0138d7c04a108ad858b653d9f39b3655_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0138d7c04a108ad858b653d9f39b3655_JaffaCakes118
Size

346KB
MD5

0138d7c04a108ad858b653d9f39b3655
SHA1

217fa9fdf039fb032947e35644c1bbad5341cfe7
SHA256

574aa4d7b68ac65af8410c5d2d383e80bb4cad9f1a5dbb5e5582e6ee38c9ad46
SHA512

d3b860eaf53498f2560ca279bb55af93015b2ab1f7e4bbfaa9ceb47d00ff711ffc8813ec2c6e917c12df0f57005fb8149dd5d1c9606a0571f5dba617531a3222
SSDEEP

6144:CxGMku94XCzTurXzURlbDC9K69u2m+SqOWcsQQKiY4leDDGoggH/VREG6j4Gm01Z:CxGCOXzURlbDC9K69u2m+SqOWcsQQKix

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0138d7c04a108ad858b653d9f39b3655_JaffaCakes118

Files

0138d7c04a108ad858b653d9f39b3655_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f6520473abe70b324eeba2513ee13592

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\coretech\source\kimi\amt\epic\public\libraries\windows\release\dynamic\core\atlas\adobe_epic.pdb

Imports

kernel32

ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
GetFullPathNameW
CreateFileW
GetFileAttributesW
HeapFree
HeapAlloc
RtlUnwind
RaiseException
GetCommandLineA
HeapSize
HeapReAlloc
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
Sleep
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetStdHandle
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryA
GetDriveTypeA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
InterlockedExchange
GetThreadLocale
GetVersion
InterlockedIncrement
GetCurrentProcessId
GetModuleHandleA
GlobalFlags
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetVersionExA
FormatMessageW
GetLastError
SetErrorMode
lstrlenW
GetCurrentThreadId
CloseHandle
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
FreeLibrary
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedDecrement
GetModuleFileNameW
SetLastError
GetModuleHandleW
WideCharToMultiByte
LoadLibraryW
GetProcAddress
GetLocalTime
GetProcessHeap
MultiByteToWideChar

advapi32

RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW

oleaut32

VariantClear
VariantChangeType
VariantInit

oleacc

LresultFromObject
CreateStdAccessibleObject

shlwapi

PathFindExtensionW
PathFindFileNameW

user32

DestroyMenu
PostQuitMessage
UnregisterClassA
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
IsWindowEnabled
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
LoadCursorW
GetWindowTextW
GetForegroundWindow
ReleaseDC
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
EnableWindow
SetForegroundWindow
GetClientRect
GetMenu
PostMessageW
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetSysColorBrush
GetWindowThreadProcessId
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
SetMenuItemBitmaps
GetDC
GetLastActivePopup
GrayStringW
UnhookWindowsHookEx
ValidateRect
PeekMessageW
GetKeyState
SendMessageW
DispatchMessageW
CallNextHookEx
SetWindowsHookExW
UnregisterClassW
GetSubMenu
GetMenuItemCount
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
RegisterClassW

gdi32

ScaleViewportExtEx
SetViewportExtEx
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
DeleteObject
SaveDC
RestoreDC
SetWindowExtEx
ScaleWindowExtEx
OffsetViewportOrgEx
DeleteDC
TextOutW
GetStockObject
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
RectVisible
PtVisible
SetMapMode
ExtTextOutW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

Exports

Exports

epicCheckComponentInit
epicExit
epicGetEpicVersion
epicGetGUID
epicGetPcdPayloadElement
epicGetPdsElement
epicGetTime
epicGetWriteEnableState
epicInit
epicInitLegacyLocal
epicLogLong
epicLogString
epicProductStartup
epicRemovePdsElement
epicRetrieveConfigurationItem
epicSetPdsElement
epicSetWriteEnableState
epicValidateFilePath

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f6520473abe70b324eeba2513ee13592

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

oleaut32

oleacc

shlwapi

user32

gdi32

winspool.drv

Exports

Exports

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 19KB - Virtual size: 18KB

.text Size: 136KB - Virtual size: 136KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 19KB - Virtual size: 18KB

.text
Size: 136KB - Virtual size: 136KB