3b01f5ff840ee6d4208deaf505c1a680_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3b01f5ff840ee6d4208deaf505c1a680_JaffaCakes118
Size

1.2MB
MD5

3b01f5ff840ee6d4208deaf505c1a680
SHA1

d881b48c129d025e1f1e6b2c3fac68b0e99433b5
SHA256

3e3ea9573e7f8217d0f7e46de56c06e7db2541fe59b662d29738a97f2bda7b8d
SHA512

5b8f54e5447e110f98c5b0e1bb96e584a17c9f8735a41ab95bc8db91cfd428959ebb802859e2759c283dfd092a22cf0becd6b42420f94cd4da070090404a6dc8
SSDEEP

24576:opICdGVE2wPOLsVd4QmMEmXvcqrYUNaT0c6td0YXluDIpN1OqBv/8T6EcKm8dGgn:ocDwPOLaOQmDqrtf/0+9rvlYmsG1YKz6

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/MDScan.dll	acprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MDScan.dll
unpack001/MDecoder.exe

Files

3b01f5ff840ee6d4208deaf505c1a680_JaffaCakes118
.rar
MDScan.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

MDScan_Close
MDScan_Init
MDScan_Scan

Sections

xx00
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

00xx
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0xx0
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MDecoder.exe
.exe windows:5 windows x86 arch:x86

489438b56c04b681673046539073eb79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\MyProject\VC\MDecoder\Release\MDecoder.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
FindResourceA
LoadResource
WideCharToMultiByte
SizeofResource
GetPrivateProfileStringA
WritePrivateProfileStringA
LockResource
GetModuleFileNameA
CreateDirectoryA
GetLastError
SetLastError
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrcpynA
GetLocaleInfoW
lstrlenA
GlobalLock
GlobalAlloc
GlobalUnlock
GetTempFileNameA
GetTempPathA
DeleteFileA
lstrcpyA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FreeResource
GlobalFree
MulDiv
lstrlenW
LocalFree
FormatMessageA
GlobalSize
CopyFileA
GetVersionExA
IsValidLocale
EnumSystemLocalesA
MultiByteToWideChar
GetUserDefaultLCID
GetThreadTimes
IsBadWritePtr
LoadLibraryW
GetThreadContext
OpenThread
CompareStringW
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
VirtualFree
HeapCreate
SetHandleCount
GetStdHandle
LCMapStringW
LCMapStringA
IsValidCodePage
GetACP
GetSystemTimeAsFileTime
HeapSize
CreateSemaphoreA
ReleaseSemaphore
OutputDebugStringA
RtlCaptureContext
CreateFileW
CreateThread
ExitThread
lstrcmpW
CompareStringA
FreeLibrary
GetFileType
SetStdHandle
RaiseException
RtlUnwind
HeapReAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
FindResourceExA
VirtualProtect
Sleep
GetProfileIntA
GetTickCount
SearchPathA
SetErrorMode
GetCurrentDirectoryA
GetFileTime
GetFileSizeEx
GetFileAttributesA
GetOEMCP
GetCPInfo
InterlockedIncrement
GetModuleHandleW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
GetModuleFileNameW
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
CreateFileA
GlobalDeleteAtom
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
CloseHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetPrivateProfileIntA
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA

user32

IsClipboardFormatAvailable
MapVirtualKeyExA
IsCharLowerA
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
SetCursorPos
SetRect
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
UnpackDDElParam
ReuseDDElParam
InsertMenuItemA
TranslateAcceleratorA
UnregisterClassA
LoadImageA
CopyImage
DrawStateA
RegisterClipboardFormatA
EnumChildWindows
LockWindowUpdate
BringWindowToTop
IsRectEmpty
KillTimer
SetTimer
InvalidateRect
IsMenu
SetClassLongA
SetParent
CreatePopupMenu
NotifyWinEvent
SetWindowRgn
CreateAcceleratorTableA
LoadAcceleratorsA
DestroyAcceleratorTable
GetAsyncKeyState
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
CopyAcceleratorTableA
PostThreadMessageA
SetRectEmpty
DestroyIcon
WaitMessage
ReleaseCapture
SetCapture
DeleteMenu
LoadCursorA
WindowFromPoint
DestroyMenu
GetMenuItemInfoA
InflateRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
MapVirtualKeyA
GetKeyNameTextA
ReleaseDC
GetDC
MessageBeep
RedrawWindow
IsZoomed
GetMessageA
ValidateRect
CharUpperA
GetWindowThreadProcessId
ShowOwnedPopups
SetCursor
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
GetDlgItemTextA
CheckDlgButton
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
FrameRect
GetUpdateRect
CharUpperBuffA
CopyIcon
SubtractRect
GetIconInfo
GetDoubleClickTime
CreateMenu
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
MapDialogRect
GetWindowRgn
DestroyCursor
EnableWindow
GetNextDlgGroupItem
TranslateMessage
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
RemoveMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
CloseClipboard
GetSubMenu
LoadMenuA
EmptyClipboard
GetCursorPos
OpenClipboard
SetClipboardData
ScreenToClient
GetSystemMenu
IsIconic
LoadBitmapA
LoadIconA
wsprintfA
DrawIcon
GetClientRect
SendMessageA
AppendMenuA
PostMessageA
GetSystemMetrics
GetSysColorBrush

gdi32

DeleteObject
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectA
GetTextExtentPoint32A
GetTextMetricsA
OffsetRgn
GetRgnBox
CreateDIBitmap
CreateCompatibleBitmap
EnumFontFamiliesA
CreateRoundRectRgn
GetTextColor
SetDIBColorTable
GetDIBits
RealizePalette
CombineRgn
StretchBlt
SetPixel
CreateDIBSection
SetRectRgn
DPtoLP
CreateEllipticRgn
CreatePolygonRgn
GetBkColor
Polyline
Ellipse
Polygon
Rectangle
RoundRect
CreatePalette
GetPaletteEntries
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
LPtoDP
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
GetTextFaceA
SetPixelV
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
PatBlt
CreateRectRgnIndirect
GetObjectA
SetBkColor
GetClipBox
GetDCOrgEx
CopyMetaFileA
GetDeviceCaps
GetTextCharsetInfo
SetTextColor
CreateBitmap

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

shell32

DragQueryFileA
SHGetFileInfoA
SHGetPathFromIDListA
SHBrowseForFolderA
SHAppBarMessage
ShellExecuteA
DragFinish

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFileExistsA
StrCmpNA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathRemoveFileSpecW

ole32

ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
OleLockRunning
DoDragDrop
OleGetClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoTaskMemFree
RegisterDragDrop
RevokeDragDrop
CoLockObjectExternal

oleaut32

SysStringLen
SysAllocString
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString

gdiplus

GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCloneImage
GdipFree
GdipAlloc

wininet

InternetOpenA
InternetQueryDataAvailable
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetSetOptionExA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetCloseHandle
InternetGetLastResponseInfoA
InternetCrackUrlA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
HttpOpenRequestA
InternetOpenUrlA
InternetConnectA
HttpSendRequestA

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

timeGetTime
PlaySoundA

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 743KB - Virtual size: 742KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wdomain.ini
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

xx00 Size: - Virtual size: 92KB

00xx Size: 42KB - Virtual size: 44KB

0xx0 Size: 1KB - Virtual size: 4KB

489438b56c04b681673046539073eb79

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

wininet

imm32

winmm

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 743KB - Virtual size: 742KB

.data Size: 88KB - Virtual size: 174KB

.rsrc Size: 36KB - Virtual size: 36KB

.reloc Size: 230KB - Virtual size: 229KB

xx00
Size: - Virtual size: 92KB

00xx
Size: 42KB - Virtual size: 44KB

0xx0
Size: 1KB - Virtual size: 4KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 743KB - Virtual size: 742KB

.data
Size: 88KB - Virtual size: 174KB

.rsrc
Size: 36KB - Virtual size: 36KB

.reloc
Size: 230KB - Virtual size: 229KB