Overview

overview

6

Static

static

6

088caf4f00...18.exe

windows7-x64

3

088caf4f00...18.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...nz.dll

windows7-x64

3

$PLUGINSDI...nz.dll

windows10-2004-x64

3

bin/amxArgs.dll

windows7-x64

3

bin/amxArgs.dll

windows10-2004-x64

3

bin/amxDGram.dll

windows7-x64

3

bin/amxDGram.dll

windows10-2004-x64

3

bin/amxFile.dll

windows7-x64

3

bin/amxFile.dll

windows10-2004-x64

3

bin/amxFixed.dll

windows7-x64

3

bin/amxFixed.dll

windows10-2004-x64

3

bin/amxFloat.dll

windows7-x64

3

bin/amxFloat.dll

windows10-2004-x64

3

bin/amxProcess.dll

windows7-x64

3

bin/amxProcess.dll

windows10-2004-x64

3

bin/amxString.dll

windows7-x64

3

bin/amxString.dll

windows10-2004-x64

3

bin/amxTime.dll

windows7-x64

3

bin/amxTime.dll

windows10-2004-x64

3

bin/callout.dll

windows7-x64

3

bin/callout.dll

windows10-2004-x64

3

bin/grep.exe

windows7-x64

1

bin/grep.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    088caf4f006767760672e98ad1884b8f_JaffaCakes118

  • Size

    1.4MB

  • MD5

    088caf4f006767760672e98ad1884b8f

  • SHA1

    3620422c7b6e4a75838f2be638c54c2c8dabb10c

  • SHA256

    bde86deea0dafafb13076ac22e9b2353d8d0716821a492476e79b414c657120e

  • SHA512

    5c420df77c5bc6f51e0b021563424c31f6ea4e29ae8b0e3a6f3cda6da47cdf9e68981c37d316786bb73249c5720472bda5b72db217a894acc88c5fbe792341a6

  • SSDEEP

    24576:d1QL3PRw73ZNBj5CuwysXKRxgZoFnPQiMiOVSWC63Q1GDmhZxDQ9668t8pNl:Aw73ZXj8utW+gZ9U63QQDmhZxcAM

Score
6/10
pdfevasionlink

Malware Config

Signatures

  • Malformed or missing cross-reference table in PDF

    Malformed or missing cross-reference tables are often used to evade detection

    pdfevasion
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink
  • Unsigned PE 24 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 088caf4f006767760672e98ad1884b8f_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NSISdl.dll
    .dll windows:4 windows x86 arch:x86

    9cce555dd3ff1b6c7dc92d64c794c51a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/newadvsplash.dll
    .dll windows:4 windows x86 arch:x86

    eee37c14e102da3f62385f9796c701ce


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsisunz.dll
    .dll windows:4 windows x86 arch:x86

    0f92772da9c737d2bac38919e9863980


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/pawnsplash.gif
    .gif
  • bin/ANDANTE.FON
  • bin/amxArgs.dll
    .dll windows:1 windows x86 arch:x86

    81b7e969a8dd5bd2b6789e9317fe2ab5


    Headers

    Imports

    Exports

    Sections

  • bin/amxDGram.dll
    .dll windows:1 windows x86 arch:x86

    724b2c52cf0310ee0f73314cc28fc57c


    Headers

    Imports

    Exports

    Sections

  • bin/amxFile.dll
    .dll windows:1 windows x86 arch:x86

    30df7bf152fd030d2a87fda4721b78cd


    Headers

    Imports

    Exports

    Sections

  • bin/amxFixed.dll
    .dll windows:1 windows x86 arch:x86

    81b7e969a8dd5bd2b6789e9317fe2ab5


    Headers

    Imports

    Exports

    Sections

  • bin/amxFloat.dll
    .dll windows:1 windows x86 arch:x86

    35945a56af148f578386b5580e47ac2b


    Headers

    Imports

    Exports

    Sections

  • bin/amxProcess.dll
    .dll windows:1 windows x86 arch:x86

    e01c0674b780249135dd3691e1df56c9


    Headers

    Imports

    Exports

    Sections

  • bin/amxString.dll
    .dll windows:1 windows x86 arch:x86

    16945513c2f9cb23209b29c4bddbc11d


    Headers

    Imports

    Exports

    Sections

  • bin/amxTime.dll
    .dll windows:1 windows x86 arch:x86

    b78dc9c81e79ce1e1b544a7f306b613a


    Headers

    Imports

    Exports

    Sections

  • bin/callout.dll
    .dll windows:1 windows x86 arch:x86

    1403ae456a048189a53f210028c6c174


    Headers

    Imports

    Exports

    Sections

  • bin/grep.exe
    .exe windows:1 windows x86 arch:x86

    9a3fed7b271fbf14b1ee6c2eac44227c


    Headers

    Imports

    Sections

  • bin/grep.txt
  • bin/libpawnc.dll
    .dll windows:1 windows x86 arch:x86

    3a75107c4daca781a5ee1deae54f304e


    Headers

    Imports

    Exports

    Sections

  • bin/license.txt
  • bin/notice.txt
  • bin/pawn.ico
  • bin/pawncc.exe
    .exe windows:1 windows x86 arch:x86

