130e3f04d71453094c266b0255bac667_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

130e3f04d71453094c266b0255bac667_JaffaCakes118
Size

348KB
MD5

130e3f04d71453094c266b0255bac667
SHA1

8c869951eae88d2221b580896ffe200d4b780bda
SHA256

67e728c0f871fefc3845d1eb4e421c019698c5a9d36b37f6a09bd52c9d328d61
SHA512

1f5b2e2eb694b6d4ec558c579d3ce6fe2e526c7c9a864747b107a31c0b6417c535a3526dd0728baae41b9285fcc2cb29f2d95a4dd9a2b35098ff3d2fff723633
SSDEEP

6144:TiFx6IWiTxp9aYwY4+ghSFHPdmkNYlxxtskzJmI2Ol0kJjQqs:TigmxpYGjgSQkSxxt/JU6Qq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
130e3f04d71453094c266b0255bac667_JaffaCakes118

Files

130e3f04d71453094c266b0255bac667_JaffaCakes118
.dll windows:4 windows x86 arch:x86

add5bb866d27bdded171e3e14ed1539e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\src\rpflashplayer\rel32\rpflashplayer.pdb

Imports

ole32

OleUninitialize
OleInitialize
StringFromCLSID
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
CoInitialize
CoCreateInstance
CoUninitialize

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegDeleteValueA

user32

PostMessageA
CharPrevA
GetSystemMetrics
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
CreateAcceleratorTableA
CharNextA
GetParent
GetClassNameA
RedrawWindow
SetFocus
GetFocus
IsChild
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
GetClientRect
FillRect
SetCapture
ReleaseCapture
GetSysColor
CallWindowProcA
SetWindowPos
ShowWindow
PostThreadMessageA
GetMessageA
DispatchMessageA
TranslateMessage
SendMessageA
GetDlgItem
RegisterClassA
CreateWindowExA
GetWindowLongA
DefWindowProcA
IsWindow
SetWindowLongA
DestroyWindow
UnregisterClassA
KillTimer
SetTimer
LoadStringA

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Nomemory@std@@YAXXZ

msvcr71

_except_handler3
??_V@YAXPAX@Z
free
malloc
_resetstkoflw
_wtof
_ltow
_wtoi
_itow
realloc
strchr
fread
strrchr
strncmp
_mbctype
strncpy
_ismbcspace
atol
_vsnprintf
memmove
_stricmp
time
isspace
strtok
_strdup
_strcmpi
fscanf
toupper
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_callnewh
__security_error_handler
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_adjust_fdiv
__CppXcptFilter
_CxxThrowException
_purecall
strstr
??3@YAXPAX@Z
__CxxFrameHandler
vfprintf
sprintf
atoi
fopen
fclose
_putenv
_strnicmp
memset
printf
isdigit
atof

oleaut32

GetErrorInfo
DispCallFunc
VarUI4FromStr
VariantInit
VariantClear
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen

kernel32

LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetModuleHandleA
InterlockedDecrement
DisableThreadLibraryCalls
SetErrorMode
InterlockedIncrement
LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
GetModuleHandleExA
GetVersionExA
LoadLibraryA
GetProcAddress
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
lstrcmpA
GlobalAlloc
GlobalLock
GlobalUnlock
HeapAlloc
GetCurrentProcess
FlushInstructionCache
MulDiv
GetLastError
lstrlenW
GetModuleFileNameA
lstrlenA
CreateThread
WaitForSingleObject
CloseHandle
SetEvent
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
HeapFree
GetProcessHeap
CreateEventA

gdi32

GetObjectA
GetDeviceCaps
BitBlt
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
DeleteDC
SelectObject
GetStockObject

Exports

Exports

RMACreateInstance
RMAShutdown
SetDLLAccessPath

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

add5bb866d27bdded171e3e14ed1539e

Headers

File Characteristics

PDB Paths

Imports

ole32

advapi32

user32

msvcp71

msvcr71

oleaut32

kernel32

gdi32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 125KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 172KB - Virtual size: 171KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 128KB - Virtual size: 125KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 172KB - Virtual size: 171KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB