4c1b02a7f1cbd6c97c901ab133f54fa6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c1b02a7f1cbd6c97c901ab133f54fa6_JaffaCakes118
Size

685KB
MD5

4c1b02a7f1cbd6c97c901ab133f54fa6
SHA1

c41ad0bfdaabca59aab083316a826ee7468e45ee
SHA256

3c725dbdbf9f4cc5391896270b9357d0877a27a2cc43745db902ad6a34871efb
SHA512

fd5329cce9ffa22f19399ad0dacdf8be3ce64fe54cfaa5bda4704bb6f146b22398098ae2740cdb29a1873eaeabf383442393440972fe918ca34c4975ab1b1296
SSDEEP

12288:MuwVzNTTOGK8etwlG94NZtcbdsnBVOUBU4YlIrLu6bL0hD24dCa8TwR7:MuwR9TOGK8eiGoZtcbyzOU0+3u63CDr9

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AmoK DVD Shrinker/AmoK_DVD_Shrinker.exe
unpack001/AmoK DVD Shrinker/DVDVideo.exe
unpack001/AmoK DVD Shrinker/ShrinkTo5.dll

Files

4c1b02a7f1cbd6c97c901ab133f54fa6_JaffaCakes118
.rar
AmoK DVD Shrinker/AmoK DVD Shrinker Deutsch (Deutschland).pdf
.pdf
- http://www.amok.am
- http://www.paehl.de
AmoK DVD Shrinker/AmoK_DVD_Shrinker.exe
.exe windows:4 windows x86 arch:x86

41278e992cc8e04ddef34986e6232c15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

msimg32

GradientFill

Sections

CODE
Size: 324KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
AmoK DVD Shrinker/DVDVideo.exe
.exe windows:4 windows x86 arch:x86

400486ec59217459933dd3b2bcf1bac9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

gdi32

UnrealizeObject

version

VerQueryValueA

ole32

CoTaskMemFree

comctl32

_TrackMouseEvent

shell32

SHGetPathFromIDListA

Sections

.text
Size: 189KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
AmoK DVD Shrinker/ShrinkTo5.dll
.dll windows:4 windows x86 arch:x86

b9dcba1196d96a992fd0002356a333d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

