459ec4fe8aaa7a5790d9e6520390c1e1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

459ec4fe8aaa7a5790d9e6520390c1e1_JaffaCakes118
Size

532KB
MD5

459ec4fe8aaa7a5790d9e6520390c1e1
SHA1

4d7bd85fd42eb4c98b21f04156441c104e537508
SHA256

8dfd9445386a0e6d416772533001506ffb6819c133c2c1831071685981af360f
SHA512

7e5b224476fc5db1ebe5a15b85a969dc8c57b9dfdb32c22f57240f81680a9690124e54a520c57030d9be892096cf7b9c3362b5c0259e99e64cda7b74156dd4ab
SSDEEP

12288:1ajyv592wwDNZrf9YyVIzNLweXwjehC65CmZ/iG9EjPDsR6qWB:1CyHnQZrFtedXwjJ60mnQ86qWB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/571212538/DBGRID32.oca

Files

459ec4fe8aaa7a5790d9e6520390c1e1_JaffaCakes118
.rar
571212538/DBGRID32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

6a64e5b2d788fc5ccfe5529f5f992734

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadWritePtr
GetLastError
SetFilePointer
lstrlenA
MultiByteToWideChar
IsBadReadPtr
IsBadCodePtr
FlushFileBuffers
CloseHandle
EnterCriticalSection
GetModuleFileNameA
LoadLibraryA
GetLocaleInfoA
GetEnvironmentStringsW
SetUnhandledExceptionFilter
WriteFile
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetCPInfo
GetOEMCP
GetACP
GetFileType
GetStartupInfoA
GetStdHandle
HeapCreate
SetHandleCount
HeapDestroy
HeapSize
GetStringTypeW
GetStringTypeA
TerminateProcess
HeapReAlloc
GetCurrentProcess
GetModuleHandleA
ExitProcess
GetVersion
HeapAlloc
GetProcAddress
GetCommandLineA
GlobalAlloc
HeapFree
RtlUnwind
GlobalFree
GlobalLock
GlobalUnlock
FreeLibrary
MulDiv
DeleteCriticalSection
WideCharToMultiByte
GetPrivateProfileIntA
InitializeCriticalSection
LockResource
FindResourceA
LoadResource
GetWindowsDirectoryA
FreeResource
lstrcmpA
LCMapStringA
CompareStringA
LCMapStringW
SetStdHandle
lstrcpyA
GetFileAttributesA
ReadFile
SetEndOfFile
CreateFileA
GetLocaleInfoW
CompareStringW
LeaveCriticalSection
IsDBCSLeadByte
GetTickCount
SizeofResource
GetUserDefaultLCID
OutputDebugStringA

ole32

CreateDataAdviseHolder
CoCreateInstance
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
OleCreateDefaultHandler
StgCreateDocfileOnILockBytes
CoGetMalloc
StgCreateDocfile
CoTaskMemAlloc
StringFromIID
CreateOleAdviseHolder

oleaut32

VariantClear
VariantInit
SysStringByteLen
GetErrorInfo
OleCreatePropertyFrame
SysAllocStringByteLen
SafeArrayAccessData
SafeArrayUnaccessData
DispGetIDsOfNames
SafeArrayCreate
SysAllocString
VariantChangeType
SysStringLen
VariantCopyInd
SysFreeString
VariantCopy
OleTranslateColor
SafeArrayPutElement
SafeArrayGetLBound
LoadRegTypeLi
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetDim
OleCreateFontIndirect
OleCreatePictureIndirect
SafeArrayDestroy

gdi32

CloseMetaFile
SetWindowOrgEx
SetMapMode
SetWindowExtEx
StretchBlt
SetViewportOrgEx
CreateMetaFileA
SetViewportExtEx
CreateCompatibleBitmap
GetStockObject
SaveDC
LPtoDP
RestoreDC
GetTextMetricsA
CreateFontIndirectA
GetTextExtentPointA
MoveToEx
IntersectClipRect
LineTo
GetViewportOrgEx
CreatePen
SetBkMode
CreateHatchBrush
SetROP2
Rectangle
PatBlt
GetROP2
GetDeviceCaps
CreateCompatibleDC
CreateDCA
SelectObject
DeleteDC
BitBlt
SetBkColor
CreateSolidBrush
GetObjectA
DeleteObject
GetBkMode
SetTextColor
GetTextFaceA
GetNearestColor
GetTextColor
GetBkColor
SetBrushOrgEx
CreateBitmapIndirect
GetTextExtentPoint32A
ExtTextOutA
UnrealizeObject

