
_vsnprintf
isxdigit
wcsncat
??3@YAXPAX@Z
??2@YAPAXI@Z
rand
srand
wcsncpy
wcspbrk
wcstoul
_except_handler3

ntdll

NtSetInformationThread
RtlGetNtProductType
NtClose
NtQueryValueKey
NtOpenKey
NtOpenThreadToken
RtlImageNtHeader
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlTimeToSecondsSince1970
RtlFreeAnsiString
VerSetConditionMask

spoolss

LoadDriverFiletoConvertDevmode
CallDrvDevModeConversion
UnloadDriverFile
BuildOtherNamesFromMachineName
FreeOtherNames
LoadDriverWithVersion
UnloadDriver
ScheduleJob
AddJobW
StartDocPrinterW
ReallocSplStr
ReadPrinter
AbortPrinter
WritePrinter
EndDocPrinter
SetJobW
SplInitializeWinSpoolDrv
bGetDevModePerUser
WaitForSpoolerInitialization
GetJobW
GetPrinterW
SetPrinterW
MarshallDownStructure
MarshallUpStructure
AddPrinterW
ProvidorFindClosePrinterChangeNotification
ReplyPrinterChangeNotification
PartialReplyPrinterChangeNotification
AppendPrinterNotifyInfoData
RouterFreePrinterNotifyInfo
RouterAllocPrinterNotifyInfo
WaitForPrinterChange
ProvidorFindFirstPrinterChangeNotification
SplIsUpgrade
OpenPrinterW
GetJobAttributes
GetPrinterDataW
SplUnregisterForDeviceEvents
SplRegisterForDeviceEvents
LogWmiTraceEvent
IsNamedPipeRpcCall
ClosePrinter
IsLocalCall
OpenPrinterPortW
DeletePortW
ReallocSplMem
AllocSplStr
RevertToPrinterSelf
DllFreeSplMem
ImpersonatePrinterClient
DllAllocSplMem
DllFreeSplStr
UpdatePrinterRegAll
EnumJobsW

gdi32

TranslateCharsetInfo
GetTextMetricsW
StartDocW
SetBkMode
StartPage
EndPage
EndDoc
AbortDoc
GdiGetSpoolFileHandle
GdiGetDC
GdiGetPageCount
GetWorldTransform
GdiStartDocEMF
GdiEndDocEMF
GdiDeleteSpoolFileHandle
GdiGetPageHandle
GdiStartPageEMF
GdiGetDevmodeForPage
GdiEndPageEMF
GdiResetDCEMF
ResetDCW
SetGraphicsMode
ModifyWorldTransform
SetWorldTransform
GdiPlayPageEMF
CancelDC
CreateDCW
GetDeviceCaps
DeleteDC
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectW
SelectObject
PatBlt
TextOutA
GetBitmapBits
GdiQueryFonts
GdiArtificialDecrementDriver

kernel32

IsDBCSLeadByte
GetSystemDefaultLangID
SystemTimeToFileTime
GetTimeFormatA
GetSystemDefaultLCID
SystemTimeToTzSpecificLocalTime
GetDateFormatA
CreateFileA
GetCurrentProcess
ConnectNamedPipe
DisconnectNamedPipe
DefineDosDeviceW
QueryDosDeviceW
WaitForMultipleObjectsEx
CreateNamedPipeW
GetWindowsDirectoryW
InterlockedIncrement
InterlockedCompareExchange
InterlockedDecrement
DelayLoadFailureHook
LoadLibraryA
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDBCSLeadByteEx
GetACP
WriteProfileStringW
DeviceIoControl
GetCommTimeouts
GetProfileStringW
GetProfileIntW
BuildCommDCBW
SetDefaultCommConfigW
GetDefaultCommConfigW
SetCommState
GetCommState
GetCurrentDirectoryW
GetSystemWindowsDirectoryW
SetCommTimeouts
SetLastError
GetLastError
GetTickCount
lstrcmpW
lstrcmpiW
GetSystemTime
lstrlenW
SetEndOfFile
SetFilePointer
DeleteFileW
UnmapViewOfFile
WaitForSingleObject
SetEvent
CloseHandle
GetCurrentThread
CreateFileW
CreateThread
GetSystemInfo
GetVersion
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
Sleep
LoadLibraryW
SetErrorMode
GetExitCodeThread
GetFileSize
ResetEvent
CreateEventW
MapViewOfFile
CreateFileMappingW
DuplicateHandle
WriteFile
ReadFile
WaitForSingleObjectEx
GetFileAttributesExW
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleExW
FreeLibrary
FindClose
FindFirstFileW
SetFileTime
DosDateTimeToFileTime
LoadLibraryExW
CompareFileTime
SetFileAttributesW
GetFileAttributesW
VerifyVersionInfoW
LocalFree
GetTempFileNameW
CreateDirectoryW
CopyFileW
GetLocalTime
FormatMessageW
MultiByteToWideChar
FindNextFileW
MoveFileExW
GetSystemDirectoryW
GetExitCodeProcess
CreateProcessW
IsBadStringPtrW
RemoveDirectoryW
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
FlushFileBuffers
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
LocalAlloc
CloseProfileUserMapping
SetThreadPriority
GetVersionExW
GetComputerNameW
GlobalMemoryStatus
GetTimeZoneInformation
ExitThread
SetThreadExecutionState

