d3dc5c1e8fb6e67969dc959e7cac7a07_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d3dc5c1e8fb6e67969dc959e7cac7a07_JaffaCakes118
Size

40KB
MD5

d3dc5c1e8fb6e67969dc959e7cac7a07
SHA1

7805662f22dd79e64375053b55fed6d8716f9e62
SHA256

2a08027fab78c531618f0711e5a95f5d2f4d6f3f42438b0126e331426ac01f9e
SHA512

7580c2d8dfef596bfa26a2881384a9ca5a4f081da025f0637e2b70bb9f728c41c0583fedcd4bde3053cecc2f4fac88c593c95f6d0eea08c4483d293d622ac91d
SSDEEP

768:q+WMiihBeGpxEVBOhtyU8upT8tbFfYGM3wP7GesSsTK0Yc1SHGqL0KwZZ:DBkOK3OhtyU8up41pYGMgPnsSN0Yc1yY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3dc5c1e8fb6e67969dc959e7cac7a07_JaffaCakes118

Files

d3dc5c1e8fb6e67969dc959e7cac7a07_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9ccac41b90caa99d1e8e618d9dfb8d1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

acdb16

acrxSysRegistry
?isEqualTo@AcRxObject@@UBEHPBV1@@Z
?copyFrom@AcRxObject@@UAE?AW4ErrorStatus@Acad@@PBV1@@Z
?clone@AcRxObject@@UBEPAV1@XZ
?comparedTo@AcRxObject@@UBE?AW4Ordering@AcRx@@PBV1@@Z
??0AcRxObject@@IAE@XZ
?desc@AcRxDynamicLinker@@SAPAVAcRxClass@@XZ

acad.exe

?acDocManagerPtr@@YAPAVAcApDocManager@@XZ
adsw_acadMainWnd

acui16

?InitAcUiDLL@@YAXXZ

mfc70

ord2242
ord2237
ord2214
ord2216
ord2234
ord2026
ord2020
ord1377
ord5993
ord3610
ord5991
ord3152
ord4748
ord1234
ord4954
ord1814
ord1508
ord1507
ord1451
ord4972
ord2356
ord2223
ord2648
ord4088
ord2529
ord2675
ord2359
ord2463
ord2352
ord3522
ord3523
ord3513
ord2461
ord3751
ord4267
ord4043
ord559
ord546
ord316
ord302
ord1307
ord2561
ord3735
ord2132
ord917
ord4361
ord5007
ord5005
ord2219
ord2229
ord2227
ord2225
ord2221
ord2244
ord2232
ord2239
ord823
ord819
ord821
ord817
ord812
ord5714
ord1452
ord4063
ord4503
ord3208
ord3966
ord5989
ord4854
ord1760
ord4933
ord4025
ord1272
ord3748
ord1469
ord1472
ord5666
ord1403
ord1522
ord1523
ord1870
ord4671
ord4516
ord3993
ord4958
ord1755
ord5470
ord5757
ord256
ord257
ord4975
ord3246
ord3445
ord2201
ord332
ord2124
ord572
ord982
ord957
ord1066
ord990
ord317
ord977
ord703
ord705
ord1077
ord1081
ord2546

msvcr70

_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
atoi
atol
_mbsrchr
free
malloc
_adjust_fdiv
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memmove
vsprintf
_vscprintf
__CxxFrameHandler
_mbscmp
_mbsstr
?terminate@@YAXXZ
_mbschr
_except_handler3

kernel32

GetTickCount
Sleep
CreateProcessA
WideCharToMultiByte
FindResourceA
LoadResource
GetSystemTime
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
DeleteFileA
WinExec
RemoveDirectoryA
SetFileAttributesA
CloseHandle
SetFileTime
WriteFile
SetFilePointer
CreateFileA
GetFileTime
CopyFileA
ReadFile
GetFileSize
GetDriveTypeA
GetLogicalDriveStringsA
GetTempPathA
GetSystemDirectoryA
WaitForSingleObject
GetExitCodeThread
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LockResource
ResumeThread

user32

EnableWindow
PostMessageA
PeekMessageA
SetCursorPos
mouse_event
GetWindowRect
GetParent
GetWindowTextA
KillTimer
GetSystemMetrics
GetCursorPos
InflateRect
PtInRect
WindowFromPoint
SetTimer

advapi32

RegQueryValueExA
OpenSCManagerA
OpenServiceA
RegSetValueExA
RegCloseKey
QueryServiceStatus
CloseServiceHandle
RegCreateKeyA

urlmon

URLDownloadToCacheFileA

wininet

FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry

msvcp70

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

Exports

Exports

acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ccac41b90caa99d1e8e618d9dfb8d1b

Headers

File Characteristics

Imports

acdb16

acad.exe

acui16

mfc70

msvcr70

kernel32

user32

advapi32

urlmon

wininet

msvcp70

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 916B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 916B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB