65349409f42e7bd3c7b7a76dcf4ca321_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

65349409f42e7bd3c7b7a76dcf4ca321_JaffaCakes118
Size

232KB
MD5

65349409f42e7bd3c7b7a76dcf4ca321
SHA1

b0a8f907bcfe10b0c4244bbe5da5c3c49c5d3e32
SHA256

f79325c48bd2b0e3d470f606a3cc08174cd70214e4e34a6fec07fe3e18bed19e
SHA512

6d1661c8ea1c78509d557b9ff507784733172e624f3b209bd7448a44d82dc68ef7ddb1f6f0a54dd06f3241e159cd5b129b2b23459f51125c9d55361f9b0cd4a1
SSDEEP

6144:FmKeI0rbg+7+Q8GxQlh5O3Kglx7eEkvuHXZ7X+GMo:FmTHbgA+DlhoKglRjkaXZ77t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65349409f42e7bd3c7b7a76dcf4ca321_JaffaCakes118

Files

65349409f42e7bd3c7b7a76dcf4ca321_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0be877a73c4aeb0e64d09331df645469

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ztag

ZTagUpdateBlock
ZTagGetUINT
ZTagGetElementPtr
ZTagCreateBlock
ZTagGetElement
ZTagAddElement
ZTagCloseBlock

kernel32

GetSystemTimeAsFileTime
TlsFree
TlsAlloc
GetCurrentProcessId
GlobalAlloc
GlobalFree
CreateFileA
GetTempFileNameA
GetTempPathA
WriteFile
DeleteFileA
CloseHandle
SetFilePointer
TlsSetValue
TlsGetValue
GlobalMemoryStatus
GetFileInformationByHandle
Sleep
LoadLibraryExA
lstrcpyA
LoadLibraryA
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
FreeLibrary
ReadFile
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetSystemInfo
GetLocaleInfoA
GetStringTypeW
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
QueryPerformanceCounter
GetTickCount
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSection
RtlUnwind
VirtualQuery
GetCPInfo
GetACP
GetOEMCP
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA

user32

wsprintfA

winspool.drv

GetPrinterDataA
GetPrinterDriverDirectoryA

Exports

Exports

DrvSplAbort
DrvSplClose
DrvSplEndDoc
DrvSplEndPage
DrvSplStartDoc
DrvSplStartPage
DrvSplWritePrinter
ImfGetLastError
ImfPlayJob
ImfPrintJob

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0be877a73c4aeb0e64d09331df645469

Headers

File Characteristics

Imports

ztag

kernel32

user32

winspool.drv

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 176KB - Virtual size: 177KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 176KB - Virtual size: 177KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB