8da4c2b44a01480d04f912f4337aa0ef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8da4c2b44a01480d04f912f4337aa0ef_JaffaCakes118
Size

222KB
MD5

8da4c2b44a01480d04f912f4337aa0ef
SHA1

46ef73fe352b832e9454fee0de0825f2dcc9cbf4
SHA256

c30384916588120c59ac51b55fa8efbae59cbd46ebdc6c8487216a8d5a1cc9ec
SHA512

c671be25e725773d7e237c28caab2a4bc993088573d7fc7d956aa32412111b3b34abd6f73a780e6bc442e3ddcb99a42bd67d298687059d26c7fe98c61e3222ef
SSDEEP

6144:Ka0Ie+SCRIgEioeuHRd6NikaatVuarXNyAURLnEY:69+nKgESS6NtVuI93URrEY

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/FlawlesStoxiCation/FlawlesStoxiCation/E-F_YMSGLogin.dll	acprotect

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FlawlesStoxiCation/FlawlesStoxiCation/E-F_YMSGLogin.dll
unpack001/FlawlesStoxiCation/FlawlesStoxiCation/Flawless Toxication -- Re.Released.exe
unpack001/FlawlesStoxiCation/FlawlesStoxiCation/Zero Socket.ocx

Files

8da4c2b44a01480d04f912f4337aa0ef_JaffaCakes118
.rar
FlawlesStoxiCation/FlawlesStoxiCation/0.jpg
.jpg
FlawlesStoxiCation/FlawlesStoxiCation/E-F_YMSGLogin.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Explicit�Freaks�YMSG�Logins

Sections

��
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FlawlesStoxiCation/FlawlesStoxiCation/Flawless Toxication -- Re.Released.exe
.exe windows:4 windows x86 arch:x86

02ff08a28127e23622188a237cde938d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaR8FixI4
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
ord558
_adj_fdiv_m32
ord593
__vbaVarForInit
__vbaExitProc
ord594
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaRefVarAry
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaStrR8
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
__vbaInputFile
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
__vbaUbound
__vbaStrVarVal
ord534
__vbaVarCat
ord535
__vbaI2Var
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
__vbaInStr
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
__vbaFpI4
__vbaVarCopy
ord616
ord617
_CIatan
__vbaStrMove
__vbaCastObj
ord619
__vbaR8IntI4
__vbaStrVarCopy
_allmul
__vbaLateIdSt
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FlawlesStoxiCation/FlawlesStoxiCation/Names.txt
FlawlesStoxiCation/FlawlesStoxiCation/RICHTX32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

aaca01ab2cd35af160b8025e9dcfad9f

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

shell32

DragAcceptFiles
DragQueryFileA
DragFinish

oledlg

ord1

kernel32

GlobalUnlock
GetVersionExA
GlobalSize
GlobalLock
FindResourceA
GlobalAlloc
GlobalFree
GetLocaleInfoA
LoadResource
LockResource
GetModuleFileNameA
GetWindowsDirectoryA
HeapReAlloc
GetFileAttributesA
lstrcatA
lstrcpynA
DisableThreadLibraryCalls
GetProcAddress
GetVersion
GetAtomNameA
FindAtomA
AddAtomA
IsBadWritePtr
DeleteAtom
InterlockedIncrement
FreeLibrary
LoadLibraryA
InterlockedDecrement
GetProcessHeap
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
WriteFile
GetLastError
ReadFile
LeaveCriticalSection
CreateFileA
lstrcmpA
lstrcpyA
HeapAlloc
lstrlenA
HeapFree
WideCharToMultiByte
lstrlenW
SetFilePointer
MultiByteToWideChar
IsDBCSLeadByte
CloseHandle
lstrcmpiA

user32

SetCursorPos
ScreenToClient
GetClipboardFormatNameA
PeekMessageW
PostMessageW
PeekMessageA
RegisterWindowMessageA
IsDlgButtonChecked
SetDlgItemInt
SetDlgItemTextA
CheckDlgButton
ReleaseCapture
DefWindowProcA
LoadCursorA
SetCursor
CreateDialogIndirectParamA
MapWindowPoints
FillRect
GetDlgItemTextA
GetClientRect
InvalidateRect
ValidateRect
SetRect
GetSysColor
InflateRect
GetClassInfoA
TrackPopupMenu
GetWindow
GetWindowTextA
CharNextA
MessageBoxA
SendDlgItemMessageA
GetDlgItem
PostMessageA
IsChild
TranslateMessage
DispatchMessageA
IsWindowEnabled
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
BeginPaint
MoveWindow
SetFocus
IsWindowVisible
EndPaint
SetParent
ShowWindow
EnableMenuItem
DeleteMenu
EqualRect
SetWindowRgn
IntersectRect
GetWindowRect
OffsetRect
GetDlgItemInt
GetActiveWindow
SetWindowLongA
SetWindowPos
LoadMenuA
UnregisterClassA
DestroyWindow
DestroyMenu
GetSubMenu
RemoveMenu
GetParent
GetMenuItemCount
GetFocus
IsWindow
WindowFromDC
RegisterClassA
LoadStringA
RegisterClipboardFormatA
GetCapture
GetCursorPos
EnableWindow
EndDialog
wsprintfA
GetKeyState
MessageBeep
CallWindowProcA
GetDC
GetSystemMetrics
ReleaseDC
UpdateWindow
SendMessageA
DialogBoxParamA
GetWindowLongA
CreateWindowExA
ClientToScreen
PtInRect

