339c07320c36ead3128390ea91bd5556_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

339c07320c36ead3128390ea91bd5556_JaffaCakes118
Size

288KB
MD5

339c07320c36ead3128390ea91bd5556
SHA1

c08baab9dffcf258cb76c4a543dcfd1bb48cbf19
SHA256

1bde36f993c5b3c1e329292287a3c43fd5152e8237c55265471124c375e54744
SHA512

2549db63b1750e56a16d72bdfc2f785f0a1bd614e0433ac3a928df864adf1048a44d79860bd1a4972cd201858ef4c6703ee5e353ab639f5e0146af920a790f7c
SSDEEP

6144:+vN8m8BwkFdU2Uvi0Rs811woKHtE4NU8vsI9SY2aBF0ZnfqKo2:+FKUb3woKNEZ8vQYbQqKl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
339c07320c36ead3128390ea91bd5556_JaffaCakes118

Files

339c07320c36ead3128390ea91bd5556_JaffaCakes118
.dll windows:6 windows x86 arch:x86

251eec65ac5ef07eb11743490d22b455

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e_dmai30.pdb

Imports

kernel32

GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
LoadLibraryA
InitializeCriticalSection
GetModuleHandleW
GetCPInfo
GetOEMCP
Sleep
VirtualAlloc
FreeEnvironmentStringsA
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
VirtualQuery
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapAlloc
HeapFree
GetPrivateProfileStringW
lstrlenA
CreateFileW
CloseHandle
ReadFile
SetFilePointer
RaiseException
GetCurrentThreadId
InterlockedDecrement
GetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
GetVersionExA
GetCommandLineA
DebugBreak
lstrcmpW
FreeLibrary
LoadLibraryW
GetProcAddress
GetACP
GlobalAlloc
GlobalFree
HeapReAlloc
SetLastError

gdi32

PATHOBJ_vGetBounds
XLATEOBJ_iXlate
EngCreatePalette
EngCreateDeviceSurface
EngAssociateSurface
STROBJ_vEnumStart
STROBJ_bEnum
FONTOBJ_cGetGlyphs
PATHOBJ_vEnumStart
PATHOBJ_bEnum
EngEraseSurface
EngStretchBlt
BRUSHOBJ_pvGetRbrush
EngStretchBltROP
CLIPOBJ_cEnumStart
CLIPOBJ_bEnum
XLATEOBJ_piVector
EngCreateBitmap
EngLockSurface
EngDeleteSurface
EngBitBlt
EngUnlockSurface
XFORMOBJ_iGetXform
EngDeletePath
CLIPOBJ_ppoGetPath
FONTOBJ_pifi
FONTOBJ_pxoGetXform
XFORMOBJ_bApplyXform
EngDeletePalette
BRUSHOBJ_pvAllocRbrush

winspool.drv

GetPrinterDriverW
GetPrinterW
WritePrinter

Exports

Exports

DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 179KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

251eec65ac5ef07eb11743490d22b455

Headers

File Characteristics

PDB Paths

Imports

kernel32

gdi32

winspool.drv

Exports

Exports

Sections

.text Size: 102KB - Virtual size: 101KB

.data Size: 179KB - Virtual size: 182KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 102KB - Virtual size: 101KB

.data
Size: 179KB - Virtual size: 182KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 5KB - Virtual size: 4KB