029dc8adde9648317b5a089b8f067a60_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

029dc8adde9648317b5a089b8f067a60_JaffaCakes118
Size

128KB
MD5

029dc8adde9648317b5a089b8f067a60
SHA1

59159d427ff4a34cf828a6396e2b8cd54dc58c62
SHA256

3ac71303d44b8a3cfc37945ace09c63a33fbc6ce65597fe11867861abc6e971c
SHA512

8061d923bffeee8c9b4dc4f04aec867eb4bb5e9a9d4cedab50de618d52108942b3d06083c6e915e5487a1512a1cde68177097bb73147e8b62a19c791fb046908
SSDEEP

1536:6tDxCxwqNqIlAscy1Sizc9Mw98dE3BzveAY+/7Le:6DxCusJAq1tQ9Mu8dE3FveAtu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
029dc8adde9648317b5a089b8f067a60_JaffaCakes118

Files

029dc8adde9648317b5a089b8f067a60_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a21c65c273dd097b57f48b5ac0dce620

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Incorporate\SM\The.pdb

Imports

kernel32

EncodePointer
MultiByteToWideChar
VirtualAlloc
WaitForSingleObject
lstrlenW
RaiseException
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
GlobalUnlock
WideCharToMultiByte
LeaveCriticalSection
QueryPerformanceCounter
Sleep
VirtualFree
HeapAlloc
GetProcessHeap
HeapFree
GetLastError
CreateFileW
GlobalLock
GetExitCodeProcess
DeleteFileW
GetWindowsDirectoryW
GetComputerNameW
SetLastError
lstrcmpW
CompareStringW
lstrcmpiW
VirtualProtect
LocalFree
LocalAlloc
DisableThreadLibraryCalls
FlushInstructionCache
GlobalAlloc
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
DecodePointer
GetTempPathW
UnhandledExceptionFilter

user32

GetParent
RegisterClassW
GetDesktopWindow
GetForegroundWindow
GetLastActivePopup
InvalidateRect
SetWindowPos
DestroyWindow
PtInRect
ShowWindow
CallWindowProcW
LoadCursorW
wsprintfW
SetWindowLongW
IsWindow
OffsetRect
EqualRect
GetClassInfoW
IntersectRect
CreateWindowExW
GetClientRect
GetWindow
CopyRect
EndPaint

winspool.drv

GetPrinterW
GetPrinterDriverW
GetPrinterDataW
EnumJobsW
EnumPortsW
DeviceCapabilitiesW
ConfigurePortW
GetPrinterDataExW
XcvDataW
OpenPrinterW
ClosePrinter

advapi32

RegOpenKeyW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteExW

ole32

CreateOleAdviseHolder
CoTaskMemFree
StringFromCLSID
CoCreateGuid
OleRegEnumVerbs
OleRegGetMiscStatus

oleaut32

VarI2FromI8
VarI1FromI4

msvcrt

free
wcscspn
wcschr
wcsrchr
iswxdigit
iswalnum
realloc
memset
malloc

shlwapi

UrlHashA

wininet

InternetCloseHandle
InternetReadFile
InternetErrorDlg
HttpQueryInfoW
InternetCanonicalizeUrlW
InternetOpenW

Exports

Exports

NewerBeEndorsed
OfInformationTechnologiesTheIt
PlatformMechanismProcessVersionsEndorsed
PlatformWww
SMStandards
StandaloneMore
ThatPlatformIncluding
TheAreJava
UpdateAndOrClassesTo

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 12KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a21c65c273dd097b57f48b5ac0dce620

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

winspool.drv

advapi32

shell32

ole32

oleaut32

msvcrt

shlwapi

wininet

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.idata Size: 8KB - Virtual size: 4KB

.rdata Size: 28KB - Virtual size: 27KB

.xdata Size: 12KB - Virtual size: 278KB

.rsrc Size: 16KB - Virtual size: 13KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 35KB

.idata
Size: 8KB - Virtual size: 4KB

.rdata
Size: 28KB - Virtual size: 27KB

.xdata
Size: 12KB - Virtual size: 278KB

.rsrc
Size: 16KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 1KB