d592a3e3545f208deb5b145bb129d3e2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d592a3e3545f208deb5b145bb129d3e2_JaffaCakes118
Size

120KB
MD5

d592a3e3545f208deb5b145bb129d3e2
SHA1

d64cb072d1fa07324ff387fe00947c29ccc1820f
SHA256

5e73e60394c475a422f80a270bea55998dcee8d9523e1eb220b43529a6155274
SHA512

b3a03bec7d220223466b2f811efee9e92b4da50d83f770a2aa80b7773eee393b8a5e483fdf64342cf268693b28f0fecfb6360fcdd2c52b545716d326cfa347c0
SSDEEP

1536:ytUYnENEk3wAm3s83FfQEfW7wp4ufdkFNCSe5KYQkYGP3TqUAaqf:ytTENEkAhW76NfdkFNdYiGeUA/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d592a3e3545f208deb5b145bb129d3e2_JaffaCakes118

Files

d592a3e3545f208deb5b145bb129d3e2_JaffaCakes118
.dll windows:5 windows x86 arch:x86

72c44023a95eb1fbdcec6d703ef22dce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

adsnw.pdb

Imports

msvcrt

wcsncpy
_wcsupr
_ltoa
_ftol
free
_initterm
malloc
_adjust_fdiv
_purecall
wcscpy
_wcsicmp
wcslen
wcscat
_except_handler3
_strupr
_wtol
wcscmp
_ltow

ntdll

RtlNtStatusToDosError

nwapi32

NWPGetChallengeKey
NWPGetObjectID
NWPChangeObjectPasswordEncrypted
NWCReadPropertyValue
NWCDestroyQueue
NWCCreateQueue
NWCDeleteObject
NWPAddTrustee
NWCGetVolumeName
NWCGetVolumeNumber
NWCDeleteObjectFromSet
NWCAddObjectToSet
NWCGetObjectID
NWCIsObjectInSet
NWCGetFileServerVersionInfo
NWPCreateDirectory
NWCCreateObject
NWCChangePropertySecurity
NWCCreateProperty
NWCAttachToFileServerW
NWCDetachFromFileServer
NWCWritePropertyValue
NWCGetObjectName
NWCScanObject

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

activeds

ord22
ord17
ord18
ord15
ord14
ord21
ord16
ord12
ord23

ole32

CoTaskMemFree
CoCreateInstance
IIDFromString
CLSIDFromString
StringFromCLSID
StringFromGUID2
CreatePointerMoniker

winspool.drv

GetPrinterW
ClosePrinter
OpenPrinterW
SetPrinterW
GetJobW
SetJobW
EnumJobsW

kernel32

FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
lstrlenW
CloseHandle
RemoveDirectoryW
CreateFileW
SystemTimeToFileTime
FileTimeToSystemTime
DosDateTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetLastError
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
FileTimeToDosDateTime
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
LocalFree
DeleteFileW
LocalAlloc

user32

wsprintfW

oleaut32

VariantInit
SafeArrayDestroy
SysFreeString
VariantCopy
SetErrorInfo
DispInvoke
LoadRegTypeLi
DispGetIDsOfNames
SafeArrayPutElement
SafeArrayCreate
SysAllocString
CreateErrorInfo
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantTimeToDosDateTime
DosDateTimeToVariantTime
VariantClear

mpr

WNetCancelConnectionW
WNetAddConnection2W

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72c44023a95eb1fbdcec6d703ef22dce

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

nwapi32

advapi32

activeds

ole32

winspool.drv

kernel32

user32

oleaut32

mpr

Exports

Exports

Sections

.text Size: 102KB - Virtual size: 102KB

.data Size: 9KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 102KB - Virtual size: 102KB

.data
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 6KB - Virtual size: 6KB