b9c222f2b4456b57ad4e6e6e4769dac6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b9c222f2b4456b57ad4e6e6e4769dac6_JaffaCakes118
Size

388KB
MD5

b9c222f2b4456b57ad4e6e6e4769dac6
SHA1

a119ebdaa70fdf2c4a00ae6528d1b3a0c0434629
SHA256

1d0a8a001d446b43fc70328b2c4ce361036174f2d0a39f60a459bd3a1dd4a452
SHA512

74c8074b42bd87e3d86c5a4dda103d15a5542c016f16524c183df42bf453981a508048a1f4e6d4ed6bd31a2375b4e7689726fdda9301cdd6ede404731af2fe56
SSDEEP

6144:bng1hr59G/mFRcOHAx2aSJQw5CIpk54nQhX98U8Opb74cxLUNP9Dm:bg1v48KOHsSCYCIpkGQ38U827DxINJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9c222f2b4456b57ad4e6e6e4769dac6_JaffaCakes118

Files

b9c222f2b4456b57ad4e6e6e4769dac6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

abe03d8af6b08d3c1ff8a578d3765588

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

printui

DllMain
bFolderRefresh
ConstructPrinterFriendlyName
PrintUIEntryW
PrintNotifyTray_Exit
vPrinterPropPages
bFolderGetPrinter
vServerPropPages
bPrinterSetup
vQueueCreate
PnPInterface
bFolderEnumPrinters
DllGetClassObject
UnregisterPrintNotify
vDocumentDefaults
ShowErrorMessageSC
PrintNotifyTray_Init
RegisterPrintNotify
PrinterPropPageProvider
ShowErrorMessageHR
DocumentPropertiesWrap
ConnectToPrinterDlg

query

??1CVirtualString@@QAE@XZ
??1CDbPropIDSet@@QAE@XZ
??0CPropertyRestriction@@QAE@XZ
?ReturnBuffer@CPhysStorage@@QAEXKHH@Z
??0CIndexTable@@QAE@AAVCiStorage@@AAVCTransaction@@@Z
?InitIterator@CStaticPropertyList@@UAEXXZ
?ParseTree@CParseCommandTree@@QAEXPAVCDbCmdTreeNode@@@Z
??0CCategorizationSet@@QAE@ABV0@@Z
?SkipGUID@CMemDeSerStream@@UAEXXZ
??1CScopeRestriction@@QAE@XZ
?AddTable@CDbNestingNode@@QAEHPAVCDbCmdTreeNode@@@Z
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KPAUtagPROPVARIANT@@PAI@Z
?UnMarshallTree@CDbCmdTreeNode@@SGPAV1@AAVPDeSerStream@@@Z
?CiNtOpen@@YGPAXPBGKKK@Z
CollectCIISAPIPerformanceData
??0CAllocStorageVariant@@QAE@AAVPDeSerStream@@AAVPMemoryAllocator@@@Z
?AddArg@CFwEventItem@@QAEXK@Z
?GetPropInfoFromName@CEmptyPropertyList@@UAGJPBGPAPAUtagDBID@@PAGPAI@Z
?GetLPSTR@CAllocStorageVariant@@QBEPADI@Z
?Add@CDbSortSet@@QAEHABVCDbSortKey@@I@Z
??1CMemSerStream@@UAE@XZ
??0CDriveInfo@@QAE@PBGK@Z
?SetUI1@CStorageVariant@@QAEXEI@Z
?GetGlobalStaticPropertyList@@YGPAVCStaticPropertyList@@XZ
CIBuildQueryTree
??0CStandardPropMapper@@QAE@XZ
?SetPhrase@CContentRestriction@@QAEXPBG@Z
??0CLocalGlobalPropertyList@@QAE@PAVCEmptyPropertyList@@HPBGK@Z
?InsertChild@CDbCmdTreeNode@@IAEXPAV1@@Z
?ResetType@CAllocStorageVariant@@IAEXAAVPMemoryAllocator@@@Z
CITextToSelectTree
?EndTransaction@CPropStoreManager@@QAEXKHKK@Z
?Shrink@CDynStream@@QAEXAAVPStorage@@K@Z
??0CPhysStorage@@IAE@AAVPStorage@@AAVPStorageObject@@KIPAVPMmStream@@HIH@Z
?GetLCIDFromString@@YGKPAG@Z
??0CRegChangeEvent@@QAE@PBGH@Z
?VerifyThreadHasAdminPrivilege@@YGXXZ
?BuildRegistryPropertiesKey@@YGXAAV?$XArray@G@@PBG@Z
?GetDWORDParam@CCatalogAdmin@@QAEHPBGAAK@Z
?Marshall@CDbParameter@@QBEXAAVPSerStream@@@Z
?FetchProperty@COLEPropManager@@QAEXABU_GUID@@ABUtagPROPSPEC@@PAUtagPROPVARIANT@@PAI@Z
??0CMemSerStream@@QAE@I@Z
??1CPhraseRestriction@@QAE@XZ
?_wcstoui64@@YA_KPBGPAPAGH@Z
?SetValue@CPropertyRestriction@@QAEXAAUtagBLOB@@@Z
?Read@CRcovStrmTrans@@QAEKPAXK@Z
?GetCommandChar@CQueryScanner@@QAEGXZ
?MakeLocalICommand@@YGJPAPAUIUnknown@@PAUICiCDocStore@@PAU1@@Z
?Marshall@CPropertyRestriction@@QBEXAAVPSerStream@@@Z
?SkipByte@CMemDeSerStream@@UAEXXZ
?Marshall@CBaseStorageVariant@@QBEXAAVPSerStream@@@Z
?SetBOOL@CStorageVariant@@QAEXFI@Z
?Marshall@CVectorRestriction@@QBEXAAVPSerStream@@@Z
?Empty@CPidLookupTable@@QAEXXZ
?AddCatalog@CMachineAdmin@@QAEXPBG0@Z
?AppendChild@CDbCmdTreeNode@@IAEXPAV1@@Z
?UpdateDiskLowInfo@CDiskFreeStatus@@QAEXXZ
?GetChar@CMemDeSerStream@@UAEXPADK@Z
?GetBackupSize@CPropStoreManager@@QAEKK@Z
??0CPropStoreManager@@QAE@K@Z
??0CWordRestriction@@QAE@ABVCKeyBuf@@KKKH@Z
?InitializeForRead@CDynStream@@QAEXXZ
?SetLPSTR@CStorageVariant@@QAEXPBDI@Z
?RemoveCatalog@CMachineAdmin@@QAEXPBGH@Z
??1CProcess@@QAE@XZ
?QueryPidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
??0CLangList@@QAE@PAUICiCLangRes@@K@Z
??3CDbCmdTreeNode@@SGXPAX@Z
?IsStopped@CCatalogAdmin@@QAEHXZ
?AcqLine@CQueryScanner@@QAEPAGH@Z
?AddRef@CEmptyPropertyList@@UAGKXZ
??0CDefColumnRegEntry@@QAE@XZ
?EnumVServers@CMetaDataMgr@@QAEXAAVCMetaDataVirtualServerCallBack@@@Z
?GetBlob@CMemDeSerStream@@UAEXPAEK@Z
?Marshall@CFullPropSpec@@QBEXAAVPSerStream@@@Z
??0CTransaction@@QAE@XZ
?Empty@CPropStoreManager@@QAEXXZ
BeginCacheTransaction
??1CContentRestriction@@QAE@XZ
??0CNatLanguageRestriction@@QAE@PBGABVCFullPropSpec@@K@Z
?Release@CEnumString@@UAGKXZ
?CIShutdown@@YGXXZ

