41df70a83fee68fa9b65c1f22f14da48_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41df70a83fee68fa9b65c1f22f14da48_JaffaCakes118
Size

192KB
MD5

41df70a83fee68fa9b65c1f22f14da48
SHA1

787f76d2f40a70cc97da5cf767ef4b2b2291a930
SHA256

7856de073efd2c2a4a09ffa64dad9dc13e270a4ba0ffc05d6d47fcb63f3edbc8
SHA512

7ef65e0484afacc346bc5adb5a98853a3d5bcc13e3c7f171eda79596df20dde544ebfa5235317a2863ec9f4caba5ce7b516efbf1ba4cc891f115b9cc1882fbd4
SSDEEP

6144:QwO2lsXw5cUjw6aTXA6rKZFBuWQoarmuX3s:dlcwaUjw6abA6+ZePo65M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41df70a83fee68fa9b65c1f22f14da48_JaffaCakes118

Files

41df70a83fee68fa9b65c1f22f14da48_JaffaCakes118
.dll windows:6 windows x86 arch:x86

aa2b2b84d8153352cd09024a5c73c760

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FXSUI.pdb

Imports

msvcrt

_vsnwprintf
wcsrchr
_strnicmp
memset
memcpy
??3@YAXPAX@Z
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_wcsicmp
_wcsnset
wcschr
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_XcptFilter
_errno
__CxxFrameHandler
??2@YAPAXI@Z

ntdll

RtlUnwind

shlwapi

PathUnExpandEnvStringsW

netapi32

NetShareAdd
NetApiBufferFree
NetShareDel

kernel32

CloseHandle
UnmapViewOfFile
DeleteFileW
CreateFileW
ReadFile
WriteFile
MapViewOfFile
CreateFileMappingW
SetEndOfFile
SetFilePointer
GetTempFileNameW
GetSystemDirectoryW
SetEnvironmentVariableW
GetEnvironmentVariableW
CopyFileW
SetEvent
OpenEventW
ReleaseMutex
OpenFileMappingW
WaitForSingleObject
OpenMutexW
HeapDestroy
HeapFree
HeapAlloc
LocalAlloc
LocalReAlloc
LocalFree
FreeLibrary
EnterCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GlobalFree
lstrcmpiW
GlobalAlloc
InterlockedExchange
RaiseException
Sleep
LeaveCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileType
FindClose
FindFirstFileW
SystemTimeToFileTime
ExpandEnvironmentStringsW
GetTempPathW
GetSystemTime
GetStringTypeExW
GetTimeFormatW
GetProcessHeap
GetVersionExW
GetDateFormatW
GetComputerNameW
CompareStringW
GetCurrentThread
OutputDebugStringW
MulDiv
GetLocalTime
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
LoadLibraryA
GetLastError
lstrlenW
GetFullPathNameW
GetExitCodeProcess
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
InterlockedCompareExchange
HeapCreate

advapi32

RegCreateKeyExW
LookupPrivilegeValueW
DuplicateTokenEx
AdjustTokenPrivileges
SetThreadToken
StartServiceW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
OpenThreadToken
OpenProcessToken
CloseServiceHandle
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
MapGenericMask
ConvertStringSecurityDescriptorToSecurityDescriptorW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegCloseKey
TraceMessage

user32

SetCursor
LoadCursorW
DialogBoxParamW
SetWindowLongW
SetActiveWindow
SetFocus
GetWindowTextW
CheckDlgButton
SendDlgItemMessageW
EnableWindow
GetDlgItem
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItemTextW
SendMessageW
GetParent
LoadStringW
IsWindowEnabled
GetFocus
TrackPopupMenu
GetMessagePos
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
DestroyMenu
GetSubMenu
LoadMenuW
SetDlgItemInt
ShowWindow
LoadIconW
GetWindowLongW
SetWindowTextW
GetDlgItemInt
GetDlgCtrlID
EndDialog
EnumChildWindows
MessageBeep
WinHelpW
SetForegroundWindow
FindWindowW
SetWindowPos
MessageBoxW
PostMessageW

winspool.drv

WritePrinter
AbortPrinter
EndDocPrinter
EndPagePrinter
StartPagePrinter
StartDocPrinterW
ClosePrinter
OpenPrinterW
EnumPrintersW
SetJobW
EnumFormsW
GetPrinterDataW
SetPrinterDataW
GetPrinterDriverW
GetJobW
GetPrinterW

ole32

CoUninitialize
CoInitialize

fxswzrd

FaxFreeSendWizardData
FaxSendWizard

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
ShellExecuteExW
SHFileOperationW
ShellExecuteW

Exports

Exports

DevQueryPrintEx
DrvAdvancedDocumentProperties
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentEvent
DrvDocumentProperties
DrvDocumentPropertySheets
DrvDriverEvent
DrvPrinterEvent
PrinterProperties

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa2b2b84d8153352cd09024a5c73c760

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

shlwapi

netapi32

kernel32

advapi32

user32

winspool.drv

ole32

fxswzrd

shell32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.data Size: 69KB - Virtual size: 71KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 108KB - Virtual size: 107KB

.data
Size: 69KB - Virtual size: 71KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB