5eef1053a3ea7bd64161c6195ae58623_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5eef1053a3ea7bd64161c6195ae58623_JaffaCakes118
Size

4.1MB
MD5

5eef1053a3ea7bd64161c6195ae58623
SHA1

57b7397a66f6ae5e8e3201ef5c49bad616989f6a
SHA256

aaec59944e1e545bf559c7c0b5553fe32a126779e13f5b373da164b1fceb5c97
SHA512

ea3dd55174718fde7c6d14ebe5f9b5375fd175405019387022d0c8d27e82b144cbd4afae8059f8a2812669ddd383ff6a68c2ca09c2934baaaa1db13b02f9be62
SSDEEP

98304:OT/i6HXmZGC5Fc3q0xEyJBaCGrDjI4wdO9TNWNhIMcbqc9zORt1KrmhzVG:MfXIpMbGyJBQHjDTNCmBza1lzk

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/pdf2any.dll	aspack_v212_v242

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/pdf2any.dll
unpack001/pdf2anyimg.dll
unpack001/pdf2anyprm.dll
unpack001/pdf2anysu.dll
unpack001/pdftoany.exe

Files

5eef1053a3ea7bd64161c6195ae58623_JaffaCakes118
.zip
help/css/style.css
help/index.html
.html
help/installation.html
.html
help/introduction.html
.html
help/left.html
.html
help/license.html
.html
help/registration.html
.html
help/requirements.html
.html
help/using.html
.html
pdf2any.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_ClosePDF@8
_GetOpt@28
_OpenPDF@12
_Print@12
_SaveAs@16
_SetOpt@28

Sections

Size: 604KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 99KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 65KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 38KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 103KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pdf2anyimg.dll
.dll windows:4 windows x86 arch:x86

48215c4dfcf643cac0105f1f8c28f75d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
HeapFree
HeapAlloc
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCommandLineA
GetVersion
RaiseException
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetSystemTime
GetCPInfo
GetACP
GetOEMCP
GetDriveTypeA
GetModuleHandleA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapDestroy
GetLastError
VirtualFree
ExitProcess
VirtualAlloc
IsBadWritePtr
CloseHandle
WriteFile
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
FlushFileBuffers
TerminateProcess
GetCurrentProcess
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
SetEndOfFile
GetFileAttributesA
GetFullPathNameA
LoadLibraryA
GetProcAddress
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalFree
GlobalAlloc
GetCurrentProcessId
GetCurrentDirectoryA
GetModuleFileNameA
GetLocalTime
CreateDirectoryA
GetTempPathA
GetTickCount
HeapCreate
DeleteFileA
HeapSize

user32

GetDC
ReleaseDC
DrawTextA
GetSysColor

gdi32

CreatePalette
SelectPalette
GetEnhMetaFilePaletteEntries
GetStockObject
ExtTextOutA
SetWinMetaFileBits
PlayEnhMetaFile
DeleteObject
SetBkMode
SetBkColor
SetTextColor
SelectObject
CreateFontIndirectA
GetDeviceCaps
DeleteEnhMetaFile
CloseEnhMetaFile
Rectangle
CreateSolidBrush
CreatePen
CreateEnhMetaFileA
DeleteMetaFile
CloseMetaFile
CreateMetaFileA
StretchDIBits
CreateCompatibleBitmap
SetStretchBltMode
GetObjectA
RealizePalette
GetDIBits
CreateCompatibleDC
CreateDIBSection
DeleteDC
EnumFontsA
SetEnhMetaFileBits
GetEnhMetaFileHeader

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 324KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pdf2anyprm.dll
.dll windows:4 windows x86 arch:x86

edf5cbec9f33feb435d3d3960735bc04

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
GetCurrentDirectoryA
GetFullPathNameA
CloseHandle
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetFileAttributesA
FindFirstFileA
FindClose
FindNextFileA
GetSystemTime
RtlUnwind
GetLastError
MoveFileA
IsBadWritePtr
IsBadReadPtr
HeapValidate
ExitProcess
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetLocalTime
CreateDirectoryA
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
DebugBreak
GetStdHandle
WriteFile
OutputDebugStringA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
FatalAppExitA
HeapAlloc
HeapReAlloc
HeapFree
VirtualFree
VirtualAlloc
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
WideCharToMultiByte
SetHandleCount
GetFileType
GetStartupInfoA
Sleep
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
ReadFile
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadCodePtr
UnhandledExceptionFilter
SetConsoleCtrlHandler
GetCPInfo
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
CreateFileA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
SetEndOfFile
GetLocaleInfoW

Sections

.text
Size: 764KB - Virtual size: 763KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pdf2anysu.dll
.dll windows:4 windows x86 arch:x86

dd7d5db4eb10aa6f71b4518807233c7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
SizeofResource
LoadResource
FindResourceA
DeleteFileA
lstrcatA
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetLastError
CloseHandle
WriteFile
InitializeCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
FlushFileBuffers
SetFilePointer
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
ReadFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

winspool.drv

AddPrinterDriverExA
AddPrinterA
ClosePrinter
GetPrinterDriverDirectoryA

Exports

Exports

_p2a_su@20

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pdftoany.exe
.exe windows:4 windows x86 arch:x86

e057be76c645446ae778f8f1720ab5d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
FindFirstFileA
SetEndOfFile
FindNextFileA
FindClose
LoadLibraryA
GetProcAddress
GetModuleFileNameA
FreeLibrary
SetFilePointer
CreateFileA
RtlUnwind
GetLastError
GetFullPathNameA
SetEnvironmentVariableA
SetCurrentDirectoryA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RaiseException
HeapReAlloc
HeapAlloc
TerminateProcess
GetCurrentProcess
HeapSize
GetCPInfo
GetACP
GetOEMCP
CloseHandle
GetDriveTypeA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
ReadFile

user32

MessageBoxA

advapi32

RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegCreateKeyA

shell32

ShellExecuteA

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 604KB - Virtual size: 1.4MB

Size: 99KB - Virtual size: 240KB

Size: 65KB - Virtual size: 232KB

Size: 38KB - Virtual size: 80KB

Size: 4KB - Virtual size: 4KB

.data Size: 103KB - Virtual size: 104KB

.adata Size: - Virtual size: 4KB

48215c4dfcf643cac0105f1f8c28f75d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 228KB - Virtual size: 225KB

.data Size: 324KB - Virtual size: 354KB

.reloc Size: 296KB - Virtual size: 292KB

edf5cbec9f33feb435d3d3960735bc04

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 764KB - Virtual size: 763KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 44KB - Virtual size: 49KB

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 20KB - Virtual size: 16KB

dd7d5db4eb10aa6f71b4518807233c7b

Headers

File Characteristics

Imports

kernel32

winspool.drv

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 17KB

.rsrc Size: 3.6MB - Virtual size: 3.6MB

.reloc Size: 16KB - Virtual size: 12KB

e057be76c645446ae778f8f1720ab5d0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 16KB

.data
Size: 103KB - Virtual size: 104KB

.adata
Size: - Virtual size: 4KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 228KB - Virtual size: 225KB

.data
Size: 324KB - Virtual size: 354KB

.reloc
Size: 296KB - Virtual size: 292KB

.text
Size: 764KB - Virtual size: 763KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 44KB - Virtual size: 49KB

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 20KB - Virtual size: 16KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 17KB

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

.reloc
Size: 16KB - Virtual size: 12KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 16KB