msvcrt40

_adj_fprem1
??0fstream@@QAE@HPADH@Z
??_7stdiostream@@6B@
??_Dofstream@@QAEXXZ
_popen
_wctime
putwchar
?ignore@istream@@QAEAAV1@HH@Z
_fpieee_flt
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?unbuffered@streambuf@@IAEXH@Z
wcsncat
_abnormal_termination
?open@filebuf@@QAEPAV1@PBDHH@Z
fputc
??0fstream@@QAE@ABV0@@Z
_getdllprocaddr
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
??0ostream@@IAE@ABV0@@Z
wctomb
_wgetcwd
_safe_fdiv
memcpy
_fgetwchar
?unexpected@@YAXXZ
vprintf
__p__timezone
??_Gostream@@UAEPAXI@Z
_umask
getenv
_getw
fwscanf
_wutime
?str@ostrstream@@QAEPADXZ
_wcslwr
_ismbcsymbol
_strupr
rewind

wininet

HttpAddRequestHeadersW
CreateUrlCacheContainerA
GopherOpenFileA
InternetAttemptConnect
InternetSetCookieA
GetUrlCacheEntryInfoA
InternetConfirmZoneCrossingW
CreateUrlCacheEntryW
SetUrlCacheEntryGroupW
HttpSendRequestExW
InternetSetStatusCallbackW
SetUrlCacheGroupAttributeW
GopherGetLocatorTypeW
FtpDeleteFileW
FindNextUrlCacheContainerW
InternetCanonicalizeUrlA
InternetCrackUrlW
InternetAutodialCallback
InternetShowSecurityInfoByURLA
ShowX509EncodedCertificate
InternetAutodial
FtpPutFileW
FindFirstUrlCacheEntryExA
LoadUrlCacheContent
FindNextUrlCacheEntryW
InternetAlgIdToStringA
FtpCommandW

kernel32

CallNamedPipeA
SetTimerQueueTimer
VirtualProtectEx
WritePrivateProfileStringA
VirtualAlloc
QueryDosDeviceW
CloseProfileUserMapping
ScrollConsoleScreenBufferW
CmdBatNotification
RaiseException
Thread32First
GlobalFindAtomA
GetVolumePathNameA
SetLocalTime
SleepEx
UpdateResourceA
GetCompressedFileSizeW
FlushConsoleInputBuffer
SetFileApisToANSI
SwitchToThread
InitializeCriticalSection
GetConsoleProcessList
GetStartupInfoA
RegisterConsoleVDM
SetFileAttributesA
Process32FirstW
OpenProfileUserMapping
CreateActCtxW
AllocateUserPhysicalPages
GetModuleFileNameW
GetWriteWatch
GetACP
EnumResourceLanguagesA
BeginUpdateResourceW
GetVDMCurrentDirectories
EnumResourceTypesW
ExitVDM
IsValidCodePage
QueryMemoryResourceNotification
LoadLibraryA

winmm

WOWAppExit
waveOutGetPosition
waveOutGetVolume
mmioSendMessage
midiOutGetVolume
mmioCreateChunk
midiStreamOut
midiOutOpen
joySetCapture
waveOutSetVolume
mciLoadCommandResource
WOW32ResolveMultiMediaHandle
midiOutReset
waveInStop
waveInOpen
mid32Message
waveOutPause
mciGetCreatorTask
waveOutGetDevCapsW
midiOutGetErrorTextA
mmioGetInfo
mixerGetLineControlsA
timeGetSystemTime
mmsystemGetVersion
midiInStop

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 658KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abe03d8af6b08d3c1ff8a578d3765588

Headers

DLL Characteristics

File Characteristics

Imports

printui

query

msvcrt40

wininet

kernel32

winmm

Sections

.text Size: 101KB - Virtual size: 101KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 185KB - Virtual size: 658KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 185KB - Virtual size: 658KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 1024B