ad4236f0f3cb6dc52c09499f5521fc4b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ad4236f0f3cb6dc52c09499f5521fc4b_JaffaCakes118
Size

190KB
MD5

ad4236f0f3cb6dc52c09499f5521fc4b
SHA1

adb8d8a0bda5f7599210955c0a99f600dda8fb2b
SHA256

b84138f8a03412ee68cfa69e6d0dce741d9713080c2046f20da68763401ce450
SHA512

83655be3193aee3d7a052b62968ed04281ab0c293106c4cdb694c3f9ca23d503b4e01ab56410e245ee830138c8579fa9d4b076883c2d789ffedb085e22c49abb
SSDEEP

3072:dFD3mRB2+KIe0778EO29Lxt0burzJs1xMr8BlKjT+U5sX2wDmdQydyvf8F:dFbmH2uRxsj1mylpT2wDmR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad4236f0f3cb6dc52c09499f5521fc4b_JaffaCakes118

Files

ad4236f0f3cb6dc52c09499f5521fc4b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e899f8ca6820cc4f9a65fa9570edf14d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

qdprint

QdProgress
QdCloseProgress
QdOpenProgress

sr32

SrAbort
SrStartPage
SrResetContext
PutSubObj
UnClipSubObj
SrGenCharFromBits
SrSendPage
SrPattBrushEx

sddm32

SDDMCheckEndPage
SDDMGetDDMInfo
SDDMCheckStartPage
SDDMOpenJob
SDDMCloseJob
SDDMImfExchangeInfo
SDDMPageMark
SDDMResetDC
SDDMReadProfile
SDDMLoadDriver
SDDMLoadThresholds
SDDMFreeThresholds

zspool

GetJobA
GetPrinterA
GetPrinterDriverA
ClosePrinter
OpenPrinterA

ztag32

ZTagGetElement
ZTagCloseBlock
ZTagOpenBlock

kernel32

HeapFree
GlobalFree
WideCharToMultiByte
GlobalAlloc
WriteFile
HeapAlloc
HeapReAlloc
GetModuleHandleA
GetVersionExA
HeapCreate
GetVersion
GetProcAddress
FreeLibrary
lstrcmpA
GetTempPathA
GetTempFileNameA
CreateFileA
HeapDestroy
LocalAlloc
GetCurrentProcessId
DisableThreadLibraryCalls
GetTickCount
CloseHandle
DeleteFileA

winspool.drv

OpenPrinterW

msvcrt40

wcslen
free
strncpy
_adjust_fdiv
_initterm
malloc
_strnicmp

Exports

Exports

ImfAbort
ImfEndDoc
ImfExchangeInfo
ImfSetFileInfo
ImfStartDoc
ImfWritePrinter

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 654B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e899f8ca6820cc4f9a65fa9570edf14d

Headers

File Characteristics

Imports

qdprint

sr32

sddm32

zspool

ztag32

kernel32

winspool.drv

msvcrt40

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 512B - Virtual size: 254B

.data Size: 1024B - Virtual size: 672B

.idata Size: 174KB - Virtual size: 173KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 654B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 512B - Virtual size: 254B

.data
Size: 1024B - Virtual size: 672B

.idata
Size: 174KB - Virtual size: 173KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 654B