ac585d43742247e6a5456151d0dd8e5b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ac585d43742247e6a5456151d0dd8e5b_JaffaCakes118
Size

288KB
MD5

ac585d43742247e6a5456151d0dd8e5b
SHA1

ffdec5a283ee755c63dae98e5dce25831d281297
SHA256

4ae3717f6def419962e065200ba5301ce7d6ae24ab72b56a919dea16993ca636
SHA512

0a548b378c94c6a7805149ae404a284a10c284e11cf6659858972e1d17faa41fa9ee3278b29491c3179e813fdb0bc378fbc2bcb9010cc2cab77e911c9bfd7375
SSDEEP

6144:LKydm3Nzi6CO0LUsXEC/7ZNEUfYsB5oGJIfbdPcJ3XLw:Vm3diHEClNfblK1cBE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac585d43742247e6a5456151d0dd8e5b_JaffaCakes118

Files

ac585d43742247e6a5456151d0dd8e5b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9943a2a79569fd262f471513db7ca077

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord858
ord551
ord5710
ord4278
ord3337
ord3811
ord535
ord926
ord939
ord922
ord800
ord2818
ord540
ord823
ord941
ord860
ord4129
ord2764
ord537
ord539
ord6874
ord924
ord6663
ord6877
ord6662
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1200
ord6467
ord1578
ord2725
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord600
ord826
ord269
ord1255
ord3953
ord5572
ord4274
ord6375
ord4486
ord2554
ord825

msvcrt

vsprintf
memset
strcat
fclose
memcpy
__CxxFrameHandler
strcpy
strlen
_stricmp
_tzset
_strcmpi
memmove
_ftol
fseek
fprintf
sprintf
fopen
strcmp
atoi
??0exception@@QAE@ABV0@@Z
_CxxThrowException
toupper
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
free
_onexit
__dllonexit
_itoa
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
malloc
_strdate
_mbscmp

kernel32

CreateDirectoryA
OpenProcess
VirtualProtect
GetVolumeInformationA
GetCurrentProcessId
VirtualQuery
GetCurrentProcess
QueryPerformanceFrequency
GetSystemDirectoryA
lstrcmpA
CreateFileA
GetFileSize
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryExA
DeleteFileA
WaitForSingleObject
SetFilePointer
ReleaseMutex
CreateMutexA
QueryPerformanceCounter
FormatMessageA
lstrlenA
LocalAlloc
LocalFree
IsBadWritePtr
IsBadReadPtr
GetLastError
GetFileType
lstrlenW
WideCharToMultiByte
lstrcmpiA
GetModuleHandleA
GetModuleFileNameA
lstrcpyA
LoadLibraryA
GetProcAddress
FreeLibrary
ReadFile
CloseHandle
OutputDebugStringA

user32

GetMenuStringA
DefWindowProcA
wsprintfA
MessageBoxA
AppendMenuA
SetWindowLongA
GetClassNameA
GetWindowTextA
GetMenuItemCount
CallWindowProcA
GetForegroundWindow
GetPropA
EnableMenuItem
GetMenuItemID
SetPropA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

msvcp60

??_7out_of_range@std@@6B@
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z

shlwapi

PathFindExtensionA
PathFindFileNameA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

mk_lyric

?fnMediaSyncInitLyric@@YAXPAEPAK@Z
?fnMediaSyncCheckLyric@@YAEPAEK@Z
?fnMediaSyncFindLyric@@YAXPAEK0@Z
?g_bMediaHasLyric@@3DA
?fnMediaSyncFinalCheck@@YAEPAE@Z
?g_bIsLyric@@3EA
?g_dwLyricSize@@3KA
?g_bCheckInit@@3EA

madrm

MafxGetLicMgrPath

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9943a2a79569fd262f471513db7ca077

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

msvcp60

shlwapi

version

mk_lyric

madrm

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 12KB - Virtual size: 10KB