a522171f32e790ddec2378be9c4ea109_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a522171f32e790ddec2378be9c4ea109_JaffaCakes118
Size

656KB
MD5

a522171f32e790ddec2378be9c4ea109
SHA1

4af07affd5e05a76039466aabcaa0ca5ad613af6
SHA256

15e818dc23c0eeeb7b220df730c3a06c9cb777d6289ab9791486c3ddb393f596
SHA512

f12ea1e8f01f85bf1a8a1946fea7f4aad600250d754e117b5ed8a4fdd4151ddc83a030bf501a393667d77901aaf6690f9551c605b92fb007a74dc78cbcdf0380
SSDEEP

12288:tRCKBuAnA0xH2wm2FlfbDvyiXVZSQesSz7GtWejzevDJYRF+1KlLWsz4OzUfrgoI:tERAnA0xH2d2FlfbDvyiXVZSQeJz7GtT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a522171f32e790ddec2378be9c4ea109_JaffaCakes118

Files

a522171f32e790ddec2378be9c4ea109_JaffaCakes118
.exe windows:6 windows x86 arch:x86

eb11ec678b29b68b34d9460d34587fae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

PrintFilterPipelineSvc.pdb

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW
CloseServiceHandle
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
EnumDependentServicesW
ControlService
LsaNtStatusToWinError
LsaClose
LsaStorePrivateData
LsaOpenPolicy
RegisterEventSourceW
SetThreadToken
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken
MapGenericMask
AccessCheck
ConvertStringSecurityDescriptorToSecurityDescriptorW
ReportEventW

kernel32

lstrcmpiW
Sleep
GetModuleFileNameW
OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
CreateThread
CreateEventW
GetModuleHandleW
GetCurrentThreadId
SetEvent
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
RtlCaptureStackBackTrace
HeapSetInformation
CompareFileTime
GetFileTime
CreateFileW
InterlockedDecrement
CopyFileW
CreateDirectoryW
GetSystemDirectoryW
GetWindowsDirectoryW
DeleteTimerQueueEx
RegisterWaitForSingleObject
InterlockedCompareExchange
UnregisterWaitEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
FormatMessageW
ReadFile
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
DebugBreak
SetFilePointerEx
SetEndOfFile
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
LoadLibraryW
QueueUserWorkItem
ResetEvent
LocalFree
GetLocaleInfoW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InterlockedIncrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WaitForSingleObject
CloseHandle
GetVersionExW
GetVersionExA
InterlockedExchange
WideCharToMultiByte
GetStartupInfoW
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetProcAddress
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
HeapSize
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
CreateTimerQueue

user32

UnregisterClassA
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
LoadStringW
CharNextW

oleaut32

SetErrorInfo
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocStringLen
GetErrorInfo
VariantCopy
VariantClear
VariantInit
SysAllocString
SysFreeString
SysStringLen

ole32

CoGetObjectContext
CoCreateGuid
CoImpersonateClient
CoRevertToSelf
IIDFromString
CreateStreamOnHGlobal
CoResumeClassObjects
CoCreateInstance
StringFromGUID2
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoSuspendClassObjects
CoTaskMemFree

winspool.drv

ClosePrinter
AddPrinterW
XcvDataW
OpenPrinterW
GetPrintProcessorDirectoryW
StartPagePrinter
ReadPrinter
AddPrintProcessorW
WritePrinter
SeekPrinter
DocumentPropertiesW
EndDocPrinter
SetJobW
AddPrinterDriverExW
EndPagePrinter
StartDocPrinterW
GetPrinterDriverDirectoryW
GetPrinterDataW

ntdll

RtlUnwind

xpssvcs

DDLogHelper
CreateReachPackageSender
CreateReachPackageReceiver

psapi

GetModuleInformation
EnumProcessModules
GetModuleFileNameExW

setupapi

SetupCopyOEMInfW

prntvpt

ord9
ord4
ord2

Sections

.text
Size: 597KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eb11ec678b29b68b34d9460d34587fae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

oleaut32

ole32

winspool.drv

ntdll

xpssvcs

psapi

setupapi

prntvpt

Sections

.text Size: 597KB - Virtual size: 596KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 42KB - Virtual size: 66KB

.text
Size: 597KB - Virtual size: 596KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 42KB - Virtual size: 66KB