4930049d474c2e47249c03e92fe312fa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4930049d474c2e47249c03e92fe312fa_JaffaCakes118
Size

100KB
MD5

4930049d474c2e47249c03e92fe312fa
SHA1

0ddcc56f5fd9f07ea517f3124403c136c5634ac3
SHA256

3d67752995fbb6a155e1ace07db0872448f7743fb33d1bf90900d41e483482ce
SHA512

7e24276b7b69bf935bc865979f408527823c0ab225c58c0776dd8ce248146d37d3228adc5ab8a5f20460ee5cc63119a3583aa668c7da0266fe5c5130717bfd9c
SSDEEP

1536:Hxo86uQULxJtaJW2Egkb47w5wXuZ1+s7nSkhrB2+LKmUdSBI83bu4:6gxD2EhZ177nSkFbmmUdSBLu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4930049d474c2e47249c03e92fe312fa_JaffaCakes118

Files

4930049d474c2e47249c03e92fe312fa_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

330e293ccbdbb26b61c5590c0be7897a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\vssvd\codebase\_projects\products\_Branches\UWFX5(1.0.16.0)\_Release\FFWraper.pdb

Imports

mfc71

ord1167
ord1092
ord1084
ord1209
ord1177
ord1175
ord1201
ord1120
ord371
ord1098
ord1208
ord1206
ord1037
ord315
ord765
ord1049
ord2248
ord3830
ord757
ord566
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord1191
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3683
ord762
ord265
ord1917
ord304
ord784
ord3934
ord865
ord3997
ord876
ord2469
ord2902
ord4109
ord4081
ord310
ord2272
ord578
ord911
ord764
ord266
ord1482
ord314
ord1187
ord581

msvcr71

??1type_info@@UAE@XZ
?terminate@@YAXXZ
__security_error_handler
memset
wcsncpy
realloc
_purecall
__CxxFrameHandler
_except_handler3
_resetstkoflw
free
malloc
_mbslwr
_mbscmp
_mbsrchr
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter

kernel32

LocalAlloc
LocalFree
lstrcatA
lstrcpyA
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GetModuleHandleA
LoadLibraryExA
ExitProcess
LoadResource
SizeofResource
GetModuleFileNameA
FreeLibrary
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
IsDBCSLeadByte
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
CreateEventA
GetVersion
Sleep
ResetEvent
DeleteFileA
WaitForSingleObject
WaitForMultipleObjects
lstrcpynA
Process32First
lstrcmpiA
lstrlenA
GetProcessHeap
HeapFree
CreateThread
SetEvent
GetLastError
Process32Next
CreateToolhelp32Snapshot
CloseHandle
LoadLibraryA
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FindResourceA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapAlloc

user32

CallWindowProcA
GetKeyState
EndPaint
GetWindowLongA
InvalidateRect
IsWindow
DispatchMessageA
GetClientRect
BeginPaint
TranslateMessage
GetClassInfoExA
LoadCursorA
RegisterClassExA
CreateWindowExA
wsprintfA
GetParent
SetFocus
ShowWindow
GetFocus
IsChild
PeekMessageA
CharNextA
UnregisterClassA
DefWindowProcA
DestroyWindow
PtInRect
UnionRect
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
ReleaseDC
GetDC
SetWindowLongA

gdi32

RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileA
CloseMetaFile
DeleteDC
SetViewportOrgEx
SetMapMode
LPtoDP
CreateDCA
DeleteMetaFile
CreateRectRgnIndirect
GetClipRgn
CreateRectRgn
SelectClipRgn
Rectangle
SetTextAlign
GetDeviceCaps
TextOutA

advapi32

RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shlwapi

PathFileExistsA
PathFindExtensionA

ole32

StringFromGUID2
OleSaveToStream
WriteClassStm
OleLoadFromStream
CreateDataAdviseHolder
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoUnmarshalInterface
CoReleaseMarshalData
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

oleaut32

RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
OleCreatePropertyFrame
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VarUI4FromStr
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString
UnRegisterTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

330e293ccbdbb26b61c5590c0be7897a

Headers

File Characteristics

PDB Paths

Imports

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shlwapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 6KB