0faf91fe58aa1e776b707897ec11aa00_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0faf91fe58aa1e776b707897ec11aa00_JaffaCakes118
Size

661KB
MD5

0faf91fe58aa1e776b707897ec11aa00
SHA1

b67aadc96facc3bd9b1353194d016491c06357f7
SHA256

748d0dd6d94175224663c0004fd49a8e5eb036b526070e98a3f516fd0c0a5196
SHA512

ca7f3f06cacf988978737e4f1cc81d45670aeff7578c53ef0258d9ce19ffe117d1441f2f9d8d57011a83cb541be9dcb034be7245c98f523eecf1d7c034648e30
SSDEEP

12288:Nv0vM243r3il0V7sz5RQl4uff4NbKUnKJ7lVfbN7B:Nv002MLil0qQQ1KJ7rJ7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0faf91fe58aa1e776b707897ec11aa00_JaffaCakes118

Files

0faf91fe58aa1e776b707897ec11aa00_JaffaCakes118
.exe windows:6 windows x86 arch:x86

b6b09567008e8ccd6524423615b74168

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

PrintFilterPipelineSvc.pdb

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW
CloseServiceHandle
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
EnumDependentServicesW
ControlService
LsaNtStatusToWinError
LsaClose
LsaStorePrivateData
LsaOpenPolicy
RegisterEventSourceW
SetThreadToken
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken
MapGenericMask
AccessCheck
ConvertStringSecurityDescriptorToSecurityDescriptorW
ReportEventW

kernel32

GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
Sleep
GetModuleFileNameW
OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
CreateThread
CreateEventW
GetModuleHandleW
GetCurrentThreadId
SetEvent
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
GetCommandLineW
RtlCaptureStackBackTrace
HeapSetInformation
CompareFileTime
GetFileTime
CreateFileW
DeleteCriticalSection
CopyFileW
CreateDirectoryW
GetSystemDirectoryW
GetWindowsDirectoryW
DeleteTimerQueueEx
RegisterWaitForSingleObject
InterlockedCompareExchange
UnregisterWaitEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
ReadFile
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
DebugBreak
SetFilePointerEx
SetEndOfFile
LoadLibraryW
ReleaseSemaphore
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CreateSemaphoreW
QueueUserWorkItem
ResetEvent
LocalFree
GetLocaleInfoW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WaitForSingleObject
CloseHandle
LoadLibraryExW
GetProcAddress
FreeLibrary
GetVersionExW
GetVersionExA
InterlockedExchange
WideCharToMultiByte
GetStartupInfoW
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
HeapSize
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
CreateTimerQueue

user32

UnregisterClassA
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
CharNextW

oleaut32

SetErrorInfo
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocStringLen
GetErrorInfo
VariantCopy
VariantClear
VariantInit
SysAllocString
SysFreeString
SysStringLen

ole32

CoGetObjectContext
CoCreateGuid
CoImpersonateClient
CoRevertToSelf
IIDFromString
CreateStreamOnHGlobal
CoResumeClassObjects
CoCreateInstance
StringFromGUID2
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoSuspendClassObjects
CoTaskMemFree

winspool.drv

ClosePrinter
AddPrinterW
XcvDataW
OpenPrinterW
GetPrintProcessorDirectoryW
StartPagePrinter
ReadPrinter
AddPrintProcessorW
WritePrinter
SeekPrinter
DocumentPropertiesW
EndDocPrinter
SetJobW
AddPrinterDriverExW
EndPagePrinter
StartDocPrinterW
GetPrinterDriverDirectoryW
GetPrinterDataW

ntdll

RtlUnwind

xpssvcs

DDLogHelper
CreateReachPackageSender
CreateReachPackageReceiver

psapi

GetModuleInformation
EnumProcessModules
GetModuleFileNameExW

setupapi

SetupCopyOEMInfW

prntvpt

ord9
ord4
ord2

Sections

.text
Size: 602KB - Virtual size: 602KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b6b09567008e8ccd6524423615b74168

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

oleaut32

ole32

winspool.drv

ntdll

xpssvcs

psapi

setupapi

prntvpt

Sections

.text Size: 602KB - Virtual size: 602KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 42KB - Virtual size: 62KB

.text
Size: 602KB - Virtual size: 602KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 42KB - Virtual size: 62KB