13948e870e7baee14d2f9ac00f8b429f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

13948e870e7baee14d2f9ac00f8b429f_JaffaCakes118
Size

505KB
MD5

13948e870e7baee14d2f9ac00f8b429f
SHA1

2cb2ce7d65a83aaf7ea02f2ad0b0c715b1199773
SHA256

a759da540d2e682dbdfce82143379ac1f9bbc2247472dbde556734ba42aaccdd
SHA512

acf651c01963a875a87ab9a1095718700b378da8b80bddcf39064b8a500fb4feb00394efaf537a1b231f6bafa788f5dde9255c1892de988874e42205d8dc76d4
SSDEEP

12288:Cw7LjDjuFk4LJnqe4qRQhQePCdMgl6kf1TcE+NNmQk405:Cw7LjDjuFkuJnqe4qRQhQePCd9l6kf/Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13948e870e7baee14d2f9ac00f8b429f_JaffaCakes118

Files

13948e870e7baee14d2f9ac00f8b429f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ddaace477a870bfb8f07a092d1f81827

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FXSAPI.pdb

Imports

msvcrt

_mbsicmp
_wcsicmp
wcslen
_except_handler3
wcscpy
_ftol
realloc
_onexit
__dllonexit
_adjust_fdiv
malloc
_initterm
free
_wsplitpath
wcsncpy
iswalpha
wcsncmp
_wcsnset
_itow
_mbscpy
_snwprintf
wcscat
qsort
wcschr
wcsstr
swprintf
wcsrchr
wcscmp

rpcrt4

RpcBindingFree
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcBindingServerFromClient
RpcServerRegisterAuthInfoW
RpcMgmtStopServerListening
RpcServerUnregisterIf
RpcMgmtWaitServerListen
RpcStringFreeW
NdrServerCall2
NdrClientCall2
RpcBindingToStringBindingW
RpcServerListen
RpcBindingSetAuthInfoW
RpcStringBindingParseW

kernel32

DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetLocalTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MultiByteToWideChar
WideCharToMultiByte
GetVersionExW
GetDateFormatW
lstrcpyW
CreateDirectoryW
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
Sleep
GetCurrentThread
CreateEventW
OpenEventW
GetSystemTime
MapViewOfFileEx
CreateFileMappingW
SetEndOfFile
SetFilePointer
UnmapViewOfFile
CopyFileW
GetStringTypeExW
IsValidLanguageGroup
GetTimeFormatW
GetFileAttributesW
ExpandEnvironmentStringsW
LoadLibraryW
GetProcAddress
FreeLibrary
CreateMutexW
WaitForSingleObject
WriteFile
ReadFile
GetTempPathW
GetTempFileNameW
GetFullPathNameW
DeleteFileW
CreateFileW
GetFileSize
CloseHandle
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenW
GetSystemTimeAsFileTime
LocalAlloc
PostQueuedCompletionStatus
LocalFree
IsBadReadPtr
GetComputerNameW
GetLastError
SetLastError
SetEnvironmentVariableW
MapViewOfFile
WaitForMultipleObjects
ReleaseMutex
VirtualAlloc
VirtualFree
OpenMutexW
MulDiv
GetCurrentProcess

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHChangeNotify
SHGetMalloc

advapi32

GetSecurityDescriptorOwner
StartServiceW
RegCloseKey
RegOpenKeyW
GetSecurityDescriptorLength
GetSecurityDescriptorControl
IsValidSecurityDescriptor
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CopySid
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetLengthSid
IsValidSid
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorGroup
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
SetSecurityDescriptorDacl
OpenThreadToken

winspool.drv

AddPrinterW
ClosePrinter
SetJobW
DocumentPropertiesW
GetPrinterW
OpenPrinterW
GetPrinterDriverW
GetJobW
EnumPrintersW

gdi32

EndDoc
StartDocW
CreateDCW
EndPage
StartPage
DeleteObject
CreateFontIndirectW
SelectObject
StretchDIBits
GetDeviceCaps
DeleteEnhMetaFile
GetTextMetricsW
SetTextColor
LPtoDP
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
SetBkMode
RestoreDC
PlayEnhMetaFile
GetEnhMetaFileHeader
SetEnhMetaFileBits
SaveDC
SelectClipRgn
CreateRectRgnIndirect
DeleteDC

user32

DrawTextW
PostMessageW
wsprintfW

ole32

CoInitialize
CLSIDFromString
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

