532b1bbec27eaaf58aa76779982d7d48_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

532b1bbec27eaaf58aa76779982d7d48_JaffaCakes118
Size

171KB
MD5

532b1bbec27eaaf58aa76779982d7d48
SHA1

eaf1bf0a7dfae578f5e621fe8d3db0fe2682725b
SHA256

73c9ec55b541701386215369d909a8547004f5292250329d0a770af5c9667a7f
SHA512

b54c52bf17cee01646b37bfb09ab0e6907a6176f439bbbb2c23779fc0316e975bbe6b90f452b435399e7becda31dc479b2a139245c434022413e4740ed65a6df
SSDEEP

3072:e9SixQas3yBH4z61h63hIapIqSp9TRtwvfz6AVBlcLq0uy7D:e9S/aDJJ1h6ymqwhBIq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
532b1bbec27eaaf58aa76779982d7d48_JaffaCakes118

Files

532b1bbec27eaaf58aa76779982d7d48_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

c5a5ba529e129aa5916f92d5b28c9e5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

prntvpt.pdb

Imports

msvcrt

free
_except_handler3
_vsnwprintf
??3@YAXPAX@Z
realloc
??2@YAPAXI@Z
wcslen
_onexit
__dllonexit
_adjust_fdiv
_initterm
wcscpy
memset
malloc
_snprintf
wcscmp
memcmp
_CxxThrowException
wcsncpy
wcschr
_wtoi
wcsncmp
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_wcsicmp

advapi32

RevertToSelf
SetThreadToken
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
OpenThreadToken

kernel32

GetCurrentThread
GetSystemInfo
CreateFileMappingA
VirtualAlloc
GetSystemDirectoryW
GetVersion
IsBadReadPtr
MapViewOfFile
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
lstrcpynW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
GetProcAddress
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
GetModuleHandleW
LocalFree
LocalAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
GetProcessHeap
GetVersionExA
lstrlenA
GetModuleFileNameA
CloseHandle
UnmapViewOfFile

ole32

CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemAlloc

oleaut32

VarUI4FromStr
SysAllocString
SysStringLen
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
SysFreeString
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree

rpcrt4

CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
CStdStubBuffer_DebugServerQueryInterface
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy

user32

CharNextW
LoadStringW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winspool.drv

GetPrinterW
ClosePrinter
IsValidDevmodeW
DeviceCapabilitiesW
DocumentPropertiesW
GetPrinterDriverW
OpenPrinterW

gdi32

GetDeviceCaps
DeleteDC
CreateICW

Exports

Exports

BindPTProviderThunk
ConvertDevModeToPrintTicketThunk
ConvertDevModeToPrintTicketThunk2
ConvertPrintTicketToDevModeThunk
ConvertPrintTicketToDevModeThunk2
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetDeviceDefaultPrintTicketThunk
GetDeviceNamespacesThunk
GetPrintCapabilitiesThunk
GetPrintCapabilitiesThunk2
GetSchemaVersionThunk
MergeAndValidatePrintTicketThunk
MergeAndValidatePrintTicketThunk2
PTCloseProvider
PTConvertDevModeToPrintTicket
PTConvertPrintTicketToDevMode
PTGetPrintCapabilities
PTMergeAndValidatePrintTicket
PTOpenProvider
PTOpenProviderEx
PTQuerySchemaVersionSupport
PTReleaseMemory
UnbindPTProviderThunk

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5a5ba529e129aa5916f92d5b28c9e5b

Headers

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ole32

oleaut32

rpcrt4

user32

version

winspool.drv

gdi32

Exports

Exports

Sections

.text Size: 99KB - Virtual size: 99KB

.orpc Size: 512B - Virtual size: 51B

.data Size: 62KB - Virtual size: 62KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 99KB - Virtual size: 99KB

.orpc
Size: 512B - Virtual size: 51B

.data
Size: 62KB - Virtual size: 62KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB