a5fb450f0666e2809f642b52ebfbded4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a5fb450f0666e2809f642b52ebfbded4_JaffaCakes118
Size

60KB
MD5

a5fb450f0666e2809f642b52ebfbded4
SHA1

40273a937f08d640a28dbfb231ab5fa63da2a335
SHA256

fd0f494773e37faf6ceaf3510d8e516a044f8214df0d1e3ca2a2f7abfb2ee296
SHA512

0193e9d2cb73f1dd8e141855e2377a58280dc8ddb88e679364190e53cc6685c409cd2812e0aa17807395cb8fda95e7fa620327e6c7a651b9684cb2bd167c9be1
SSDEEP

1536:uERN3vANW+jroT8zpTGgnzW4nfyGZAX6n2R3GpAy:V0roT8zpTGgnzF2qnC2pAy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5fb450f0666e2809f642b52ebfbded4_JaffaCakes118

Files

a5fb450f0666e2809f642b52ebfbded4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9fbd644aeaacbb7818563ded2220129b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

acdb16

??0AcRxObject@@IAE@XZ
acrxSysRegistry
?copyFrom@AcRxObject@@UAE?AW4ErrorStatus@Acad@@PBV1@@Z
?clone@AcRxObject@@UBEPAV1@XZ
?comparedTo@AcRxObject@@UBE?AW4Ordering@AcRx@@PBV1@@Z
?isEqualTo@AcRxObject@@UBEHPBV1@@Z
?desc@AcRxDynamicLinker@@SAPAVAcRxClass@@XZ

acad.exe

?acDocManagerPtr@@YAPAVAcApDocManager@@XZ
adsw_acadMainWnd

acui16

?InitAcUiDLL@@YAXXZ

mfc70

ord1234
ord4954
ord1814
ord1508
ord1507
ord1451
ord4972
ord2356
ord2546
ord2648
ord4088
ord2529
ord4748
ord2359
ord2463
ord2352
ord3522
ord3523
ord3513
ord2461
ord3751
ord4267
ord4043
ord559
ord546
ord316
ord302
ord4361
ord5007
ord5005
ord2219
ord2229
ord2227
ord2225
ord2221
ord2244
ord2232
ord3152
ord5991
ord3610
ord5993
ord1377
ord2020
ord2026
ord2234
ord2216
ord2214
ord2237
ord2242
ord2223
ord2239
ord823
ord819
ord821
ord817
ord812
ord5714
ord1452
ord4063
ord4503
ord3208
ord3966
ord5989
ord4854
ord1760
ord4933
ord4025
ord1272
ord3748
ord1469
ord1472
ord5666
ord1403
ord1522
ord1523
ord1870
ord4671
ord4516
ord3993
ord4958
ord917
ord2132
ord3735
ord2561
ord1307
ord1755
ord5470
ord5757
ord256
ord257
ord4975
ord3246
ord3445
ord2201
ord332
ord2124
ord572
ord982
ord957
ord1066
ord990
ord317
ord977
ord703
ord705
ord1077
ord1081
ord2675

msvcr70

_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
atoi
atol
_mbslwr
_mbsrchr
_mbsinc
free
_adjust_fdiv
_mbschr
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memmove
vsprintf
_vscprintf
__CxxFrameHandler
_mbscmp
_mbsstr
?terminate@@YAXXZ
malloc
_except_handler3

kernel32

RemoveDirectoryA
WinExec
DeleteFileA
ResumeThread
GetCurrentProcess
GetLastError
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetSystemTime
lstrcmpiA
SetFileAttributesA
GetTickCount
Sleep
CreateProcessA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetModuleHandleA
CopyFileA
ReadFile
GetFileSize
VirtualFreeEx
WriteProcessMemory
ReadProcessMemory
VirtualAllocEx
OpenProcess
GetSystemDirectoryA
GetDriveTypeA
GetLogicalDriveStringsA
GetTempPathA
TerminateProcess
WaitForSingleObject
GetExitCodeThread
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFileTime
WriteFile
SetFilePointer
CreateFileA
GetFileTime
GetProcAddress

user32

ClientToScreen
SendMessageA
GetWindowThreadProcessId
PeekMessageA
SetCursorPos
GetParent
GetWindowTextA
WindowFromPoint
GetWindowRect
mouse_event
GetSystemMetrics
GetCursorPos
EnableWindow
KillTimer
SetTimer
ExitWindowsEx
FindWindowA
FindWindowExA
InflateRect
PtInRect
ScreenToClient
PostMessageA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegSetValueExA
RegCloseKey
CloseServiceHandle
OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
QueryServiceStatus
OpenServiceA
RegCreateKeyA

urlmon

URLDownloadToCacheFileA

wininet

FindFirstUrlCacheEntryA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
FindNextUrlCacheEntryA
DeleteUrlCacheEntry

msvcp70

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

Exports

Exports

acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fbd644aeaacbb7818563ded2220129b

Headers

File Characteristics

Imports

acdb16

acad.exe

acui16

mfc70

msvcr70

kernel32

user32

advapi32

urlmon

wininet

msvcp70

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 924B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 924B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB