177b680098f710b81e6ef22bcae284b2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

177b680098f710b81e6ef22bcae284b2_JaffaCakes118
Size

257KB
MD5

177b680098f710b81e6ef22bcae284b2
SHA1

d10e2cde1d827aa504dc14ae5cf865e41c717d9f
SHA256

c323fff5e28cee8eac148ff4701d2559973322dd0036351ae4e1c71684238ce1
SHA512

3c73126fb498cd153448df1f283cae9d55a8389e124939db9e73c99fc9ab774d798d0112aec4a76b39679274197a98c9e8c5021844616041f219f63f38b3656b
SSDEEP

6144:gbhpUAw+p/eel5Et7xtSHBUpBrqa3baDwxF8DerEzgd11/nSvjN:ghpfw+4el5A7qHBOqa34wxyDe4i3/nS5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
177b680098f710b81e6ef22bcae284b2_JaffaCakes118

Files

177b680098f710b81e6ef22bcae284b2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d9913059f68294401f4613075f491442

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Ykafyfozu\Kabirudu\osuguhy\Giniqob\Sodidos\Kyxaqula.pdb

Imports

winspool.drv

DeletePrinterDataExA
DeletePrinterDataA
DeletePrinterDriverExA
DeletePrinterDriverA
DeletePrinterKeyA
EndDocPrinter
EndPagePrinter
EnumFormsA
EnumJobsA
EnumMonitorsA
EnumPortsA
EnumPrintProcessorDatatypesA
EnumPrintProcessorsA
EnumPrinterDataExA
EnumPrinterDataA
EnumPrinterDriversA
EnumPrinterKeyA
EnumPrintersA
FindClosePrinterChangeNotification
FlushPrinter
GetFormA
GetJobA
GetPrintProcessorDirectoryA
GetPrinterDataExA

sti

StiCreateInstanceW

kernel32

CreateFileW
GetStringTypeW
LCMapStringW
HeapSize
WriteConsoleW
IsProcessorFeaturePresent
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetLocaleInfoW
LoadLibraryW
FreeLibrary
SetConsoleCtrlHandler
ReadFile
MultiByteToWideChar
GetProcessHeap
HeapAlloc
SetEndOfFile
SetFilePointer
GetConsoleMode
GetConsoleCP
RtlUnwind
FatalAppExitA
HeapFree
Sleep
WritePrivateProfileStringA
VirtualProtect
ExpandEnvironmentStringsA
InterlockedExchange
GetLastError
CloseHandle
GetCommandLineA
HeapSetInformation
GetStartupInfoW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
CreateFileA
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9913059f68294401f4613075f491442

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winspool.drv

sti

kernel32

Sections

.text Size: 69KB - Virtual size: 69KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 75KB - Virtual size: 106KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 75KB - Virtual size: 106KB

.reloc
Size: 3KB - Virtual size: 3KB