ShowWindow

gdi32

GetStockObject

comctl32

ord17

shlwapi

PathFindExtensionA

oleacc

CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA

advapi32

RegQueryValueExA

oleaut32

VariantClear

Exports

Exports

??0Transfer@@QAE@ABV0@@Z
??0Transfer@@QAE@XZ
??0TransferAlert@@QAE@ABV0@@Z
??0TransferAlert@@QAE@XZ
??1Transfer@@QAE@XZ
??1TransferAlert@@QAE@XZ
??4Transfer@@QAEAAV0@ABV0@@Z
??4TransferAlert@@QAEAAV0@ABV0@@Z
??_7Transfer@@6B@
??_7TransferAlert@@6B@
?AddAlert@TransferAlert@@UAEXH@Z
?CallBack@TransferAlert@@UAEHHHPAX@Z
?CopyAllFiles@Transfer@@MAEXPAD0@Z
?EvaluatePath@Transfer@@MAE_JPAD@Z
?ForceTargetSize@Transfer@@UAEH_N@Z
?GenerateIgnoreTable@Transfer@@MAEHHH@Z
?GetActualFileName@Transfer@@UAEPADXZ
?GetAlert@TransferAlert@@UAE_NH@Z
?GetAllAlert@TransferAlert@@UAEHXZ
?GetAuthorizeDrive@Transfer@@UAEHXZ
?GetCompressionRatio@Transfer@@UAEMXZ
?GetDemoMode@Transfer@@UAEHXZ
?GetElapsedTimeSec@Transfer@@UAEHXZ
?GetEstimatedTimeSec@Transfer@@UAEHXZ
?GetFileSizeSECT@Transfer@@IAEHPAD@Z
?GetMovieOnly@Transfer@@UAEHXZ
?GetMovieOnlySizeMB@Transfer@@MAEHXZ
?GetMovieOnlyVTSNum@Transfer@@MAEHXZ
?GetNumFrames@Transfer@@UAEHXZ
?GetNumVTS@Transfer@@UAEHXZ
?GetNumVTSLang@Transfer@@UAEHH@Z
?GetNumVTSSub@Transfer@@UAEHH@Z
?GetPreviewDC@TransferAlert@@UAEPAUHDC__@@XZ
?GetQuality@Transfer@@UAEHXZ
?GetReadBufferOccupancyKB@Transfer@@UAEHXZ
?GetReadKB@Transfer@@UAEHXZ
?GetReadLimitKB@Transfer@@UAEHXZ
?GetRemainingTimeSec@Transfer@@UAEHXZ
?GetSourceSizeMB@Transfer@@UAEH_N@Z
?GetTargetSizeMB@Transfer@@UAEHXZ
?GetUseDeCSS@Transfer@@UAEHXZ
?GetVOBSizeMB@Transfer@@MAEHPADHH@Z
?GetVOBSizeSECT@Transfer@@MAEHPADHH@Z
?GetVTSLangDefault@Transfer@@UAEHHH@Z
?GetVTSLangDesc@Transfer@@UAEHHHPADH@Z
?GetVTSLangSelected@Transfer@@UAEHHH@Z
?GetVTSSize@Transfer@@UAEHH@Z
?GetVTSSubDefault@Transfer@@UAEHHH@Z
?GetVTSSubDesc@Transfer@@UAEHHHPADH@Z
?GetVTSSubSelected@Transfer@@UAEHHH@Z
?GetWriteBufferOccupancyKB@Transfer@@UAEHXZ
?GetWrittenKB@Transfer@@UAEHXZ
?Open@Transfer@@UAEHPAD@Z
?SearchEncryption@Transfer@@MAEHPAD0@Z
?SendAlert@TransferAlert@@UAEHHH@Z
?SetAlert@Transfer@@UAEXPAVTransferAlert@@@Z
?SetAuthorizeDrive@Transfer@@UAEH_N@Z
?SetCallBack@TransferAlert@@UAEXP6GHHHPAX0@Z0@Z
?SetDemoMode@Transfer@@UAEX_N@Z
?SetMovieOnly@Transfer@@UAEX_N@Z
?SetPreviewDC@TransferAlert@@UAEXPAUHDC__@@@Z
?SetQuality@Transfer@@UAEXH@Z
?SetTargetSizeMB@Transfer@@UAEHH@Z
?SetTransfer@TransferAlert@@UAEXPAX@Z
?SetUseDeCSS@Transfer@@UAEH_N@Z
?SetVTSLangDefault@Transfer@@UAEHHH@Z
?SetVTSLangSelected@Transfer@@UAEHHHH@Z
?SetVTSSubDefault@Transfer@@UAEHHH@Z
?SetVTSSubSelected@Transfer@@UAEHHHH@Z
?SubAlert@TransferAlert@@UAEXH@Z
?SubAllAlert@TransferAlert@@UAEXXZ
?TransferFile@Transfer@@UAEHPAD0HHHHH0@Z
?TransferFiles@Transfer@@MAEHPAD0HH0@Z
?TransferPath@Transfer@@UAEHPAD0@Z
AddAlert
ForceTargetSize
GetActualFileName
GetAlert
GetAllAlert
GetAuthorizeDrive
GetCompressionRatio
GetDemoMode
GetElapsedTimeSec
GetEstimatedTimeSec
GetMovieOnly
GetNumFrames
GetNumVTS
GetNumVTSLang
GetNumVTSSub
GetQuality
GetReadBufferOccupancyKB
GetReadKB
GetReadLimitKB
GetRemainingTimeSec
GetSourceSizeMB
GetTargetSizeMB
GetUseDeCSS
GetVTSLangDefault
GetVTSLangDesc
GetVTSLangSelected
GetVTSSize
GetVTSSubDefault
GetVTSSubDesc
GetVTSSubSelected
GetWriteBufferOccupancyKB
GetWrittenKB
Open
SetAuthorizeDrive
SetCallBack
SetDemoMode
SetMovieOnly
SetPreviewDC
SetQuality
SetTargetSizeMB
SetUseDeCSS
SetVTSLangDefault
SetVTSLangSelected
SetVTSSubDefault
SetVTSSubSelected
SubAlert
SubAllAlert
TransferPath

Sections

.text
Size: 118KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
AmoK DVD Shrinker/amok-dvd-shrinker.chm
.chm
AmoK DVD Shrinker/for_translation_only.zip
.zip
decss.png
.png
deutsch.html
.html
AmoK DVD Shrinker/locale/de/LC_MESSAGES/default.mo
AmoK DVD Shrinker/locale/de/LC_MESSAGES/default.po
AmoK DVD Shrinker/locale/en/LC_MESSAGES/default.mo
AmoK DVD Shrinker/locale/en/LC_MESSAGES/default.po

Sharing

General

Malware Config

Signatures

Files

41278e992cc8e04ddef34986e6232c15

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

comctl32

shell32

msimg32

Sections

CODE Size: 324KB - Virtual size: 1.9MB

.rsrc Size: 21KB - Virtual size: 24KB

400486ec59217459933dd3b2bcf1bac9

Headers

File Characteristics

Imports

kernel32

oleaut32

advapi32

user32

gdi32

version

ole32

comctl32

shell32

Sections

.text Size: 189KB - Virtual size: 1.3MB

.rsrc Size: 10KB - Virtual size: 12KB

b9dcba1196d96a992fd0002356a333d5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

shlwapi

oleacc

winspool.drv

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 336KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 4KB

CODE
Size: 324KB - Virtual size: 1.9MB

.rsrc
Size: 21KB - Virtual size: 24KB

.text
Size: 189KB - Virtual size: 1.3MB

.rsrc
Size: 10KB - Virtual size: 12KB

.text
Size: 118KB - Virtual size: 336KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 4KB