25deb66fdfc3a78ae379fc08976b09dc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25deb66fdfc3a78ae379fc08976b09dc_JaffaCakes118
Size

344KB
MD5

25deb66fdfc3a78ae379fc08976b09dc
SHA1

c27f0d3e84f33cba6142c277152f2c2073e72cb2
SHA256

8e34ecd53fccd374bafdbe99598fc757b00a381fb601781f123f2b13ebf010b5
SHA512

6ff04f769c4870450fdd66d195f97ca1a0dc55d31e0430940013fe8a0803b45652c85bdd5cb0d88867cea151ccb71cdd5364d62c120a5bed2042986adef564b0
SSDEEP

6144:lVw/cKqlOWTYA12D8vo2qx9gN/hj+75cLp:lJcSm2hlhj+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25deb66fdfc3a78ae379fc08976b09dc_JaffaCakes118

Files

25deb66fdfc3a78ae379fc08976b09dc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

30b0149aa47601665bdd8842ccf100fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work_cruisecontrol\checkout\Evo-5.0\evo-driver\src\DriverBuilds\CommonFiles\i386\Release\hpmml091.pdb

Imports

wininet

InternetCrackUrlW

msimg32

GradientFill

kernel32

DisableThreadLibraryCalls
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
InterlockedDecrement
ExitProcess
HeapSize
Sleep
LCMapStringW
WideCharToMultiByte
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
InterlockedIncrement
LoadLibraryW
GetProcAddress
FreeLibrary
CreateFileW
GetFileSize
GlobalAlloc
ReadFile
MultiByteToWideChar
GlobalFree
GetLastError
CloseHandle
FindResourceW
LoadResource
LockResource
SetLastError
GetUserDefaultLCID
SetEnvironmentVariableA
VirtualAlloc
CompareStringW
CompareStringA
GetTimeZoneInformation
GetLocaleInfoW
InitializeCriticalSection
GetModuleHandleA
HeapReAlloc
GetStringTypeA
WriteFile
LoadLibraryA
InterlockedExchange
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetDateFormatA
GetTimeFormatA
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetStringTypeW

user32

CopyRect
GetWindowTextW
DrawTextW
RedrawWindow
GetPropW
IsWindowVisible
GetWindow
LoadMenuW
GetSubMenu
TrackPopupMenu
SetDlgItemTextW
DialogBoxParamW
DestroyMenu
GetWindowRect
MapWindowPoints
ScreenToClient
BeginPaint
EndPaint
SendMessageW
SetWindowTextW
ShowWindow
SetTimer
KillTimer
GetWindowLongW
PostMessageW
GetDlgItem
EnableWindow
EndDialog
GetParent
GetClientRect
SetPropW
RemovePropW
LoadImageW
SetWindowPos
InvalidateRect

gdi32

RoundRect
SetTextColor
CreateBitmap
SetBkColor
BitBlt
MaskBlt
CreateCompatibleDC
GetMapMode
SetMapMode
StretchBlt
DeleteDC
CreateFontIndirectW
SetBkMode
GetStockObject
SelectObject
GetObjectW
DeleteObject
CreatePen

winspool.drv

ClosePrinter
OpenPrinterW
SetPrinterDataW
GetPrinterDriverDirectoryW
GetPrinterDataW

advapi32

RegOpenKeyW
RegCloseKey

ole32

OleSetContainedObject
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
StringFromIID
CoCreateInstance
OleInitialize

oleaut32

VariantClear
SysAllocString
VariantInit

Exports

Exports

BrowseForPrinter

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30b0149aa47601665bdd8842ccf100fc

Headers

File Characteristics

PDB Paths

Imports

wininet

msimg32

kernel32

user32

gdi32

winspool.drv

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 133KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 60KB - Virtual size: 59KB

.rsrc Size: 108KB - Virtual size: 104KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 136KB - Virtual size: 133KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 60KB - Virtual size: 59KB

.rsrc
Size: 108KB - Virtual size: 104KB

.reloc
Size: 8KB - Virtual size: 7KB