86cd798d6f26e9488805502d8c1a2188_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

86cd798d6f26e9488805502d8c1a2188_JaffaCakes118
Size

254KB
MD5

86cd798d6f26e9488805502d8c1a2188
SHA1

79add4b05531af6c8d063c9864d861652661f8ce
SHA256

78053d715109393db7a7613d95190a596d6864df9d7b9ee709a592ff35253f3f
SHA512

cac307b391add63e8a33958e53600c0321d82b4fb4adc26ed189ec91940fe954250b36f8ed1aa580a2b2734833aa839b21ea9981139f49bca1013e105b7df045
SSDEEP

6144:PRipMOmS+RM5VZ9O1Jly1/nZ3zquHgsOz86ca+Gsd4xzQfuZ:PRipMOpTFPBdgsO3ca+G20zD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86cd798d6f26e9488805502d8c1a2188_JaffaCakes118

Files

86cd798d6f26e9488805502d8c1a2188_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

def9cae2a54eb017e89d20c8e6181675

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Works\Kies\Kies 1.5.3\Output\Release(x86)\Program Files\Kies\MP3FileInfoCOM.pdb

Imports

id3lib

?RenderID3V2@ID3_Tag@@QAEPADAAI@Z
?GetPrependedBytes@ID3_Tag@@QBEIXZ
?GetFileSize@ID3_Tag@@QBEIXZ
?GetAppendedBytes@ID3_Tag@@QBEIXZ
?ID3_FreeBuffer@ID3_Tag@@QAEXPAD@Z
??1ID3_Frame@@UAE@XZ
??0ID3_Frame@@QAE@W4ID3_FrameID@@@Z
?AttachFrame@ID3_Tag@@QAE_NPAVID3_Frame@@@Z
?RemoveFrame@ID3_Tag@@QAEPAVID3_Frame@@PBV2@@Z
?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@W4ID3_FieldID@@PBD@Z
?Field@ID3_Frame@@QBEAAVID3_Field@@W4ID3_FieldID@@@Z
?GetField@ID3_Frame@@QBEPAVID3_Field@@W4ID3_FieldID@@@Z
?Size@ID3_Tag@@QBEIXZ
?MyParse@ID3_Tag@@QAEIPBEIPB_WIG@Z
??1ID3_Tag@@UAE@XZ
?Parse@ID3_Tag@@QAEIPBEI@Z
??0ID3_Tag@@QAE@PBD@Z
?Clear@ID3_Tag@@QAEXXZ
?HasTagType@ID3_Tag@@QBE_NW4ID3_TagType@@@Z
?HasChanged@ID3_Tag@@QBE_NXZ
?SetSpec@ID3_Tag@@QAE_NW4ID3_V2Spec@@@Z
?GetSpec@ID3_Tag@@QBE?AW4ID3_V2Spec@@XZ
?Find@ID3_Tag@@QBEPAVID3_Frame@@W4ID3_FrameID@@@Z

mfc90u

ord3217
ord5674
ord5676
ord4347
ord4996
ord5680
ord5663
ord6018
ord2771
ord2983
ord3112
ord4728
ord2966
ord3115
ord2774
ord2893
ord2087
ord4080
ord4081
ord4071
ord2891
ord4348
ord4905
ord4681
ord3670
ord589
ord4043
ord1254
ord1250
ord1248
ord801
ord4213
ord5830
ord6741
ord5548
ord1048
ord4179
ord6035
ord2206
ord2251
ord4747
ord6803
ord4173
ord6801
ord4423
ord4448
ord794
ord4211
ord2447
ord266
ord1088
ord1092
ord802
ord322
ord321
ord600
ord814
ord296
ord799
ord280
ord6687
ord2537
ord2326
ord265
ord290
ord811
ord4519
ord909
ord2676
ord2478
ord6013
ord2694
ord3185
ord4324
ord601
ord2539
ord316
ord819
ord5886
ord758
ord5979
ord554
ord286
ord2695
ord2084
ord813
ord3728
ord4235
ord1041
ord2764
ord605
ord1274
ord1241
ord1239
ord1264
ord1180
ord1233
ord391
ord1152
ord1273
ord1271
ord1145
ord1076
ord1137
ord404

msvcr90

_CxxThrowException
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_CRT_RTC_INITW
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
_except_handler4_common
_purecall
wprintf
wcscpy_s
memcpy
printf
_strnicmp
isdigit
atoi
iswdigit
_wtoi
strncmp
_localtime64_s
memset
memcpy_s
_wcsnicmp
__CxxFrameHandler3
free
sprintf_s
wcsncpy_s

kernel32

Sleep
VirtualQuery
HeapAlloc
FreeLibrary
LoadLibraryA
DebugBreak
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
RaiseException
InterlockedExchange
LocalAlloc
LocalFree
GetProcessHeap
HeapFree
GetModuleFileNameW
lstrlenW
SetEndOfFile
SetFilePointer
WriteFile
WideCharToMultiByte
CreateFileW
GetLastError
ReadFile
CloseHandle
MultiByteToWideChar
GetThreadLocale
SetThreadLocale
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection

user32

wsprintfW
CharNextW

ole32

CoCreateInstance
CoTaskMemAlloc

oleaut32

SafeArrayGetDim
RegisterTypeLi
SafeArrayGetVartype
SafeArrayCopy
VariantClear
SysAllocString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnlock
SafeArrayLock
SysStringLen
SysFreeString
LoadTypeLi
LoadRegTypeLi
SafeArrayCreate
SafeArrayRedim
SafeArrayDestroy
SafeArrayGetElement
UnRegisterTypeLi

atl90

ord61
ord31
ord58
ord32
ord67
ord64
ord23
ord15
ord49
ord56
ord68

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 164KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

def9cae2a54eb017e89d20c8e6181675

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

id3lib

mfc90u

msvcr90

kernel32

user32

ole32

oleaut32

atl90

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 6KB - Virtual size: 5KB

.text Size: 164KB - Virtual size: 168KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 164KB - Virtual size: 168KB