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
StringFromIID
CoTaskMemFree

oleaut32

VariantInit
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
VariantCopy
SysAllocString
SysFreeString

advapi32

OpenEventLogW
ReadEventLogW
CloseEventLog
ObjectDeleteAuditAlarmW
ObjectCloseAuditAlarmW
ImpersonateNamedPipeClient
GetAclInformation
CopySid
ReportEventW
RegisterEventSourceW
ObjectOpenAuditAlarmW
CreatePrivateObjectSecurityEx
SetPrivateObjectSecurity
CreatePrivateObjectSecurity
DeleteAce
CheckTokenMembership
LookupPrivilegeValueW
AdjustTokenPrivileges
SetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
OpenProcessToken
MapGenericMask
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AddAccessDeniedAce
MakeSelfRelativeSD
DestroyPrivateObjectSecurity
GetAce
ImpersonateSelf
RevertToSelf
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
InitializeSecurityDescriptor
SetEntriesInAclW
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
AllocateAndInitializeSid
FreeSid
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
GetUserNameW
AreAnyAccessesGranted
AccessCheck
AreAllAccessesGranted
OpenThreadToken
GetTokenInformation
GetSecurityDescriptorLength

user32

LoadStringW
PostThreadMessageW
SendNotifyMessageW
GetWindowLongW
WinHelpW
GetDlgItemTextW
EndDialog
BringWindowToTop
SetFocus
SetWindowLongW
SendDlgItemMessageW
DialogBoxParamW
CharUpperW
MessageBeep
MessageBoxW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

rpcrt4

RpcStringFreeW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcBindingServerFromClient
I_RpcBindingInqTransportType
RpcBindingFree

ws2_32

setsockopt
connect
WSACloseEvent
socket
getsockopt
WSAStartup
WSACleanup
gethostbyname
WSAGetLastError
WSASocketW
shutdown
closesocket
WSACreateEvent
WSAGetOverlappedResult
WSAResetEvent
WSASend

secur32

GetUserNameExW

sfc_os

ord5
ord3
ord4

userenv

RegisterGPNotification
UnregisterGPNotification

Exports

Exports

ClosePrintProcessor
ControlPrintProcessor
DllMain
EnumPrintProcessorDatatypesW
GetPrintProcessorCapabilities
InitializePrintMonitor
InitializePrintProvidor
LclIsSessionZero
LclPromptUIPerSessionUser
OpenPrintProcessor
PrintDocumentOnPrintProcessor
PrintProcLogEvent
SplAddForm
SplAddMonitor
SplAddPort
SplAddPortEx
SplAddPrintProcessor
SplAddPrinter
SplAddPrinterDriverEx
SplBroadcastChange
SplClosePrinter
SplCloseSpooler
SplConfigChange
SplCopyFileEvent
SplCopyNumberOfFiles
SplCreateSpooler
SplDeleteForm
SplDeleteMonitor
SplDeletePort
SplDeletePrintProcCacheData
SplDeletePrintProcessor
SplDeletePrinter
SplDeletePrinterDriverEx
SplDeletePrinterKey
SplDeleteSpooler
SplDriverEvent
SplEnumForms
SplEnumMonitors
SplEnumPorts
SplEnumPrintProcCacheData
SplEnumPrintProcessorDatatypes
SplEnumPrintProcessors
SplEnumPrinterDataEx
SplEnumPrinterKey
SplEnumPrinters
SplGetDriverDir
SplGetForm
SplGetPrintProcCacheData
SplGetPrintProcessorDirectory
SplGetPrinter
SplGetPrinterData
SplGetPrinterDataEx
SplGetPrinterDriver
SplGetPrinterDriverDirectory
SplGetPrinterDriverEx
SplGetPrinterExtra
SplGetPrinterExtraEx
SplLoadLibraryTheCopyFileModule
SplLogEventExternal
SplMonitorIsInstalled
SplOpenPrinter
SplPowerEvent
SplReenumeratePorts
SplResetPrinter
SplSetForm
SplSetPrintProcCacheData
SplSetPrinter
SplSetPrinterData
SplSetPrinterDataEx
SplSetPrinterExtra
SplSetPrinterExtraEx
SplXcvData

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c4c6d9b6841acf4e6431b6b1b38255b

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

spoolss

gdi32

kernel32

ole32

oleaut32

advapi32

user32

version

rpcrt4

ws2_32

secur32

sfc_os

userenv

Exports

Exports

Sections

.text Size: 294KB - Virtual size: 293KB

.data Size: 68KB - Virtual size: 68KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 294KB - Virtual size: 293KB

.data
Size: 68KB - Virtual size: 68KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 10KB - Virtual size: 10KB