2fc199a7b61a0effb64c9dd88b51c949_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2fc199a7b61a0effb64c9dd88b51c949_JaffaCakes118
Size

172KB
MD5

2fc199a7b61a0effb64c9dd88b51c949
SHA1

241002ef87d14ef1f9834bcc6b0e835daac88a84
SHA256

e1d42afa7d79773273939f9f34b8681cc891344d12136d3fbf056344736e4194
SHA512

6986e62938c602a8e324a2a38c799708ec4eec66f45410b29ba666e2cb938be3112a85a37347d5b21827458db17698c7f02d32ff0414a05151a4198c92872e42
SSDEEP

3072:yIyRERmUi9N0qjkFCuh156lQH5tBexOA7VUd9bfU:Y0mUQjkku3+OA7uFM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fc199a7b61a0effb64c9dd88b51c949_JaffaCakes118

Files

2fc199a7b61a0effb64c9dd88b51c949_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ec134b661dfdab211f4da96dbc395e19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\vss3_2012SP3\TDM\Build\Conisio\Release\FileFormats\2DeditorPlugin.pdb

Imports

mfc80u

ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord6721
ord1605
ord760
ord3590
ord3902
ord3508
ord1925
ord6086
ord1079
ord3204
ord1118
ord2311
ord3157
ord1271
ord3198
ord3155
ord3280
ord1270
ord5633
ord2361
ord602
ord6013
ord347
ord758
ord567
ord3331
ord1590
ord5640
ord2366
ord1156
ord709
ord6031
ord5723
ord5638
ord501
ord3678
ord4119
ord6751
ord6201
ord747
ord1178
ord559
ord3168
ord548
ord314
ord5398
ord2460
ord2381
ord1908
ord1049
ord746
ord5456
ord558
ord4074
ord1220
ord313
ord1182
ord566
ord3327
ord4475
ord2832
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord757
ord3677
ord3824
ord1043
ord2239
ord1105
ord1299
ord2167
ord5524
ord6173
ord6167
ord284
ord860
ord1002
ord5434
ord894
ord5705
ord2444
ord2277
ord6172
ord6166
ord971
ord1003
ord1004
ord3868
ord5443
ord751
ord4347
ord562
ord3599
ord4035
ord2399
ord2169
ord2163
ord1513
ord765
ord315
ord1033
ord1087
ord1197
ord1199
ord1093
ord371
ord1162
ord1115
ord1192
ord1168
ord1170
ord1200
ord581
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord2985
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4255
ord572
ord3927
ord5558
ord290
ord261
ord4078
ord762
ord900
ord258
ord6293
ord5327
ord280
ord6282
ord1571
ord5316
ord1172
ord3249
ord777
ord287
ord896
ord283
ord293
ord1472
ord266
ord265
ord2340
ord1176
ord774
ord6700
ord282
ord2895
ord870
ord1479
ord577
ord2121
ord776
ord1189
ord764

msvcr80

memcpy
__CxxFrameHandler3
memcmp
memmove_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
malloc
free
memcpy_s
wcscpy_s
wcsncpy_s
wcscat_s
_recalloc
wcscmp
memset
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
strcpy
wcscpy
_wsetlocale
_wtof
wcsncmp
_wcsnicmp
wcsncpy
wcschr
wcslen
_wtoi
_crt_debugger_hook
_adjust_fdiv
__clean_type_info_names_internal

kernel32

lstrlenW
InterlockedIncrement
lstrcmpiW
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
RaiseException
InitializeCriticalSection
InterlockedDecrement
ExpandEnvironmentStringsW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLastError
HeapFree
GetProcessHeap
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
lstrlenA
WideCharToMultiByte
LocalFree
InterlockedExchange
LocalAlloc
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
DeleteCriticalSection
GetCurrentThreadId
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetTickCount

user32

LoadCursorW
GetSysColor
LoadImageW
FillRect
InvalidateRect
ReleaseDC
UnregisterClassA
GetDC
GetClientRect
GetSysColorBrush
EnableWindow
IsWindowVisible
GetFocus
IsWindow
SetFocus
KillTimer
SetTimer
GetParent
TranslateMessage
SendMessageW
CharNextW

gdi32

CreateFontIndirectW
GetStockObject
SetDIBColorTable
GetDIBColorTable
GetTextExtentPoint32W
StretchBlt
BitBlt
RealizePalette
CreateCompatibleDC
GetNearestPaletteIndex
CreateHalftonePalette
CreatePalette
CreateFontW
GetObjectW
StretchDIBits

advapi32

RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW

shlwapi

PathFindExtensionW
PathFindFileNameW
SHGetValueW

ole32

CoCreateInstance
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
OleRun
StringFromGUID2
CLSIDFromProgID

oleaut32

CreateErrorInfo
SetErrorInfo
VariantInit
VariantChangeType
GetErrorInfo
VariantClear
VarUI4FromStr
SysAllocString
SysFreeString
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysStringLen
SysAllocStringByteLen
SysStringByteLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvfw32

DrawDibOpen
DrawDibDraw
DrawDibClose

rpcrt4

NdrDllGetClassObject
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrOleAllocate
NdrOleFree
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs

msi

ord84
ord205

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
acdbMatMult

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 238B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec134b661dfdab211f4da96dbc395e19

Headers

File Characteristics

PDB Paths

Imports

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shlwapi

ole32

oleaut32

msvcp80

msvfw32

rpcrt4

msi

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.orpc Size: 4KB - Virtual size: 238B

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 80KB - Virtual size: 79KB

.orpc
Size: 4KB - Virtual size: 238B

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 12KB - Virtual size: 10KB