2f6f2bdbe732e598d6c076c646b30c08_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f6f2bdbe732e598d6c076c646b30c08_JaffaCakes118
Size

12.1MB
MD5

2f6f2bdbe732e598d6c076c646b30c08
SHA1

1db77410890fb05846dfe43755be2a364b71b4fa
SHA256

f3c53b070421f48d3f20db0cd9ca073b3c9f21bcb785ba519e0c28fdf3de9d42
SHA512

546ff5a47135dbbda61d3a1128b743816e3492972e419619e003ea4571c8898503fd0682009e4199d95e19763a42dda0f5682240fd78b65459cd7472372c1f44
SSDEEP

196608:FzUr42gp+VTjXA3YhqO3uaStCjfh9N/LYVeGjUeIaf:RUrPNwoFVSwjfhDLYVeauaf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f6f2bdbe732e598d6c076c646b30c08_JaffaCakes118

Files

2f6f2bdbe732e598d6c076c646b30c08_JaffaCakes118
.dll windows:5 windows x86 arch:x86

da571c57a9f7e90e01ab1ad553556362

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetCurrentThreadId
Sleep
GetModuleFileNameA
CreateProcessA
GetFullPathNameA
DecodePointer
GetCommandLineA
GetModuleHandleW
HeapFree
HeapAlloc
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileExW
GetFileInformationByHandle
PeekNamedPipe
HeapReAlloc
MoveFileA
ExitThread
ResumeThread
CreateThread
GetSystemTimeAsFileTime
RtlUnwind
CreateFileA
GetDriveTypeA
FindFirstFileExA
WriteConsoleW
GetModuleFileNameW
DeleteFileA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RaiseException
TerminateProcess
CreateEventA
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
GetTickCount
GetCurrentProcessId
SetFilePointer
LoadLibraryW
LCMapStringW
GetFullPathNameW
GetCurrentDirectoryW
FlushFileBuffers
GetExitCodeProcess
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
GetStringTypeW
HeapSize
CompareStringW
SetEnvironmentVariableW
SetEnvironmentVariableA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
GlobalSize
CreateMutexA
ReleaseMutex
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
WaitForSingleObject
GetVersion
FindFirstFileW
FindNextFileW
FindClose
GetProfileStringW
WriteFile
ReadFile
GetTempPathW
GetTempFileNameW
CreateFileW
GetCurrentProcess
CreatePipe
DuplicateHandle
CloseHandle
GetStdHandle
CreateProcessW
GetLastError
lstrlenA
IsDBCSLeadByte
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTime
GetProcAddress
LoadLibraryA
FreeLibrary
UnhandledExceptionFilter
CreateDirectoryA

user32

wsprintfW
GetForegroundWindow
SetForegroundWindow
PostThreadMessageA
ReleaseDC
GetDC
CreateDialogParamA
DestroyWindow
GetDlgItem
SetWindowTextA
ShowWindow
SendDlgItemMessageA
EndDialog
PostMessageA
MessageBoxA
DialogBoxParamA
DispatchMessageA
TranslateMessage
PeekMessageA
IsDialogMessageA

gdi32

AbortDoc
ResetDCA
CreateDCA
StartDocA
SetAbortProc
DeleteObject
GetTextFaceA
SelectObject
CreateFontIndirectA
GetTextMetricsA
EndDoc
GetBitmapBits
TextOutA
SetBkMode
SetTextColor
PatBlt
SetMapMode
GetMapMode
CreateCompatibleDC
CreateBitmap
GetDeviceCaps
CreateICA
DeleteDC
StartPage
StretchDIBits
EndPage
GetTextExtentPointA
CreatePalette
SetDIBitsToDevice

winspool.drv

DocumentPropertiesA
DeviceCapabilitiesA
StartPagePrinter
EndPagePrinter
StartDocPrinterA
AbortPrinter
WritePrinter
EndDocPrinter
ClosePrinter
OpenPrinterW
EnumPrintersA

comdlg32

PrintDlgA

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

Exports

Exports

pcl2pdf_Close
pcl2pdf_Convert
pcl2pdf_Create
pcl2pdf_SetDPI
pcl2pdf_SetFiles
pcl2pdf_SetInfo
pcl2pdf_SetRotate
pcl2pdf_SetSecurity

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da571c57a9f7e90e01ab1ad553556362

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

ole32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 3.4MB - Virtual size: 3.4MB

.data Size: 5.9MB - Virtual size: 5.9MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 136KB - Virtual size: 135KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 5.9MB - Virtual size: 5.9MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 136KB - Virtual size: 135KB