dc2379b8548e59b0fcc6c8bdb1d81c79_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dc2379b8548e59b0fcc6c8bdb1d81c79_JaffaCakes118
Size

357KB
MD5

dc2379b8548e59b0fcc6c8bdb1d81c79
SHA1

0df1ad04c76534002d7444143b412dfd80ff07dd
SHA256

44b2aaa26ccfd5caedac1394cb1723c37a03eb85d30530f3e189fbe019dd6763
SHA512

c0d0dc3ddc45d9dfde7ecbd19f2aae5f2105ee826b2d2f4c0596f7547b4e1b0cde710845b9649350054e62f08815a9d6abf9c0ac9060c0b7ff74ec354ca90fc4
SSDEEP

6144:z7wQulKxgZXm892D13ZRy6DRDI9JJ/d323Lqz5nZxzs8dNHkpTW0eJgP2j:z8QUKSN9yl3LqNDg88pTWrKPk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc2379b8548e59b0fcc6c8bdb1d81c79_JaffaCakes118

Files

dc2379b8548e59b0fcc6c8bdb1d81c79_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

6fc0c06779c35df4cda65cfed2c452b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dxtrans.pdb

Imports

advapi32

RegCloseKey

atl

ord30
ord32
ord15
ord23
ord22
ord16
ord21
ord18

gdi32

BitBlt
DeleteObject
GetGlyphOutlineW
GetKerningPairsW
SelectObject
CreateCompatibleDC
EndPath
PolyBezierTo
MoveToEx
BeginPath
FillPath
StrokePath
StrokeAndFillPath
SetPolyFillMode
CreateBrushIndirect
ExtCreatePen
GetPaletteEntries
StretchBlt
SetMapMode
DeleteDC
LineTo

kernel32

ExitThread
GetQueuedCompletionStatus
ResetEvent
CreateThread
CreateIoCompletionPort
GetSystemInfo
GetVersionExW
FreeLibrary
GetProcessHeap
SetEvent
PostQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
GetProcAddress
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
IsBadReadPtr
IsBadWritePtr
GetLastError
LeaveCriticalSection
EnterCriticalSection
QueueUserAPC
HeapFree
HeapAlloc
ReleaseSemaphore
WaitForSingleObject
GetCurrentThread
IsBadCodePtr
GetCurrentProcess
CloseHandle
GetCurrentThreadId

msvcrt

_purecall
realloc
malloc
free
_except_handler3
_ftol
atol
floor
wcsncpy
wcschr
iswspace
wcslen
ceil
__dllonexit
_adjust_fdiv
_initterm
_onexit

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CreateFileMoniker
CreateBindCtx
CoCreateFreeThreadedMarshaler
CoInitialize
CoUninitialize

oleaut32

VariantChangeTypeEx
LoadRegTypeLi
VariantChangeType
SysAllocString
VariantCopy
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
UnRegisterTypeLi
SetErrorInfo

shlwapi

PathFindFileNameW
StrCmpIW
StrCpyNW
StrCmpNIW
ord107
ord125
ord51
ord80
ord307
ord309
ord73
ord53
ord84
ord93
ord436
ord435
ord33
ord25
SHRegGetValueW
ord158

urlmon

CompatFlagsFromClsid

user32

SetRect
FrameRect
GetDesktopWindow
GetDC
ReleaseDC
IntersectRect
LoadStringA

Exports

Exports

?DXConstOverArray@@YGXPAVDXPMSAMPLE@@ABV1@K@Z
?DXConstUnderArray@@YGXPAVDXPMSAMPLE@@ABV1@K@Z
?DXDitherArray@@YGXPBUDXDITHERDESC@@@Z
?DXLinearInterpolateArray@@YGXPBVDXBASESAMPLE@@PAUDXLIMAPINFO@@PAV1@K@Z
?DXOverArray@@YGXPAVDXPMSAMPLE@@PBV1@K@Z
?DXOverArrayMMX@@YGXPAVDXPMSAMPLE@@PBV1@K@Z
DllCanUnloadNow
DllEnumClassObjects
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 157KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6fc0c06779c35df4cda65cfed2c452b8

Headers

File Characteristics

PDB Paths

Imports

advapi32

atl

gdi32

kernel32

msvcrt

ole32

oleaut32

shlwapi

urlmon

user32

Exports

Exports

Sections

.text Size: 149KB - Virtual size: 149KB

.data Size: 9KB - Virtual size: 14KB

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 6KB - Virtual size: 5KB

.text Size: 157KB - Virtual size: 160KB

.text
Size: 149KB - Virtual size: 149KB

.data
Size: 9KB - Virtual size: 14KB

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 157KB - Virtual size: 160KB