26a06e6edd997aef0f7872a3b33cf86b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26a06e6edd997aef0f7872a3b33cf86b_JaffaCakes118
Size

124KB
MD5

26a06e6edd997aef0f7872a3b33cf86b
SHA1

e0fb4b6b9b7ca6ee6e22f9f5073c27a49d184cc8
SHA256

562a967d2377430c2d1adb2ace1a0039ca76cd41e9b9b7f6c72c3e0e4f84d797
SHA512

8a985b7d88578982e0c52c1920e36edb41a52d19bb906865179277269d03b082ac386ba5fe8d1f1c35a22358993ffc06309d24bca71fd2963396394062d7114c
SSDEEP

1536:wSBwISSX3OI+3jmZbuPDbqJotSw4b4YIOd4NV9DcqcEb/QcVuRa:1Br3OI+yZuyJotFlOd4T9wqcEz5VuY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26a06e6edd997aef0f7872a3b33cf86b_JaffaCakes118

Files

26a06e6edd997aef0f7872a3b33cf86b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4e63e7d2409a1cd8483c2b151a9eed7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalHandle
GlobalUnlock
GlobalLock
_lopen
_lclose
_lread
GetLastError
GlobalAlloc
GlobalFree
FindResourceA
LoadResource
LockResource
FreeResource
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
DisableThreadLibraryCalls
WriteFile
HeapAlloc
VirtualAlloc
RtlUnwind

gdi32

SelectPalette
RealizePalette
CreatePalette
UnrealizeObject
CreateRectRgn
SelectObject
CreateSolidBrush
FillRgn
DeleteObject
StretchDIBits
FrameRgn
GetDeviceCaps

winspool.drv

ClosePrinter
StartDocPrinterA
StartPagePrinter
WritePrinter
EndPagePrinter
EndDocPrinter
OpenPrinterA
GetPrinterA
EnumPrintProcessorDatatypesA

wow32

WOWHandle32

Exports

Exports

ChangeJobDataType
DllInitialize
ManagePal
ManagePal16
PaintPrt
PaintPrt16
PaintPrtObjLst
WriteJobToFile

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e63e7d2409a1cd8483c2b151a9eed7b

Headers

File Characteristics

Imports

kernel32

gdi32

winspool.drv

wow32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 64KB - Virtual size: 63KB

.rsrc Size: 4KB - Virtual size: 920B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 64KB - Virtual size: 63KB

.rsrc
Size: 4KB - Virtual size: 920B

.reloc
Size: 4KB - Virtual size: 1KB