48999c3d64ca4c6680d40ee1d288472c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

48999c3d64ca4c6680d40ee1d288472c_JaffaCakes118
Size

288KB
MD5

48999c3d64ca4c6680d40ee1d288472c
SHA1

d0f5447d061c31940f2353864391963d569807a7
SHA256

0569f7b29bf98f54e348f4dc10dddec0f3b1e86350374ca4f0608d22ded01418
SHA512

9354440f783a7d93586a45b42083cdd8a941f128b34d3bdac6defbd3a26e969848f0cf096045ee9ce9a3773018be7600428f4c8b7cddd91e04a0a2d1c78030b3
SSDEEP

6144:taPS4QIOgY8SG5dSsBGbbtTpFbTmPvnFG1obFVVZHS1M:sS4QfG5dlUdlFbTmEiVVZHS1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48999c3d64ca4c6680d40ee1d288472c_JaffaCakes118

Files

48999c3d64ca4c6680d40ee1d288472c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d7b15b1be3ad1524d0d9276eba1f0268

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

tlibu

?Create@TImage@@QAEPAUHBITMAP__@@JJW4TPixelFormat@@H@Z
?GetPixelFormat@TImage@@QBE?AW4TPixelFormat@@XZ
??0TImage@@QAE@XZ
?GetHeight@TImage@@QBEJXZ
?GetWidth@TImage@@QBEJXZ
?IsNoHandle@TImage@@QBEHXZ
?IsValid@TImage@@QBEHXZ
?GetDC@TImage@@QAEPAUHDC__@@XZ
?GetBitCount@TImage@@QBEGXZ
?CreateInstance@TImageGenerator@@SAPAVTImage@@PBEKH@Z
?GetBits@TImage@@QBEQAEXZ
?InitializeTLib@@YAHK@Z
??1TImagePNG@@UAE@XZ
?SetNoHandleMode@TImage@@QAEHH@Z
?GetBits@TImage@@QAEPAEXZ
?GetSize@TImage@@QBEJXZ
?UninitializeTLib@@YAHXZ
?Blt@TImage@@QAEHPAUHDC__@@JJJJJJK@Z
??1TImage@@UAE@XZ
?Resize@TEffectImage@@SAJAAVTImage@@JJ@Z
??0TImagePNG@@QAE@XZ
??1TImageBMP@@UAE@XZ
?AddExtendSupportFormat@TImageGenerator@@SAIABVTImage@@@Z
??0TImageBMP@@QAE@XZ
?GetWidthBytes@TImage@@QBEJXZ

mfc80u

ord741
ord266
ord314
ord354
ord572
ord2011
ord605
ord6751
ord4729
ord1785
ord3435
ord4574
ord2365
ord265
ord3635
ord3311
ord4255
ord4480
ord3943
ord2638
ord3703
ord3713
ord3712
ord2985
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2402
ord2407
ord2388
ord2404
ord587
ord927
ord929
ord925
ord920
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4234
ord1393
ord3940
ord1608
ord1611
ord5911
ord6721
ord2086
ord3158
ord4226
ord2077
ord3165
ord4228
ord1538
ord2080
ord4092
ord1474
ord1922
ord4256
ord5199
ord4238
ord1392
ord5908
ord6720
ord1661
ord1662
ord4884
ord4206
ord591
ord1542
ord2311
ord6063
ord1590
ord1646
ord1647
ord2397
ord2409
ord2386
ord2390
ord2392
ord2394
ord2384
ord5229
ord5231
ord1582
ord1536
ord1182
ord1178
ord1176
ord1059
ord1085
ord762
ord764
ord581
ord1200
ord1170
ord1168
ord1192
ord1115
ord1162
ord1908
ord371
ord1093
ord1199
ord1197
ord1087
ord1033
ord1079
ord315
ord765
ord931
ord5178

msvcr80

_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_crt_debugger_hook
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
__CxxFrameHandler3
?what@exception@std@@UBEPBDXZ
_purecall
wcscmp
??0exception@std@@QAE@ABV01@@Z
_initterm_e
wcslen
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABQBD@Z
memcpy_s
memmove_s
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
free
malloc
realloc
__CxxFrameHandler
_decode_pointer
_initterm
_encoded_null
_malloc_crt
wcsrchr
memset
memcpy

kernel32

GetVersionExA
GetLocaleInfoA
GetACP
GetThreadLocale
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
FreeLibrary
FindClose
FindNextFileW
LocalFree
LocalAlloc
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
RaiseException
InitializeCriticalSection
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LoadLibraryExW

user32

GetSystemMenu
EnableMenuItem
SendMessageW
EnableWindow
UnregisterClassA

msvcp80

?_Xran@_String_base@std@@SAXXZ
?_Xlen@_String_base@std@@SAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

Exports

Exports

??0IDefSdkVideoTransition@@QAE@ABV0@@Z
??0IDefSdkVideoTransition@@QAE@XZ
??4IDefSdkVideoTransition@@QAEAAV0@ABV0@@Z
??_7IDefSdkVideoTransition@@6B@
DefSdkCreateVideoTransition

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7b15b1be3ad1524d0d9276eba1f0268

Headers

File Characteristics

Imports

tlibu

mfc80u

msvcr80

kernel32

user32

msvcp80

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 49KB

.text1 Size: 4KB - Virtual size: 1KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 7KB

.data1 Size: 196KB - Virtual size: 192KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 52KB - Virtual size: 49KB

.text1
Size: 4KB - Virtual size: 1KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 7KB

.data1
Size: 196KB - Virtual size: 192KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB