a47df8f67fc30f2967cdc8bc2bc8d29d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a47df8f67fc30f2967cdc8bc2bc8d29d_JaffaCakes118
Size

359KB
MD5

a47df8f67fc30f2967cdc8bc2bc8d29d
SHA1

957994954871b1692e07529c44a7b2b738fb9809
SHA256

c18ee1d6184e27f2601733242ca97d3793610287e21f500a44dec63a3e2b7eaa
SHA512

8385274650f34c598b5f63937d3f60be11fbe2aa5c31ecd57533ca406065d4c656bfedaa2ad593bfbaae2a0ca55afc3a33418b377acd3f0a4ff66288439bdc6c
SSDEEP

6144:DSRfjegp2U8P6o4XAYwQ85pZabJxWZ0L0nV5YJRu6I2mvzDpz:DQegpD8PWXAYwQ85KlL0V5YFazD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a47df8f67fc30f2967cdc8bc2bc8d29d_JaffaCakes118

Files

a47df8f67fc30f2967cdc8bc2bc8d29d_JaffaCakes118
.exe windows:6 windows x86 arch:x86

83fc02dcb7f83e45ce663f9edce4f4c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

PrintBrmEngine.pdb

Imports

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
RegConnectRegistryW
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
EnumDependentServicesW
ControlService
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetSecurityDescriptorLength
InitializeSecurityDescriptor
CloseServiceHandle

kernel32

GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
GetModuleHandleW
GetProcAddress
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
CreateFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
LoadLibraryW
InitializeCriticalSectionAndSpinCount
GetComputerNameW
GetSystemDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
OutputDebugStringW
FormatMessageW
CompareFileTime
CreateFileW
ReadFile
WriteFile
LocalFree
SetLastError
CopyFileW
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
DeleteFileW
MoveFileExW
GetTempPathW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoW
InterlockedCompareExchange
CompareStringW
WideCharToMultiByte
InterlockedExchange
GetVersionExA
GetLastError
lstrlenW
HeapSetInformation
GetCommandLineW
GetCurrentThreadId
Sleep
CreateEventW
CreateThread
SetEvent
RaiseException
WaitForSingleObject
CloseHandle
QueueUserWorkItem
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection

user32

CharNextW
GetMessageW
DispatchMessageW
PostThreadMessageW
LoadStringW
UnregisterClassA

msvcrt

_wcsicmp
wcsrchr
wcschr
_vsnwprintf
wcstoul
wcstol
_open
_close
_lseek
remove
_wopen
??3@YAXPAX@Z
??_V@YAXPAX@Z
??2@YAPAXI@Z
malloc
free
??_U@YAPAXI@Z
memset
__CxxFrameHandler
_errno
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
realloc
_unlock
_read
_write
__dllonexit
_lock
_onexit
memcpy
memmove
?terminate@@YAXXZ
_controlfp
_purecall

ntdll

RtlUnwind

ole32

StringFromGUID2
CoUninitialize
CoInitializeEx
CoCreateInstance
CoSuspendClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
VariantInit
SysStringLen

netapi32

NetShareGetInfo
NetApiBufferFree

ws2_32

WSAStartup
WSACleanup

mscms

GetColorDirectoryW
WcsEnumColorProfiles
WcsEnumColorProfilesSize
WcsAssociateColorProfileWithDevice
InstallColorProfileW

winspool.drv

UploadPrinterDriverPackageW
GetPrinterDataW
GetPrinterDataExW
GetPrinterW
XcvDataW
OpenPrinterW
EnumFormsW
ClosePrinter
EnumPrintProcessorsW
EnumPortsW
EnumPrinterDriversW
EnumPrintersW
GetPrinterDriverDirectoryW
EnumPrinterKeyW
EnumPrinterDataExW
SetPrinterDataW
AddPrinterW
SetPrinterW
SetPrinterDataExW
GetPrintProcessorDirectoryW
AddPrintProcessorW
AddPrinterDriverExW
InstallPrinterDriverFromPackageW
GetCorePrinterDriversW
AddMonitorW
AddFormW
GetPrinterDriverPackagePathW

clusapi

GetClusterResourceKey
ClusterRegCloseKey
ClusterRegQueryValue
ClusterRegOpenKey
GetClusterResourceState
ClusterResourceEnum
ClusterResourceControl
CloseClusterNode
OpenClusterNode
OpenCluster
ClusterResourceCloseEnum
OfflineClusterResource
OnlineClusterResource
CloseCluster
ClusterResourceOpenEnum
OpenClusterResource
CloseClusterResource

resutils

ResUtilGetResourceName
ResUtilFindDependentDiskResourceDriveLetter
ResUtilEnumResourcesEx
ResUtilResourceTypesEqual
ResUtilFindSzProperty

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

??0CTcpMib@@QAE@ABV0@@Z
??0CTcpMib@@QAE@XZ
??1CTcpMib@@UAE@XZ
??4CTcpMib@@QAEAAV0@ABV0@@Z
??_7CTcpMib@@6B@

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

PACK
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

83fc02dcb7f83e45ce663f9edce4f4c2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ntdll

ole32

oleaut32

netapi32

ws2_32

mscms

winspool.drv

clusapi

resutils

version

Exports

Exports

Sections

.text Size: 177KB - Virtual size: 177KB

.data Size: 1KB - Virtual size: 7KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 7KB - Virtual size: 6KB

PACK Size: 144KB - Virtual size: 380KB

.text
Size: 177KB - Virtual size: 177KB

.data
Size: 1KB - Virtual size: 7KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 7KB - Virtual size: 6KB

PACK
Size: 144KB - Virtual size: 380KB