3853126cf60eac34bae605c407cc5769_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3853126cf60eac34bae605c407cc5769_JaffaCakes118
Size

203KB
MD5

3853126cf60eac34bae605c407cc5769
SHA1

89c7b2cd1a3a086d6ec0227f1732a5d1c5d96548
SHA256

780ed81ff4412668f803890619622ada58cb3bacdcd50d89a35ec0a61e17e511
SHA512

e7a7f4ae30a5f1423427f4839073a3106f79ab6cf924cc12a2049aa795399097a9a82a1302181e3bf38558605ebcdf983ebf5fab27b8b081c3249fe12c68c133
SSDEEP

3072:WVmITQMy9sCNlSy665mfKRatE+/Y3NmBYKUhpS2G:Y69rSfKsu+g3NmJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3853126cf60eac34bae605c407cc5769_JaffaCakes118

Files

3853126cf60eac34bae605c407cc5769_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

44c0c229fd9346d93c7c440889615544

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\subversion\DComObj\src\Release\HPSysObj.pdb

Imports

rpcrt4

IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_AddRef

kernel32

GetModuleFileNameW
LocalFree
InterlockedIncrement
GetStartupInfoA
InterlockedDecrement
GetProcessHeap
lstrlenA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLastError
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
GetCommandLineA
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
HeapSize
ExitProcess
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetModuleHandleA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
VirtualAlloc
WriteFile

winspool.drv

ClosePrinter
GetPrinterW
OpenPrinterW
EnumPortsW

ole32

CoUninitialize
CoInitializeSecurity
CoCreateInstanceEx
CoInitialize
StringFromCLSID
CoTaskMemFree

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLibEx
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocString
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
VariantClear

advapi32

FreeSid
RegOpenKeyExW
RegCreateKeyExW
RegFlushKey
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
CheckTokenMembership
MakeSelfRelativeSD
SetSecurityDescriptorGroup
SetEntriesInAclW
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
MakeAbsoluteSD
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DriverEventDelete
DriverEventInit
FreeHPString
GetRemotePortInformation
GetRemotePortName

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44c0c229fd9346d93c7c440889615544

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

winspool.drv

ole32

oleaut32

advapi32

Exports

Exports

Sections

.text Size: 101KB - Virtual size: 101KB

.orpc Size: 512B - Virtual size: 190B

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 65KB - Virtual size: 70KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 101KB - Virtual size: 101KB

.orpc
Size: 512B - Virtual size: 190B

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 65KB - Virtual size: 70KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 10KB - Virtual size: 9KB