7684df0e4783e75f35f948666a0969ce_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7684df0e4783e75f35f948666a0969ce_JaffaCakes118
Size

12.1MB
MD5

7684df0e4783e75f35f948666a0969ce
SHA1

6fa07e2af6e82944f566763d9f4e1061b0a161c8
SHA256

c78bc02b23170973ba96378b52c7321545b20cc627de31cacae61fbf238d2ae1
SHA512

4dc84c05d765e6acbaec447e9ad1a19d92bc5b8027137208bb2d6cfc1c6ba708404f03e02726bbec08fdfed24bb0336894291cce61d2954fbbfb9324981df9b1
SSDEEP

196608:+zUr42gp+VXjXA3YhqO3uaStCjfh9N/LYVeGjUeIa/:+UrPN8oFVSwjfhDLYVeaua/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7684df0e4783e75f35f948666a0969ce_JaffaCakes118

Files

7684df0e4783e75f35f948666a0969ce_JaffaCakes118
.dll windows:5 windows x86 arch:x86

da571c57a9f7e90e01ab1ad553556362

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetCurrentThreadId
Sleep
GetModuleFileNameA
CreateProcessA
GetFullPathNameA
DecodePointer
GetCommandLineA
GetModuleHandleW
HeapFree
HeapAlloc
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileExW
GetFileInformationByHandle
PeekNamedPipe
HeapReAlloc
MoveFileA
ExitThread
ResumeThread
CreateThread
GetSystemTimeAsFileTime
RtlUnwind
CreateFileA
GetDriveTypeA
FindFirstFileExA
WriteConsoleW
GetModuleFileNameW
DeleteFileA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RaiseException
TerminateProcess
CreateEventA
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
GetTickCount
GetCurrentProcessId
SetFilePointer
LoadLibraryW
LCMapStringW
GetFullPathNameW
GetCurrentDirectoryW
FlushFileBuffers
GetExitCodeProcess
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
GetStringTypeW
HeapSize
CompareStringW
SetEnvironmentVariableW
SetEnvironmentVariableA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
GlobalSize
CreateMutexA
ReleaseMutex
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
WaitForSingleObject
GetVersion
FindFirstFileW
FindNextFileW
FindClose
GetProfileStringW
WriteFile
ReadFile
GetTempPathW
GetTempFileNameW
CreateFileW
GetCurrentProcess
CreatePipe
DuplicateHandle
CloseHandle
GetStdHandle
CreateProcessW
GetLastError
lstrlenA
IsDBCSLeadByte
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTime
GetProcAddress
LoadLibraryA
FreeLibrary
UnhandledExceptionFilter
CreateDirectoryA

user32

wsprintfW
GetForegroundWindow
SetForegroundWindow
PostThreadMessageA
ReleaseDC
GetDC
CreateDialogParamA
DestroyWindow
GetDlgItem
SetWindowTextA
ShowWindow
SendDlgItemMessageA
EndDialog
PostMessageA
MessageBoxA
DialogBoxParamA
DispatchMessageA
TranslateMessage
PeekMessageA
IsDialogMessageA

gdi32

AbortDoc
ResetDCA
CreateDCA
StartDocA
SetAbortProc
DeleteObject
GetTextFaceA
SelectObject
CreateFontIndirectA
GetTextMetricsA
EndDoc
GetBitmapBits
TextOutA
SetBkMode
SetTextColor
PatBlt
SetMapMode
GetMapMode
CreateCompatibleDC
CreateBitmap
GetDeviceCaps
CreateICA
DeleteDC
StartPage
StretchDIBits
EndPage
GetTextExtentPointA
CreatePalette
SetDIBitsToDevice

winspool.drv

DocumentPropertiesA
DeviceCapabilitiesA
StartPagePrinter
EndPagePrinter
StartDocPrinterA
AbortPrinter
WritePrinter
EndDocPrinter
ClosePrinter
OpenPrinterW
EnumPrintersA

comdlg32

PrintDlgA

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

Exports

Exports

pcl2pdf_Close
pcl2pdf_Convert
pcl2pdf_Create
pcl2pdf_SetDPI
pcl2pdf_SetFiles
pcl2pdf_SetInfo
pcl2pdf_SetRotate
pcl2pdf_SetSecurity

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da571c57a9f7e90e01ab1ad553556362

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

ole32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 3.4MB - Virtual size: 3.4MB

.data Size: 5.9MB - Virtual size: 5.9MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 136KB - Virtual size: 135KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 5.9MB - Virtual size: 5.9MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 136KB - Virtual size: 135KB