ole32

DoDragDrop
RegisterDragDrop
CreateOleAdviseHolder
OleCreateFromFile
CLSIDFromProgID
OleCreate
OleSetContainedObject
StringFromCLSID
OleGetIconOfClass
CoGetMalloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSaveToStream
OleLoadFromStream
RevokeDragDrop
CoTaskMemRealloc
ReleaseStgMedium
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA

oleaut32

SafeArrayGetElement
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetLBound
VariantCopyInd
VariantCopy
SafeArrayUnaccessData
SetErrorInfo
OleCreatePropertyFrame
CreateErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
OleCreatePictureIndirect
LoadRegTypeLi
GetErrorInfo
OleCreateFontIndirect
SysAllocStringLen
OleLoadPicture
OleTranslateColor
SysStringLen
SysFreeString
VariantChangeType
VariantClear
SysAllocString
VariantInit
SafeArrayCopy

comdlg32

GetOpenFileNameA
CommDlgExtendedError

gdi32

GetNearestColor
CreateSolidBrush
DeleteObject
EnumFontFamiliesExA
CreatePalette
GetBitmapBits
StretchBlt
GetObjectA
SelectPalette
CreateDIBitmap
GetDIBits
GetPaletteEntries
RealizePalette
CreateBitmap
CopyEnhMetaFileA
GetStockObject
CreateDCA
LPtoDP
CopyMetaFileA
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
GetClipBox
SetWindowExtEx
SetBkColor
SelectObject
CreateCompatibleBitmap
SetViewportExtEx
DeleteDC
EndDoc
PatBlt
StartPage
StartDocA
EndPage
SetWindowOrgEx
SetViewportOrgEx
DPtoLP
CreateCompatibleDC
GetMapMode
CreateICA
GetObjectType
SetMapMode
GetDeviceCaps

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VBFrameworkMapClassObject

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlawlesStoxiCation/FlawlesStoxiCation/ReadMe.txt
FlawlesStoxiCation/FlawlesStoxiCation/Zero Socket.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

a9d39a7f7afa305f05f5a9806f69ae0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaAptOffset
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaError
__vbaBoolErrVar
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
ord558
__vbaVargVarCopy
_adj_fdiv_m32
__vbaAryDestruct
__vbaCyErrVar
ord592
__vbaExitProc
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
ord631
__vbaVargVarMove
__vbaVarCmpGt
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarTstEq
__vbaDateR8
ord561
__vbaI2I4
DllFunctionCall
ord563
_adj_fpatan
__vbaRedim
__vbaRecUniToAnsi
__vbaUI1ErrVar
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord606
__vbaR4ErrVar
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
__vbaFailedFriend
__vbaFPException
ord717
__vbaDateVar
ord644
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord101
ord102
ord103
__vbaVarCmpEq
ord104
ord105
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
ord616
__vbaVarCopy
_CIatan
__vbaCastObj
__vbaI2ErrVar
__vbaStrMove
ord619
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaI4ErrVar
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

���� Size: - Virtual size: 52KB

���� Size: 42KB - Virtual size: 44KB

.rsrc Size: 1KB - Virtual size: 4KB

02ff08a28127e23622188a237cde938d

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 112KB - Virtual size: 111KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

aaca01ab2cd35af160b8025e9dcfad9f

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1dCertificate

Extended Key Usages

Key Usages

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5cCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

shell32

oledlg

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 114KB - Virtual size: 113KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 7KB - Virtual size: 7KB

a9d39a7f7afa305f05f5a9806f69ae0b

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 50KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 4KB

��
Size: - Virtual size: 52KB

��
Size: 42KB - Virtual size: 44KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 111KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

.text
Size: 114KB - Virtual size: 113KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 52KB - Virtual size: 50KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 4KB