3af8ab740b5c72be168168a889fe54b7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3af8ab740b5c72be168168a889fe54b7_JaffaCakes118
Size

144KB
MD5

3af8ab740b5c72be168168a889fe54b7
SHA1

acddac16d5b256d543523d24edcb1da9e22c806e
SHA256

cdb8314aeadfd71fd9fa2c26df3e6c54e14b1d76804e48b80c6d8f7ed06e09db
SHA512

ee5a18495c8a4a8d7ee7b06ad222376ef939f511811340c835a7cbf8920e0c2541eab12f9d2ddeb418bee5856a36f724cc6242a0fa2b27ff3002ef12593ff2cc
SSDEEP

3072:TbtaqLJSq+Px8lfh8aSfLiIA7iU2W6ae:MqMqe2AO7iU2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3af8ab740b5c72be168168a889fe54b7_JaffaCakes118

Files

3af8ab740b5c72be168168a889fe54b7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4ae515605d1ca1745b814a6aae697792

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Qos\Temigu.pdb

Imports

kernel32

CreateProcessA
GetCurrentThreadId
RemoveDirectoryA
QueryPerformanceCounter
CreateFileA
GetVolumeInformationA
GetSystemTime
OpenProcess
GetVersionExA
GetModuleHandleA
GetDateFormatA
LoadResource
SetEvent
WaitForSingleObject
LoadLibraryA
WriteConsoleW
GetModuleFileNameA
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetCurrentProcessId
GetTickCount
SetEndOfFile
HeapSize
VirtualQuery
InterlockedExchange
RtlUnwind
GetCPInfo
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetLastError
CloseHandle
ReadFile
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetSystemInfo

user32

OffsetRect
GetDoubleClickTime
EndDeferWindowPos
ExitWindowsEx
GetMessageA
CloseClipboard
EndDialog
IntersectRect
LoadIconA
InflateRect

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA
GetJobA

shlwapi

PathAppendA
wnsprintfA
PathCompactPathExA
PathGetDriveNumberA
PathIsUNCA
AssocQueryStringA
PathRemoveFileSpecA

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ae515605d1ca1745b814a6aae697792

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winspool.drv

shlwapi

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 44KB - Virtual size: 184KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 44KB - Virtual size: 184KB

.rsrc
Size: 4KB - Virtual size: 2KB