3f20f5cda9a0ef9df0e0740fe4f6a883_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f20f5cda9a0ef9df0e0740fe4f6a883_JaffaCakes118
Size

721KB
MD5

3f20f5cda9a0ef9df0e0740fe4f6a883
SHA1

980155a237aba6cd518e8c2eca5c3c4f9f39829a
SHA256

98a038e7adcd902aa7038267f7ec6c343cad3909b79084d7e9472a37045568d6
SHA512

e8822c9d56797171ebfc2705129922306d5a9bfb450ac700f78086cfffbad157db2306a29f761c40f7f051dd0625512bd575a2ed457a5aa39cd1273c28989386
SSDEEP

12288:iQShREiX9pU+TGMFG/PFN1dPRbMzJ0IpXPa3UXc2ZkdXQGG/N+bgo2Hx8OcFgfrv:iQ/iX9pUGB8lNzkJ0Icecx2haSjqcQ/i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f20f5cda9a0ef9df0e0740fe4f6a883_JaffaCakes118

Files

3f20f5cda9a0ef9df0e0740fe4f6a883_JaffaCakes118
.dll windows:5 windows x86 arch:x86

db07567e3922c573d67249f83551a0c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\word\二维码打印程序源代码\AsHSEncode\Debug\AsHSEncode.pdb

Imports

kernel32

GetTempPathA
GetTempFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
DeleteFileA
MulDiv
LoadLibraryA
GetWindowsDirectoryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
Sleep
InterlockedIncrement
InterlockedDecrement
ExitProcess
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
HeapValidate
IsBadReadPtr
GetLastError
CloseHandle
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
RaiseException
DebugBreak
MultiByteToWideChar
lstrlenA
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
FlushFileBuffers
FatalAppExitA
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
SetConsoleCtrlHandler
InterlockedExchange
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
GetProcessHeap
VirtualQuery
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTimeFormatA
GetDateFormatA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetEndOfFile
GetTimeZoneInformation

gdi32

CreatePen
SelectObject
MoveToEx
LineTo
DeleteObject
GetDeviceCaps
PatBlt
SetPixel
StartDocA
CreateBitmap
CreateDCA
EndDoc
EndPage
DeleteDC
StartPage

comdlg32

PrintDlgA

Exports

Exports

HS_CreateJPEGFile
HS_CreateJPEGHandle
HS_DrawHSCode
HS_DrawLine
HS_GetHSCodeVersion
HS_GetLastError
HS_PrintHSCode

Sections

.text
Size: 414KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 222KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db07567e3922c573d67249f83551a0c9

Headers

File Characteristics

PDB Paths

Imports

kernel32

gdi32

comdlg32

Exports

Exports

Sections

.text Size: 414KB - Virtual size: 414KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 222KB - Virtual size: 229KB

.rsrc Size: 512B - Virtual size: 504B

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 414KB - Virtual size: 414KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 222KB - Virtual size: 229KB

.rsrc
Size: 512B - Virtual size: 504B

.reloc
Size: 17KB - Virtual size: 17KB