a25330acafd230005a6f7f8d7c5110b8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a25330acafd230005a6f7f8d7c5110b8_JaffaCakes118
Size

3.5MB
MD5

a25330acafd230005a6f7f8d7c5110b8
SHA1

ab318d61b8befc26f8e0d1acbc5ebb9e717273b5
SHA256

40b41fc55f80277936e0d7afb17b84382b6ed805369a789989187274d4e4d9b3
SHA512

a2094fa5072559035d6a2a016f9d61cf7515830a4f56cec6dcc89005d50382bc0fb23b2fa60bc7c2c02feffdfa5c9caaee264507fa52f14c4f6e688b409de70b
SSDEEP

49152:ocD03QmKka3ANmnlPesf0rIFA+qge6GIz1QlroeafKBZDAW1SvNTJqRlM:+3dKkawNE2sf0rIFAt36G65W1lRm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a25330acafd230005a6f7f8d7c5110b8_JaffaCakes118

Files

a25330acafd230005a6f7f8d7c5110b8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

28b8d63a90797a2582213cb9b79e3cdf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\flashfarm\depot\main\player\branches\FlashPlayer\FlashPlayer9_Flacrobat\platform\win32\external\Release\authplay.pdb

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

winmm

timeBeginPeriod
timeGetDevCaps
waveInGetDevCapsA
waveOutGetNumDevs
waveInGetNumDevs
waveOutGetDevCapsA
waveInAddBuffer
waveInStop
waveInClose
waveInUnprepareHeader
waveInReset
waveInPrepareHeader
waveInOpen
waveOutPrepareHeader
waveOutWrite
waveOutGetPosition
waveOutReset
waveOutUnprepareHeader
waveOutClose
waveOutOpen
waveInStart
timeGetTime
timeKillEvent
timeSetEvent
timeEndPeriod

wininet

HttpQueryInfoA

crypt32

CryptGetMessageCertificates
CertCreateCertificateContext
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CertFreeCertificateContext
CertCloseStore
CryptVerifyMessageSignature

rpcrt4

RpcStringFreeA
UuidToStringA

kernel32

CreateFileA
CreateFileW
GetLastError
GetProcAddress
LoadLibraryA
ReadFile
ExitThread
CreateThread
SizeofResource
SetErrorMode
GetCurrentThreadId
GetTickCount
LCMapStringA
LCMapStringW
CreateProcessA
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
lstrlenW
FreeLibrary
GetSystemDefaultLangID
MoveFileA
DeleteFileA
GetFileAttributesA
VirtualQuery
GetSystemInfo
GetUserDefaultLangID
GetFileAttributesW
WriteFile
FindResourceExW
GlobalAlloc
SetUnhandledExceptionFilter
GetTempPathA
GetCurrentProcess
GetCurrentProcessId
FindClose
FindNextFileA
FindFirstFileA
GetTimeZoneInformation
GetFileSize
SystemTimeToFileTime
CreateDirectoryA
CreateMutexA
GetFileAttributesExA
GetCurrentDirectoryA
SetCurrentDirectoryA
RemoveDirectoryA
GetTempFileNameA
GetSystemDirectoryA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
UnmapViewOfFile
WaitForSingleObject
ReleaseMutex
MapViewOfFile
CreateFileMappingA
TerminateThread
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalLock
IsDBCSLeadByteEx
GetCPInfo
IsDBCSLeadByte
SetThreadAffinityMask
GetCurrentThread
GetProcessTimes
CreateEventA
SetEvent
ResetEvent
SetThreadPriority
WaitForMultipleObjects
ReleaseSemaphore
VirtualFree
CreateSemaphoreA
VirtualAlloc
GetModuleHandleA
GetThreadPriority
SetFilePointer
CloseHandle
GlobalFree
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
FindResourceExA
FindResourceA
LoadResource
LockResource
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetProcessHeap
HeapFree
VirtualProtect
RtlUnwind
ExitProcess
GetLocaleInfoA
GetACP
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
InterlockedCompareExchange
Sleep
HeapReAlloc
TerminateProcess
HeapSize
SetLastError
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetOEMCP
GetStdHandle
SetStdHandle
FlushFileBuffers
GetSystemTime

