107825b7bd56d3fd7ced2683a5f8b25f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

107825b7bd56d3fd7ced2683a5f8b25f_JaffaCakes118
Size

307KB
MD5

107825b7bd56d3fd7ced2683a5f8b25f
SHA1

48644ff0a43635b7a353baf9a37a5c818e7db3da
SHA256

b1da42e09f4e4e6219f0c4413fceeef373c6da58ad1c5acfd6d7ef8debbca389
SHA512

fd79adc95f4f62b790b4e14e7bf981dea34695ebfbc429ddceaa6129070de5cb265ee2c4cb58d542f8079dd55998d92c08d4a5804ce5bb3d58597bb1ccc6ac15
SSDEEP

6144:jxGMku94XCzTurXzURlbDC9K69u2m+SqOWcsQQKiY4leDDGoggH/VREG6j4Gm01D:jxGCOXzURlbDC9K69u2m+SqOWcsQQKiL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
107825b7bd56d3fd7ced2683a5f8b25f_JaffaCakes118

Files

107825b7bd56d3fd7ced2683a5f8b25f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f6520473abe70b324eeba2513ee13592

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\coretech\source\kimi\amt\epic\public\libraries\windows\release\dynamic\core\atlas\adobe_epic.pdb

Imports

kernel32

ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
GetFullPathNameW
CreateFileW
GetFileAttributesW
HeapFree
HeapAlloc
RtlUnwind
RaiseException
GetCommandLineA
HeapSize
HeapReAlloc
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
Sleep
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetStdHandle
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryA
GetDriveTypeA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
InterlockedExchange
GetThreadLocale
GetVersion
InterlockedIncrement
GetCurrentProcessId
GetModuleHandleA
GlobalFlags
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetVersionExA
FormatMessageW
GetLastError
SetErrorMode
lstrlenW
GetCurrentThreadId
CloseHandle
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
FreeLibrary
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedDecrement
GetModuleFileNameW
SetLastError
GetModuleHandleW
WideCharToMultiByte
LoadLibraryW
GetProcAddress
GetLocalTime
GetProcessHeap
MultiByteToWideChar

advapi32

RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW

oleaut32

VariantClear
VariantChangeType
VariantInit

oleacc

LresultFromObject
CreateStdAccessibleObject

shlwapi

PathFindExtensionW
PathFindFileNameW

user32

DestroyMenu
PostQuitMessage
UnregisterClassA
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
IsWindowEnabled
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
LoadCursorW
GetWindowTextW
GetForegroundWindow
ReleaseDC
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
EnableWindow
SetForegroundWindow
GetClientRect
GetMenu
PostMessageW
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetSysColorBrush
GetWindowThreadProcessId
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
SetMenuItemBitmaps
GetDC
GetLastActivePopup
GrayStringW
UnhookWindowsHookEx
ValidateRect
PeekMessageW
GetKeyState
SendMessageW
DispatchMessageW
CallNextHookEx
SetWindowsHookExW
UnregisterClassW
GetSubMenu
GetMenuItemCount
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
RegisterClassW

gdi32

ScaleViewportExtEx
SetViewportExtEx
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
DeleteObject
SaveDC
RestoreDC
SetWindowExtEx
ScaleWindowExtEx
OffsetViewportOrgEx
DeleteDC
TextOutW
GetStockObject
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
RectVisible
PtVisible
SetMapMode
ExtTextOutW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

Exports

Exports

epicCheckComponentInit
epicExit
epicGetEpicVersion
epicGetGUID
epicGetPcdPayloadElement
epicGetPdsElement
epicGetTime
epicGetWriteEnableState
epicInit
epicInitLegacyLocal
epicLogLong
epicLogString
epicProductStartup
epicRemovePdsElement
epicRetrieveConfigurationItem
epicSetPdsElement
epicSetWriteEnableState
epicValidateFilePath

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f6520473abe70b324eeba2513ee13592

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

oleaut32

oleacc

shlwapi

user32

gdi32

winspool.drv

Exports

Exports

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 19KB - Virtual size: 18KB

.text Size: 97KB - Virtual size: 100KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 19KB - Virtual size: 18KB

.text
Size: 97KB - Virtual size: 100KB