cf7bb6c807ebf0f4b6388f3b5dc1fd2e_JaffaCakes118

General

Target

cf7bb6c807ebf0f4b6388f3b5dc1fd2e_JaffaCakes118
Size

1.1MB
MD5

cf7bb6c807ebf0f4b6388f3b5dc1fd2e
SHA1

c6c1cb0543796d26c201868a8bf8b67abca3e021
SHA256

c1804cdf339acd28761d7ac390648225cb6fddbc114bfa3debe668bc87bebf97
SHA512

e3d71843b01e5d37693ccb49f3b363c041d1ff5bf25c114b6b257c7a542dc77102873cf61e13dc722bc4c60dd9c53680db711825808088aa337603ee25702041
SSDEEP

24576:6BGd2d693IDZg039U5ZtUFOoWoMESbhXr2OJmYo0ybmwqQxYR:6Bw2893In36GF4XESVr26mYo0E5qQxc

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/cl264dec.ax	acprotect
static1/unpack001/cldabc.dll	acprotect
static1/unpack001/cldabcd.dll	acprotect

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cl264dec.ax
unpack001/cldabc.dll
unpack001/cldabcd.dll

Files

cf7bb6c807ebf0f4b6388f3b5dc1fd2e_JaffaCakes118
.zip
cl264dec.ax
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.packed
Size: - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cldabc.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CreateCNonrefdecInstance
CreateIFMTdec
CreateMSMTdec
CreateVideoDecoder
DecodeIFMT
DecodeMSMT
DecodeNonref
IsDllUsing
ReleaseCNonrefdecInstance
ReleaseIFMTdec
ReleaseMSMTdec
ResetCNonrefdecInstance
SetDeocderInstanceIndex

Sections

.packed
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 476KB - Virtual size: 476KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cldabcd.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CreateCNonrefdecInstance
CreateIFMTdec
CreateMSMTdec
CreateVideoDecoder
DecodeIFMT
DecodeMSMT
DecodeNonref
IsDllUsing
ReleaseCNonrefdecInstance
ReleaseIFMTdec
ReleaseMSMTdec
ResetCNonrefdecInstance
SetDeocderInstanceIndex

Sections

.packed
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 482KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.packed Size: - Virtual size: 516KB

.rsrc Size: 219KB - Virtual size: 219KB

Headers

File Characteristics

Exports

Exports

Sections

.packed Size: - Virtual size: 3.5MB

.rsrc Size: 476KB - Virtual size: 476KB

Headers

File Characteristics

Exports

Exports

Sections

.packed Size: - Virtual size: 3.5MB

.rsrc Size: 482KB - Virtual size: 482KB

.packed
Size: - Virtual size: 516KB

.rsrc
Size: 219KB - Virtual size: 219KB

.packed
Size: - Virtual size: 3.5MB

.rsrc
Size: 476KB - Virtual size: 476KB

.packed
Size: - Virtual size: 3.5MB

.rsrc
Size: 482KB - Virtual size: 482KB