1ad2c7347b8b4bdbe027a3009b92f65b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1ad2c7347b8b4bdbe027a3009b92f65b_JaffaCakes118
Size

152KB
MD5

1ad2c7347b8b4bdbe027a3009b92f65b
SHA1

560c7402d4fd76a3a899160804ca90f147a80cd0
SHA256

a174d6b82f009fe8faaa44ef4780436d5dc92a73803ed144ea83c77e7ea8c7f8
SHA512

4a89e7e88511b6fec3fbf8de96de2fa9aa0b2da11d46da32dc4d4a39e7800e61670f7ff9b9689f62b9ce939e0f481139c61aec5bb8d0ac496a1672e0a65360df
SSDEEP

3072:D4c9KCX9SD86dRCFMbtJxczDQmMp6Pe4Pr/nFcSjdq:Mc9KCo863CKxcoT6jnFlj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ad2c7347b8b4bdbe027a3009b92f65b_JaffaCakes118

Files

1ad2c7347b8b4bdbe027a3009b92f65b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

669118ff8f2d9034b9037c19c5dbade4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files\yvixi\Suzy\Kyly\Quno.pdb

Imports

user32

DefWindowProcA
SetParent
EndDeferWindowPos
ExitWindowsEx
IntersectRect
GetClassNameA
IsWindowEnabled
DispatchMessageA
DrawIcon
LoadImageA
CheckMenuRadioItem
AppendMenuA
GetFocus
GetCursorPos
GetMessageA
GetClassInfoExA
EnumWindows
CallNextHookEx
GetWindowLongA
DrawTextA
InflateRect
ReleaseDC
SetFocus
RegisterClassExA
GetKeyNameTextA
GetWindowTextLengthA
CallWindowProcA

winspool.drv

SetFormA
ScheduleJob
ResetPrinterA
OpenPrinterA
GetPrinterA
GetPrinterDriverA
GetPrinterDriverDirectoryA
GetPrinterDataA
GetPrinterDataExA
GetPrintProcessorDirectoryA
GetJobA
EnumPrinterDriversA
EnumPrinterDataA
EnumPrinterDataExA

mprapi

MprAdminInterfaceTransportAdd
MprInfoCreate
MprInfoBlockSet
MprInfoBlockRemove
MprInfoBlockFind
MprAdminPortGetInfo
MprAdminPortEnum
MprAdminPortDisconnect
MprAdminInterfaceConnect
MprAdminInterfaceDeviceGetInfo
MprAdminInterfaceGetCredentialsEx
MprAdminInterfaceSetCredentials
MprInfoBlockQuerySize
MprAdminInterfaceTransportGetInfo
MprAdminMIBEntryCreate
MprAdminMIBEntryDelete
MprAdminMIBEntryGet
MprAdminPortClearStats

odbc32

ord26
ord24
ord72
ord154
ord58
ord59
ord28

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetConsoleCtrlHandler
SetEndOfFile
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
VirtualQuery
InterlockedExchange
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
CreateFileA
FlushFileBuffers
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
HeapSize
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
HeapCreate
HeapDestroy
SetFilePointer
VirtualFree
ReadFile
CloseHandle
GetLastError
GetVersionExA
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
ExitProcess
VerLanguageNameA
WriteConsoleW
TlsAlloc
RemoveDirectoryA

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

669118ff8f2d9034b9037c19c5dbade4

Headers

File Characteristics

PDB Paths

Imports

user32

winspool.drv

mprapi

odbc32

kernel32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 56KB - Virtual size: 517KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 56KB - Virtual size: 517KB

.reloc
Size: 8KB - Virtual size: 4KB