dbab331951fbab3d33f4e67e8f3d8a56_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dbab331951fbab3d33f4e67e8f3d8a56_JaffaCakes118
Size

221KB
MD5

dbab331951fbab3d33f4e67e8f3d8a56
SHA1

5c235654ee4c98e8a54af5f5d8251c159b092ef7
SHA256

c34305b2c396e83f38e4cb059b791f42a30fc571766f4068d9b31538f38713ab
SHA512

6523fd892ba4d811819969bc246185fd1ccc9abccd94d97edcd079848739df9acc80f607540c56508f935eec1de14ce2e55b616587d0143b9ebcb07387911051
SSDEEP

6144:gwHNR0J683JSa/+2FtCg/aaPxd/8atYl7mzbzokZHZu:ntR7SJSa/lZC+del7GbzosHQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbab331951fbab3d33f4e67e8f3d8a56_JaffaCakes118

Files

dbab331951fbab3d33f4e67e8f3d8a56_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a5ed81dd80320dae04dd4d932ee89db8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalUnlock
GetProcAddress
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LoadLibraryA
GetVersion
GlobalLock
DeleteCriticalSection
GetEnvironmentStringsW
HeapDestroy
GetEnvironmentStrings
GetCommandLineA
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetSystemDirectoryA
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetLocaleInfoW
CloseHandle
FlushFileBuffers
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
VirtualAlloc
GetStringTypeW
GetLocaleInfoA
SetStdHandle
SetFilePointer
InterlockedDecrement
InterlockedIncrement
LCMapStringA
LCMapStringW
GetStringTypeA

gdi32

CreateDCA
ResetDCA
DeleteDC

winspool.drv

GetPrinterDriverA
DocumentPropertiesW
DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

PrintDlgA

Exports

Exports

EPDM_Close
EPDM_CreateDC
EPDM_DeleteDC
EPDM_GetCommandLevel
EPDM_GetData
EPDM_GetDevMode
EPDM_GetDriverInfo
EPDM_GetRange
EPDM_Open
EPDM_ResetDC
EPDM_SetData
EPDM_UpdateDevMode

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5ed81dd80320dae04dd4d932ee89db8

Headers

File Characteristics

Imports

kernel32

gdi32

winspool.drv

comdlg32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 14KB - Virtual size: 18KB

.idata Size: 170KB - Virtual size: 169KB

.rsrc Size: 1024B - Virtual size: 800B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 14KB - Virtual size: 18KB

.idata
Size: 170KB - Virtual size: 169KB

.rsrc
Size: 1024B - Virtual size: 800B

.reloc
Size: 3KB - Virtual size: 3KB