    000364fcc656e2b5a39a685162a8ccfb


    Headers

    Imports

    Sections

  • bin/pawndbg.exe
    .exe windows:1 windows x86 arch:x86

    128cb67f444af95fd4285b5d88106c0a


    Headers

    Imports

    Exports

    Sections

  • bin/pawndbgc.exe
    .exe windows:1 windows x86 arch:x86

    e94d944268058a65368562f6478a2262


    Headers

    Imports

    Exports

    Sections

  • bin/pawndisasm.exe
    .exe windows:1 windows x86 arch:x86

    45df97d2a163eaae2b6bb76aa1468891


    Headers

    Imports

    Sections

  • bin/pawnrun.exe
    .exe windows:1 windows x86 arch:x86

    dbe9b78239a42ae8f03fdb81b6119320


    Headers

    Imports

    Exports

    Sections

  • bin/quincy.exe
    .exe windows:4 windows x86 arch:x86

    92685cb8260d815406f1c3302f0ecd3d


    Headers

    Imports

    Sections

  • bin/readme.txt
  • bin/scpack.exe
    .exe windows:1 windows x86 arch:x86

    908d6c607f0bf03a1cc0d9987d0ebd50


    Headers

    Imports

    Sections

  • doc/Pawn_Language_Guide.aux
  • doc/Pawn_Language_Guide.pdf
    .pdf
  • doc/Quincy_User_Guide.aux
  • doc/Quincy_User_Guide.pdf
    .pdf

    • http://compuphase.com

    • http://file.inc

    • http://www.alstevens.com/quincy.html.ThisdocumentassumesthatyoualreadyknowhowtorunWindowsanditsapplications.MuchoftheinformationpresentedherehasitsrootsinthemanualthatAlStevenswroteforQuincy.WhatDoestheNameQuincyMean?QuincyisnamedafterthatcatofAlStevens'daughterWendy.Asachildinthe1970s,WendywasafanoftheTVshows,TheOddCoupleandQuincy,bothofwhichstarredJackKlugman,whoplayedOscarMadisonandamedicalexaminernamedQuincyinthoseshows.WhenWendybroughthomeatinywhitekittenwithblueeyes,shedidn'tknowitssex.ChoosingfromJack,Oscar,andQuincy,shedecidedthatQuincywasthemostgender-unspeci

    • http://www.compuphase.com

  • doc/infotips.lst
  • examples/quincy/Getting started.tut
  • examples/quincy/Interfacing with networks or processes.tut
  • examples/quincy/Reverse-Polish Notation calulator.tut
  • examples/quincy/States and automatons.tut
  • examples/quincy/a peer-to-peer chat program.tut
  • examples/quincy/an interactive comment parser.tut
  • examples/quincy/calculating the day of the week.tut
  • examples/quincy/celsius to fahrenheit.tut
  • examples/quincy/desktop calculator.tut
  • examples/quincy/faculty numbers.tut
  • examples/quincy/fibonacci numbers.tut
  • examples/quincy/greatest common divisor.tut
  • examples/quincy/hello world.tut
  • examples/quincy/improved pedestrian crossing lights.tut
  • examples/quincy/julian day numbers and dates.tut
  • examples/quincy/message queue.tut
  • examples/quincy/obfuscating text.tut
  • examples/quincy/pedestrian crossing lights.tut
  • examples/quincy/samples.toc
  • examples/quincy/sets (intersection, union).tut
  • examples/quincy/sieve of eratosthenes.tut
  • examples/quincy/the towers of hanoi.tut
  • examples/quincy/word count.tut
  • history.txt
  • include/amxdll.inc
  • include/args.inc
  • include/console.inc
  • include/core.inc
  • include/datagram.inc
  • include/default.inc
  • include/file.inc
  • include/fixed.inc
  • include/float.inc
  • include/process.inc
  • include/rational.inc
  • include/string.inc
  • include/time.inc
  • license.txt
  • readme.txt
  • source/license.txt
  • source/notice.txt
  • source/readme.txt