user32

RegisterWindowMessageA
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
RegisterClipboardFormatA
MapVirtualKeyA
GetKeyState
FillRect
ReleaseDC
GetForegroundWindow
WaitForInputIdle
MessageBoxA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
GetParent
GetDesktopWindow
SetWindowPos
LoadIconA
SendMessageA
GetDC
SetWindowTextA
GetMenuItemCount
GetMenuItemInfoA
GetSystemMetrics
DialogBoxParamW
DialogBoxParamA
GetDlgItem
GetWindowRect
EndDialog
SetFocus
GetWindowInfo
CopyRect
EmptyClipboard
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
SendInput
GetKeyboardLayout
SetTimer
PostMessageA
CreateWindowExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
WindowFromPoint
GetFocus
GetCursorPos
ScreenToClient
GetClientRect
SystemParametersInfoA
GetMenuItemID
DeleteMenu
ClientToScreen
TrackPopupMenu
LoadCursorA
SetCursor
IsWindow
DestroyWindow
LoadStringA
PeekMessageA
DispatchMessageA
MsgWaitForMultipleObjects
GetQueueStatus
PostThreadMessageA
InsertMenuItemA
GetDoubleClickTime
GetSubMenu
DestroyMenu
EnableMenuItem
CheckMenuItem
LoadMenuIndirectA
KillTimer
SetClipboardData
DdeInitializeA
OpenClipboard
TranslateMessage

gdi32

GetTextExtentPoint32W
GetCurrentObject
SetBkColor
GetBkColor
LineTo
MoveToEx
CreatePen
GetTextExtentPoint32A
CreatePalette
GetDeviceCaps
StartDocA
EndDoc
CreateSolidBrush
StrokePath
GetTextAlign
FillPath
RestoreDC
StretchDIBits
SelectClipPath
SaveDC
StartPage
DPtoLP
CreateRectRgn
GetClipRgn
SetTextCharacterExtra
EnumFontFamiliesA
GetTextColor
LPtoDP
GetBkMode
DeleteDC
GetObjectA
CreateDIBSection
EndPage
BeginPath
EndPath
SetPolyFillMode
PolyBezierTo
GdiFlush
GetTextMetricsA
SetTextColor
ExtTextOutW
ExtTextOutA
SelectClipRgn
IntersectClipRect
ExtCreatePen
SetBkMode
DeleteObject
CreateFontIndirectA
GetStockObject
SelectObject
CreateCompatibleDC
SetTextAlign

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA
PrintDlgA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHAppBarMessage
SHBrowseForFolderA

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoFreeUnusedLibraries
CoTaskMemAlloc
CoCreateInstance

oleaut32

RegisterTypeLi
UnRegisterTypeLi
SysStringLen
SysFreeString
SysAllocString
LoadRegTypeLi
LoadTypeLi

ws2_32

WSACleanup
closesocket
WSAAsyncSelect
WSAGetLastError
WSAIoctl
ntohl
ioctlsocket
select
gethostname
WSAAddressToStringA
recvfrom
connect
getsockname
setsockopt
sendto
send
recv
WSASetLastError
ntohs
getservbyport
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
inet_addr
WSAStartup
WSASocketA
socket

Exports

Exports

DllRegisterServer
DllUnregisterServer
ExternalPlayer_Initialize
FPP_SetCrashLoggerEnabled
pcre_callout
pcre_compile
pcre_compile2
pcre_exec
pcre_free
pcre_fullinfo
pcre_malloc
pcre_stack_free
pcre_stack_malloc

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 436KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

28b8d63a90797a2582213cb9b79e3cdf

Headers

File Characteristics

PDB Paths

Imports

version

winmm

wininet

crypt32

rpcrt4

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 436KB - Virtual size: 434KB

.data Size: 208KB - Virtual size: 1.0MB

.rodata Size: 4KB - Virtual size: 192B

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 92KB - Virtual size: 89KB

.text Size: 108KB - Virtual size: 108KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 436KB - Virtual size: 434KB

.data
Size: 208KB - Virtual size: 1.0MB

.rodata
Size: 4KB - Virtual size: 192B

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 92KB - Virtual size: 89KB

.text
Size: 108KB - Virtual size: 108KB