3ba3d648ca74d5bd772f483c4a9d22fd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ba3d648ca74d5bd772f483c4a9d22fd_JaffaCakes118
Size

764KB
MD5

3ba3d648ca74d5bd772f483c4a9d22fd
SHA1

c2de8076341421ddbc42dce2421b55eef65cf7c4
SHA256

dcf378c464b7206e115e6ca75db611d0139eac32efe516843f30e8f7081c6b4a
SHA512

956449e72ba7599ba28b71b9ac9ebbe0e8086953f5290e5394b3c299878841d1aabbb4364675b8352815508f0c8d40796542eb8c15b242349611230de14cf613
SSDEEP

12288:1g85EoktIBKProGyVqaybmLp9N2dWELilk1EdKdf1t+dNyysAtqzq3GLX+X4Dg:e8J6dProG+qayC12PLmDdqf2doys4qG3

Score

8^/10

macro

Malware Config

Signatures

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
static1/unpack001/info_03_03.doc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cav3cab.dll

Files

3ba3d648ca74d5bd772f483c4a9d22fd_JaffaCakes118
.zip
cav3cab.dll
.dll windows:6 windows x86 arch:x86

01d4c49b7df9a276ec8cc7775d9e5de9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
WideCharToMultiByte
LoadLibraryW
Sleep
GetModuleFileNameW
VirtualProtect
GetWindowsDirectoryW
SetEndOfFile
WriteConsoleW
SetFilePointerEx
CreateFileW
OutputDebugStringW
GetStringTypeW
ReadConsoleW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetLastError
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
HeapSize
SetLastError
HeapFree
GetTimeZoneInformation
CloseHandle
HeapAlloc
GetProcessHeap
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
LoadLibraryExW
HeapReAlloc
CompareStringW
LCMapStringW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetEnvironmentVariableA

winspool.drv

GetPrinterDataW
AddPrinterConnectionW
DocumentPropertiesW
ClosePrinter
GetJobW
OpenPrinterW

Sections

.text
Size: 544KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 496KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 1010KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
info_03_03.doc
.docm .doc office2007

ThisDocument

acK3g

a8THa

aeqzv

frm
run.bat

Sharing

General

Malware Config

Signatures

Files

01d4c49b7df9a276ec8cc7775d9e5de9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winspool.drv

Sections

.text Size: 544KB - Virtual size: 543KB

.rdata Size: 496KB - Virtual size: 496KB

.data Size: 18KB - Virtual size: 1010KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

ThisDocument

acK3g

a8THa

aeqzv

frm

.text
Size: 544KB - Virtual size: 543KB

.rdata
Size: 496KB - Virtual size: 496KB

.data
Size: 18KB - Virtual size: 1010KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB