3958414d5e7999263e7a1ffd7f45ca2e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3958414d5e7999263e7a1ffd7f45ca2e_JaffaCakes118
Size

150KB
MD5

3958414d5e7999263e7a1ffd7f45ca2e
SHA1

769abf804f7949b3b499837a82e3ebdb1e10036c
SHA256

ac4c11f887a59688222460f19a5bc8a17c0bc87e314780d1f6cc74ac79361f50
SHA512

0787a6beea5ff057104336118db9fc2802b95b4b74c363b869503fd0dc5f89a2d3eb35d15482b91afeb6f743e5f268a6552931f9e2f6e9d2b78f2d208326f527
SSDEEP

3072:45cxRiJ68HxgO1AA9ycFzYFOX4z7hv70OgxqhJtcZhwKcz:Wc7iJ6kgO1AadFKSOx70OASJtcoK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3958414d5e7999263e7a1ffd7f45ca2e_JaffaCakes118

Files

3958414d5e7999263e7a1ffd7f45ca2e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

85fa63234bb03ff23d4ec205a78b4228

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\build\source\rjrmxpln\rel32\rjrmxpln.pdb

Imports

kernel32

SetEndOfFile
SetFilePointer
CreateFileA
OutputDebugStringA
GetLastError
CreateMutexA
CloseHandle
WaitForSingleObject
GetTickCount
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GetTempPathA
GetTempFileNameA
InterlockedDecrement
ReleaseMutex
InterlockedIncrement
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
IsDebuggerPresent

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

msvcr90

fread
fseek
fopen
fclose
strftime
_fsopen
rename
fwrite
ftell
memset
_strlwr
_splitpath
memcpy
strncmp
_stat32
rand
srand
fflush
sscanf
sprintf
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
feof
strstr
_time32
_gmtime32
??2@YAPAXI@Z
strncpy
??3@YAXPAX@Z
remove
_stricmp

Exports

Exports

??0CDataSource@@QAE@XZ
??0CFileRead@@QAE@XZ
??0CFileWrite@@QAE@XZ
??0CRMXHeader@@QAE@XZ
??0NameValuePropertyEx@@QAE@XZ
??0RMXHeader@@QAE@XZ
??0TableOfContentsEntry@@QAE@XZ
??1CDataSource@@QAE@XZ
??1CFileRead@@QAE@XZ
??1CFileWrite@@QAE@XZ
??1CRMXHeader@@QAE@XZ
??1NameValuePropertyEx@@QAE@XZ
??1RMXHeader@@QAE@XZ
??1TableOfContentsEntry@@QAE@XZ
??4CDataSource@@QAEAAV0@ABV0@@Z
??4CFileRead@@QAEAAV0@ABV0@@Z
??4CFileWrite@@QAEAAV0@ABV0@@Z
??4CRMXHeader@@QAEAAV0@AAV0@@Z
??4NameValuePropertyEx@@QAEAAV0@AAV0@@Z
??4RMXHeader@@QAEAAV0@AAV0@@Z
??4TableOfContentsEntry@@QAEAAV0@AAV0@@Z
?AppendEmptyProp@CRMXHeader@@AAEPAVNameValuePropertyEx@@K@Z
?AppendTOCEntry@CRMXHeader@@AAEPAVTableOfContentsEntry@@XZ
?ClearHeader@CRMXHeader@@QAEXXZ
?CloseRead@CFileRead@@QAEJXZ
?CloseWrite@CFileWrite@@QAEJXZ
?CreateNewTOCEntry@CRMXHeader@@QAEJKGPAKKPAU_SDecryptionData@@@Z
?CreatePropArrayForDecryption@@YAPAVNameValuePropertyEx@@KPAU_SDecryptionData@@PAG@Z
?CreateSecurityInstance@@YGJW4PKI_BCYPHER_TYPE@@PAPAUIRMASecurity@@@Z
?CreateTimesPlayedIndex@CRMXHeader@@AAEJPAK0PAG@Z
?DeleteProp@CRMXHeader@@QAEJKPBD@Z
?DeleteTOCEntry@CRMXHeader@@QAEJK@Z
?EncryptTimeoutData@CRMXHeader@@AAEJGPAE0PAKPAPAU_SDecryptionData@@@Z
?ExportSessionKey@CFileWrite@@AAEJPAEKPAPAEPAK@Z
?FindProp@CRMXHeader@@AAEPAVNameValuePropertyEx@@KPBD@Z
?FixupTimesPlayed@CRMXHeader@@QAEXK@Z
?FreeDecryptionData@@YGXPAU_SDecryptionData@@@Z
?GenerateSessionKeyFromKeyPair@CFileRead@@AAEJKPAEK0PAKPAPAE@Z
?GetDecryptionData@CRMXHeader@@QAEJKPAKPAPAU_SDecryptionData@@_N2@Z
?GetFileVersion@CRMXHeader@@QAEKXZ
?GetHeaderSize@CRMXHeader@@QAEKXZ
?GetObjectVersion@CRMXHeader@@QAEGXZ
?GetSecurity@CFileWrite@@QAEPAUIRMASecurity@@XZ
?GetTOCDataSize@CRMXHeader@@QAEKK@Z
?GetTOCEntries@CRMXHeader@@QAEKXZ
?GetTOCFlags@CRMXHeader@@QAEGK@Z
?GetTOCOffset@CRMXHeader@@QAEKK@Z
?GetTOCPropBlob@CRMXHeader@@QAEJKPBDPAGPAPAE@Z
?GetTOCPropLong@CRMXHeader@@QAEJKPBDPAK@Z
?GetTOCPropString@CRMXHeader@@QAEJKPBDPAPAD@Z
?GetTimeoutData@CRMXHeader@@AAEJKPAGPAPAE@Z
?GetTimesPlayed@CRMXHeader@@QAEJKKGPAGH@Z
?GetTimesPlayedFile@CRMXHeader@@AAEJPADPAPAU_iobuf@@@Z
?HasTimeoutInfo@CRMXHeader@@QAE_NK@Z
?InitRead@CFileRead@@AAEJ_NKPAU_SDecryptionData@@KPAE0@Z
?InitRead@CFileRead@@QAEJ_NKPAU_SDecryptionData@@KPAE@Z
?InitWrite@CFileWrite@@QAEJ_NPAKPAPAU_SDecryptionData@@0KPAE@Z
?IsTOCDataEncrypted@CRMXHeader@@QAE_NK@Z
?LoadHeaderFromBuffer@CRMXHeader@@QAEJPAEKPAK@Z
?LoadHeaderFromFile@CRMXHeader@@QAEJXZ
?LoadHeaderFromHeader@CRMXHeader@@QAEJPAV1@@Z
?LoadSecurityDll@@YGPAUHINSTANCE__@@XZ
?MakeValid@CRMXHeader@@AAEJPAD@Z
?OpenTimesPlayedFile@CRMXHeader@@AAEJPADPAPAU_iobuf@@@Z
?PackTimeoutData@CRMXHeader@@AAEJKPAU_SDecryptionData@@KKGGPBD1PAGPAPAE@Z
?Read@CDataSource@@QAEKPAEKK@Z
?Read@CFileRead@@QAEJPAEKPAK@Z
?Reset@CFileRead@@AAEXXZ
?Reset@CFileWrite@@AAEXXZ
?Reset@NameValuePropertyEx@@QAEXXZ
?Reset@RMXHeader@@QAEXXZ
?Reset@TableOfContentsEntry@@QAEXXZ
?Seek@CDataSource@@QAEHJH@Z
?Seek@CFileRead@@QAEJKG@Z
?Seek@CFileWrite@@QAEJKG@Z
?SetRange@CFileRead@@QAEJKK@Z
?SetTOCFlags@CRMXHeader@@QAEJKG@Z
?SetTOCOffset@CRMXHeader@@QAEJKK@Z
?SetTOCPropBlob@CRMXHeader@@QAEJKPBDGPAE_N@Z
?SetTOCPropLong@CRMXHeader@@QAEJKPBDK_N@Z
?SetTOCPropString@CRMXHeader@@QAEJKPBD0_N@Z
?SetTimeoutProp@CRMXHeader@@QAEJKKKGPBD0@Z
?Tell@CDataSource@@QAEKXZ
?Tell@CFileRead@@QAEKXZ
?Tell@CFileWrite@@QAEKXZ
?UnpackTimeoutData@CRMXHeader@@QAEJKPAKPAPAU_SDecryptionData@@00PAG2PAPAD3@Z
?Use@CDataSource@@QAEXPAU_iobuf@@@Z
?Use@CRMXHeader@@QAEXPAU_iobuf@@@Z
?UseBuffer@CDataSource@@QAEXPAEK@Z
?ValidateTimeoutInfoVersion@CRMXHeader@@QAEJK@Z
?Write@CDataSource@@QAEJPAEK@Z
?Write@CFileWrite@@QAEJPAEK@Z
?WriteHeaderToFile@CRMXHeader@@QAEJXZ
?get_blob_property@NameValuePropertyEx@@QAEJPAGPAPAE@Z
?get_blob_property@TableOfContentsEntry@@QAEJPBDPAGPAPAE@Z
?get_long_property@NameValuePropertyEx@@QAEJPAK@Z
?get_long_property@TableOfContentsEntry@@QAEJPBDPAK@Z
?get_string_property@NameValuePropertyEx@@QAEJPAPAD@Z
?get_string_property@TableOfContentsEntry@@QAEJPBDPAPAD@Z
?pack@NameValuePropertyEx@@QAEPAEPAEAAK@Z
?pack@RMXHeader@@QAEPAEPAEAAK@Z
?pack@TableOfContentsEntry@@QAEPAEPAEAAK@Z
?persist_size@NameValuePropertyEx@@QAE?BKXZ
?persist_size@RMXHeader@@QAE?BKXZ
?persist_size@TableOfContentsEntry@@QAE?BKXZ
?set_blob_property@NameValuePropertyEx@@QAEJPBDGPAE@Z
?set_long_property@NameValuePropertyEx@@QAEJPBDK@Z
?set_string_property@NameValuePropertyEx@@QAEJPBD0@Z
?static_size@NameValuePropertyEx@@QAE?BKXZ
?static_size@RMXHeader@@QAE?BKXZ
?static_size@TableOfContentsEntry@@QAE?BKXZ
?unpack@NameValuePropertyEx@@QAEPAEPAEK@Z
?unpack@RMXHeader@@QAEPAEPAEK@Z
?unpack@TableOfContentsEntry@@QAEPAEPAEK@Z
MPACreateComponentInstance

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85fa63234bb03ff23d4ec205a78b4228

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

version

msvcr90

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 101KB - Virtual size: 100KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 101KB - Virtual size: 100KB

.reloc
Size: 2KB - Virtual size: 1KB