24df0f500fc08799d865df64b76ea449_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

24df0f500fc08799d865df64b76ea449_JaffaCakes118
Size

132KB
MD5

24df0f500fc08799d865df64b76ea449
SHA1

635fa4829d6eade588b123ddf92f6840bfe48678
SHA256

6f4813863dadacf3971f073df929b0735cd5fd0ca67e6bbaa2ed15f900be2b95
SHA512

88a271c6fe339ab5a265bef46ab8cb0ef9ac5bdf3375b7876f2449ce725e74487ee5fc0cf2a8b57388a93e5a57b8fc3bda8a3cb8f8813b0c46ecf78f08a04d99
SSDEEP

1536:ji3n/RT9LmhyX4dz8Mc4VbEVbpa/IwFk9bhTAGBsnArVin70k9TLJkt+n8AI:u3b4gMc4VbEVbpaoHA/ArV27vRs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24df0f500fc08799d865df64b76ea449_JaffaCakes118

Files

24df0f500fc08799d865df64b76ea449_JaffaCakes118
.dll windows:4 windows x86 arch:x86

658981525c8fbd2e973bf024ec38238c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

fpi32

ord21
ord30
ord31
ord40
ord69
ord48
ord29
ord16
ord2
ord73
ord83
ord72
ord32
ord3
ord78
ord11
ord49

vic32

ord84
ord11
ord3
ord26
ord184
ord173

translator

?Translate@CTranslator@@QAE?AVCString@@I@Z
?GetString@CTranslator@@QAE?AVCString@@PBG0@Z
?Translate@CTranslator@@QAE?AVCString@@PBGH0@Z
?GetTranslator@@YAPAVCTranslator@@XZ

mfc42u

ord1720
ord5059
ord2438
ord2116
ord3744
ord5257
ord2977
ord5273
ord3254
ord4459
ord3131
ord3257
ord2980
ord3142
ord2971
ord3825
ord3826
ord3076
ord3074
ord4075
ord4621
ord4419
ord609
ord783
ord795
ord800
ord540
ord2293
ord3820
ord2294
ord1197
ord823
ord2637
ord6597
ord6195
ord6330
ord2359
ord825
ord4370
ord4847
ord2910
ord2745
ord755
ord640
ord2746
ord6153
ord323
ord470
ord942
ord858
ord925
ord538
ord4688
ord3568
ord3621
ord3658
ord2406
ord1634
ord6193
ord3566
ord1633
ord5781
ord2854
ord2859
ord2371
ord6051
ord1768
ord5157
ord5286
ord3397
ord4418
ord3716
ord567
ord2640
ord6372
ord3569
ord3706
ord703
ord542
ord802
ord879
ord882
ord1863
ord5456
ord861
ord6567
ord2793
ord2732
ord1165
ord1248
ord342
ord1179
ord860
ord403
ord603
ord1961
ord273
ord2446
ord4073
ord3457
ord4200
ord5445
ord6396
ord1808
ord4229
ord641
ord2606
ord324
ord4704
ord6451
ord1083
ord3087
ord4294
ord773
ord3084
ord501
ord3871
ord4124
ord6279
ord6278
ord5679
ord3471
ord6720
ord4078
ord1899
ord4272
ord2756
ord2810
ord1884
ord4564
ord4666
ord4837
ord6367
ord5282
ord4432
ord3274
ord3374
ord4619
ord449
ord746
ord4707
ord6061
ord5005
ord6048
ord2506
ord4992
ord5261
ord2047
ord3793
ord4435
ord4831
ord6370
ord5276
ord4347
ord4401
ord2377
ord5237
ord2567
ord1767
ord4390
ord2855
ord1636

msvcrt

wcscpy
_adjust_fdiv
malloc
_initterm
??1type_info@@UAE@XZ
__RTDynamicCast
wcscmp
_CxxThrowException
_purecall
free
memcmp
_itow
__CxxFrameHandler
memset
memcpy
_ftol

kernel32

LocalFree
GlobalFree
MulDiv
GetPrivateProfileIntW
GlobalHandle
LoadLibraryW
InterlockedDecrement
WritePrivateProfileStringW
CreateEventW
CloseHandle
FreeLibrary
ResetEvent
SetEvent
WaitForSingleObjectEx
GlobalSize

user32

GetWindowRect
ReleaseDC
UpdateWindow
InvalidateRect
SetCapture
EnableWindow
GetScrollPos
SetScrollPos
SetScrollRange
GetClientRect
ScreenToClient
ClientToScreen
SendMessageW
GetClassNameW
IsWindow
GetParent
SetCursor
InflateRect
ShowCursor
SetRect
DrawFocusRect
FillRect
IntersectRect
ReleaseCapture
GetCursorPos
PtInRect
EnumChildWindows
LoadCursorW
GetDC
OffsetRect

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateHatchBrush
GetObjectW
StretchBlt

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW

ole32

CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitialize
OleRun
CLSIDFromString

oleaut32

SysFreeString
SysStringByteLen
GetErrorInfo
SysAllocStringByteLen

Exports

Exports

CaptureImage
CheckHardware
LoadResources
MoveVideo
StartVideo
StopVideo
ToggleVideoState
UnloadResources

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

658981525c8fbd2e973bf024ec38238c

Headers

File Characteristics

Imports

fpi32

vic32

translator

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 64KB - Virtual size: 60KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 64KB - Virtual size: 60KB

.reloc
Size: 8KB - Virtual size: 4KB