user32

ClientToScreen
AppendMenuA
CreatePopupMenu
SetWindowTextA
EnableWindow
InvalidateRect
SendDlgItemMessageA
RegisterClipboardFormatA
FrameRect
GetKeyState
GetFocus
SetFocus
CreateWindowExA
GetClassLongA
SetWindowLongA
GetSystemMetrics
SendMessageA
CallWindowProcA
PostMessageA
MessageBeep
MessageBoxA
PeekMessageA
DispatchMessageA
GetDC
ReleaseDC
SetDlgItemTextA
LoadBitmapA
GetDlgItem
GetWindowRect
ScreenToClient
EndDialog
DefWindowProcA
DialogBoxParamA
LoadStringA
wsprintfA
CharNextA
TrackPopupMenu
DestroyCursor
RegisterClassA
SetCursor
IsDlgButtonChecked
RegisterWindowMessageA
DestroyMenu
LoadCursorA
EnableMenuItem
wvsprintfA
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
DestroyWindow
ShowWindow
MoveWindow
IsWindow
CopyRect
IntersectRect
SetScrollPos
SetWindowPos
GetWindowLongA
InflateRect
GetParent
GetClassInfoA
GetClassNameA
GetDialogBaseUnits
CreateDialogIndirectParamA
IsDialogMessageA
GetWindow
CheckDlgButton
GetWindowTextLengthA
ClipCursor
GetClipCursor
GetCursorPos
UnregisterClassA
GetSysColor
GetScrollRange
GetClientRect
PtInRect
GetScrollPos
ScrollWindowEx
SetScrollRange
FillRect
IsWindowVisible
EndPaint
BeginPaint
SetCapture
GetDesktopWindow
ShowCaret
DrawFocusRect
HideCaret
DrawTextA
IsRectEmpty
ShowScrollBar
GetUpdateRect
SubtractRect
SetCursorPos
ReleaseCapture

advapi32

RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegCreateKeyA
RegSetValueA
RegCloseKey

Exports

Exports

??0BufferComparator@@QAE@ABV0@@Z
??0BufferComparator@@QAE@XZ
??4BufferComparator@@QAEAAV0@ABV0@@Z
??_7BufferComparator@@6B@
?compareBuffers@BufferComparator@@UAEHPBXH0H@Z
DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
__preptrap@4
_ex_atraise@4
_ex_clear@0
_ex_code@0
_ex_disable@0
_ex_enable@4
_ex_message@0
_ex_mraise@8
_ex_msystem@4
_ex_name@4
_ex_prop@0
_ex_raise@4
_ex_system@0
_ex_trapf@12
_msgi_lookup@12

Sections

.text
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
571212538/DBGRID32.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
571212538/DBGRID96.HLP
571212538/FORM3.log
571212538/Form1.frm
571212538/Form2.frm
571212538/Form3.frm
571212538/MSSCCPRJ.SCC
571212538/Module1.bas
571212538/frminfo.frm
571212538/frmloadpic.frm
.vbs
571212538/frmmodify.frm
571212538/frmsearch.frm
.vbs
571212538/frmshow.frm
.vbs
571212538/frmshow0.frm
571212538/frmshow1.frm
571212538/frmstudent.frm
.vbs
571212538/frmteacher.frm
.vbs
571212538/frmteacher.frx
571212538/renshiguanli.frm
.vbs
571212538/renshiguanli.frx
571212538/renshiguanli.log
571212538/reshi.mdb
571212538/下载说明.htm
.html .js polyglot
571212538/大学人事管理.vbp
571212538/大学人事管理.vbw
571212538/工程1.vbp
571212538/工程1.vbw
571212538/工程2.vbp
571212538/工程2.vbw
571212538/文件.vbp
571212538/文件.vbw

Sharing

General

Malware Config

Signatures

Files

6a64e5b2d788fc5ccfe5529f5f992734

Code Sign

Signer

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

gdi32

user32

advapi32

Exports

Exports

Sections

.text Size: 356KB - Virtual size: 356KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 11KB - Virtual size: 22KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 84KB - Virtual size: 84KB

.reloc Size: 21KB - Virtual size: 20KB

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 4KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 58KB - Virtual size: 60KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size:

.text
Size: 356KB - Virtual size: 356KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 11KB - Virtual size: 22KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 84KB - Virtual size: 84KB

.reloc
Size: 21KB - Virtual size: 20KB

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 58KB - Virtual size: 60KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: