eb21479b09dc43d3944cc05855197ad0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eb21479b09dc43d3944cc05855197ad0_JaffaCakes118
Size

238KB
MD5

eb21479b09dc43d3944cc05855197ad0
SHA1

22ce15c820a7f5b359336b3e27c9237eaf961b47
SHA256

06fadfd8fbbcc3ed357335b3e2fe0788f0fe21b90ef4e8dd970fb782ed129a17
SHA512

dfc837c8b1852e00465c93be72d20ee978199504a2a58b63d1fbaf10e8eb84391090d3a9caf2d7e062256a8c840aa48457f64bede52a7fa0fac727a77e68dc29
SSDEEP

6144:i9MuyyWjkUSsnUscIf4kEqcm/Y/qILPxCdZ2:iu7jkUM/I4q5QS0pCP2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb21479b09dc43d3944cc05855197ad0_JaffaCakes118

Files

eb21479b09dc43d3944cc05855197ad0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d5f0b51175ec131f5ff77c9e7ebd8583

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mscms.pdb

Imports

advapi32

RegEnumValueW
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
RegCreateKeyW

kernel32

GetCurrentThreadId
GetSystemTimeAsFileTime
LeaveCriticalSection
GetTickCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
SetLastError
IsBadWritePtr
IsBadReadPtr
SetEndOfFile
SetFilePointer
CloseHandle
UnmapViewOfFile
GetLastError
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
GetFileAttributesW
lstrlenW
MultiByteToWideChar
GlobalLock
GlobalAlloc
GlobalReAlloc
GlobalUnlock
GlobalHandle
GlobalFree
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryW
QueryPerformanceCounter
EnterCriticalSection
GetCurrentProcessId
IsBadCodePtr
lstrcpyW
lstrcmpiW
lstrcatW
GetSystemDirectoryW
CopyFileW
CreateDirectoryW
DeleteFileW
GetModuleHandleW
lstrlenA
lstrcpyA
MulDiv
TerminateProcess

msvcrt

floor
wcscat
_ftol
wcscpy
_wcsdup
_CIpow
_initterm
malloc
_adjust_fdiv
wcslen
_wcsupr
wcsstr
wcsrchr
free

user32

CharPrevW
wsprintfA
CharNextW

winspool.drv

GetPrinterW
SetPrinterW
SetPrinterDataExW
GetPrinterDataExW
ClosePrinter
OpenPrinterW
GetPrinterDriverDirectoryW

Exports

Exports

AssociateColorProfileWithDeviceA
AssociateColorProfileWithDeviceW
CheckBitmapBits
CheckColors
CloseColorProfile
ConvertColorNameToIndex
ConvertIndexToColorName
CreateColorTransformA
CreateColorTransformW
CreateDeviceLinkProfile
CreateMultiProfileTransform
CreateProfileFromLogColorSpaceA
CreateProfileFromLogColorSpaceW
DeleteColorTransform
DisassociateColorProfileFromDeviceA
DisassociateColorProfileFromDeviceW
EnumColorProfilesA
EnumColorProfilesW
GenerateCopyFilePaths
GetCMMInfo
GetColorDirectoryA
GetColorDirectoryW
GetColorProfileElement
GetColorProfileElementTag
GetColorProfileFromHandle
GetColorProfileHeader
GetCountColorProfileElements
GetNamedProfileInfo
GetPS2ColorRenderingDictionary
GetPS2ColorRenderingIntent
GetPS2ColorSpaceArray
GetStandardColorSpaceProfileA
GetStandardColorSpaceProfileW
InstallColorProfileA
InstallColorProfileW
InternalGetDeviceConfig
InternalGetPS2CSAFromLCS
InternalGetPS2ColorRenderingDictionary
InternalGetPS2ColorSpaceArray
InternalGetPS2PreviewCRD
InternalSetDeviceConfig
IsColorProfileTagPresent
IsColorProfileValid
OpenColorProfileA
OpenColorProfileW
RegisterCMMA
RegisterCMMW
SelectCMM
SetColorProfileElement
SetColorProfileElementReference
SetColorProfileElementSize
SetColorProfileHeader
SetStandardColorSpaceProfileA
SetStandardColorSpaceProfileW
SpoolerCopyFileEvent
TranslateBitmapBits
TranslateColors
UninstallColorProfileA
UninstallColorProfileW
UnregisterCMMA
UnregisterCMMW

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 165KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d5f0b51175ec131f5ff77c9e7ebd8583

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

user32

winspool.drv

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 64KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text Size: 165KB - Virtual size: 168KB

.text
Size: 64KB - Virtual size: 64KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 165KB - Virtual size: 168KB