Exports

Exports

FXSAPIFree
FXSAPIInitialize
FaxAbort
FaxAccessCheck
FaxAccessCheckEx
FaxAddOutboundGroupA
FaxAddOutboundGroupW
FaxAddOutboundRuleA
FaxAddOutboundRuleW
FaxAnswerCall
FaxClose
FaxCompleteJobParamsA
FaxCompleteJobParamsW
FaxConnectFaxServerA
FaxConnectFaxServerW
FaxEnableRoutingMethodA
FaxEnableRoutingMethodW
FaxEndMessagesEnum
FaxEnumGlobalRoutingInfoA
FaxEnumGlobalRoutingInfoW
FaxEnumJobsA
FaxEnumJobsExA
FaxEnumJobsExW
FaxEnumJobsW
FaxEnumMessagesA
FaxEnumMessagesW
FaxEnumOutboundGroupsA
FaxEnumOutboundGroupsW
FaxEnumOutboundRulesA
FaxEnumOutboundRulesW
FaxEnumPortsA
FaxEnumPortsExA
FaxEnumPortsExW
FaxEnumPortsW
FaxEnumRoutingExtensionsA
FaxEnumRoutingExtensionsW
FaxEnumRoutingMethodsA
FaxEnumRoutingMethodsW
FaxEnumerateProvidersA
FaxEnumerateProvidersW
FaxFreeBuffer
FaxFreeSenderInformation
FaxGetActivityLoggingConfigurationA
FaxGetActivityLoggingConfigurationW
FaxGetArchiveConfigurationA
FaxGetArchiveConfigurationW
FaxGetConfigWizardUsed
FaxGetConfigurationA
FaxGetConfigurationW
FaxGetCountryListA
FaxGetCountryListW
FaxGetDeviceStatusA
FaxGetDeviceStatusW
FaxGetExtensionDataA
FaxGetExtensionDataW
FaxGetJobA
FaxGetJobExA
FaxGetJobExW
FaxGetJobW
FaxGetLoggingCategoriesA
FaxGetLoggingCategoriesW
FaxGetMessageA
FaxGetMessageTiffA
FaxGetMessageTiffW
FaxGetMessageW
FaxGetOutboxConfiguration
FaxGetPageData
FaxGetPersonalCoverPagesOption
FaxGetPortA
FaxGetPortExA
FaxGetPortExW
FaxGetPortW
FaxGetQueueStates
FaxGetReceiptsConfigurationA
FaxGetReceiptsConfigurationW
FaxGetReceiptsOptions
FaxGetRecipientInfoA
FaxGetRecipientInfoW
FaxGetReportedServerAPIVersion
FaxGetRoutingInfoA
FaxGetRoutingInfoW
FaxGetSecurity
FaxGetSecurityEx
FaxGetSenderInfoA
FaxGetSenderInfoW
FaxGetSenderInformation
FaxGetServerActivity
FaxGetServicePrintersA
FaxGetServicePrintersW
FaxGetVersion
FaxInitializeEventQueue
FaxOpenPort
FaxPrintCoverPageA
FaxPrintCoverPageW
FaxRefreshArchive
FaxRegisterForServerEvents
FaxRegisterRoutingExtensionW
FaxRegisterServiceProviderExA
FaxRegisterServiceProviderExW
FaxRegisterServiceProviderW
FaxRelease
FaxRemoveMessage
FaxRemoveOutboundGroupA
FaxRemoveOutboundGroupW
FaxRemoveOutboundRule
FaxSendDocumentA
FaxSendDocumentExA
FaxSendDocumentExW
FaxSendDocumentForBroadcastA
FaxSendDocumentForBroadcastW
FaxSendDocumentW
FaxSetActivityLoggingConfigurationA
FaxSetActivityLoggingConfigurationW
FaxSetArchiveConfigurationA
FaxSetArchiveConfigurationW
FaxSetConfigWizardUsed
FaxSetConfigurationA
FaxSetConfigurationW
FaxSetDeviceOrderInGroupA
FaxSetDeviceOrderInGroupW
FaxSetExtensionDataA
FaxSetExtensionDataW
FaxSetGlobalRoutingInfoA
FaxSetGlobalRoutingInfoW
FaxSetJobA
FaxSetJobW
FaxSetLoggingCategoriesA
FaxSetLoggingCategoriesW
FaxSetOutboundGroupA
FaxSetOutboundGroupW
FaxSetOutboundRuleA
FaxSetOutboundRuleW
FaxSetOutboxConfiguration
FaxSetPortA
FaxSetPortExA
FaxSetPortExW
FaxSetPortW
FaxSetQueue
FaxSetReceiptsConfigurationA
FaxSetReceiptsConfigurationW
FaxSetRoutingInfoA
FaxSetRoutingInfoW
FaxSetSecurity
FaxSetSenderInformation
FaxStartMessagesEnum
FaxStartPrintJob2W
FaxStartPrintJobA
FaxStartPrintJobW
FaxUnregisterForServerEvents
FaxUnregisterRoutingExtensionA
FaxUnregisterRoutingExtensionW
FaxUnregisterServiceProviderExA
FaxUnregisterServiceProviderExW
IsDeviceVirtual

Sections

.text
Size: 432KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ddaace477a870bfb8f07a092d1f81827

Headers

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

kernel32

shell32

advapi32

winspool.drv

gdi32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 432KB - Virtual size: 432KB

.data Size: 64KB - Virtual size: 64KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 432KB - Virtual size: 432KB

.data
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 6KB - Virtual size: 5KB