380ea7bad5dda2bbe24a98050e848504_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

380ea7bad5dda2bbe24a98050e848504_JaffaCakes118
Size

192KB
MD5

380ea7bad5dda2bbe24a98050e848504
SHA1

79d379320d2a975c094733bc7cb5930a3ac752db
SHA256

73e1b8bcf198e5be8c239788c75ea434cf24921b9440ea2801297281967752a4
SHA512

77632afee3981dc68d89a948838d828d68bd87c2d0cda81898a04328a0726b83c975b9ee2fb6456ed20de13bffb201de3cf7ca52938ed4a1fb179e5809ca9f41
SSDEEP

3072:ulcKBd4zPlVTj4Tq3KaD/z6O0oUM3ULDrsU+Pa7JPyN1N2Ag7dI/A8vLXi9aDriU:+dRM3OdJPs14i/A8vjr/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
380ea7bad5dda2bbe24a98050e848504_JaffaCakes118

Files

380ea7bad5dda2bbe24a98050e848504_JaffaCakes118
.dll windows:4 windows x86 arch:x86

21032f9071b9d4dc8b732d96d0a489b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrlenA
lstrcmpiW
RaiseException
IsBadWritePtr
IsBadReadPtr

user32

wsprintfA

dscrt30

?UnRegisterFacilityErrorInfo@@YAJK@Z
?RegisterFacilityErrorInfo@@YAJKPBUDS_ECodeDescription@@KPBD@Z
?mki_CopyMemory@@3P6AXPAXPBXK@ZA
?mki_MoveMemory@@3P6AXPAXPBXK@ZA
?mki_CompareMemory@@3P6AJPBX0K@ZA
?Tick@DCallback@@QAEHK@Z
?Finish@DCallback@@QAEXXZ
?Start@DCallback@@QAEXKK@Z
?MKreallocI@@YAPAXPAXKK@Z
?mki_ZeroMemory@@3P6AXPAXK@ZA
?UnlockRow@DFrameBuffer@@QAEJPAUDBitsData@@@Z
?Start@DCallback@@QAEXKKK@Z
?mki_FillMemory@@3P6AXPAXKE@ZA
?cpu_capabilities@@3JA
??1DString@@QAE@XZ
??0DString@@QAE@PBGJ@Z
??1DStringW@@QAE@XZ
?os_featuresFlags@@3JA
?MKfree@@YAXPAX@Z
?ExpandTo@DStringW@@QAEJJH@Z
??0DString@@QAE@PBVDStringW@@@Z
?Copy@DStringW@@QAEJPBGJ@Z
?GetType@DSizedMemoryBlock@@UAE?AW4DSIO_InternalType@@XZ
?Close@DSizedMemoryBlock@@UAE_JXZ
?GetAvaibleSize@DSizedMemoryBlock@@UAEKXZ
?SetAvaibleSize@DSizedMemoryBlock@@UAE_JK@Z
?Collapse@DSizedMemoryBlock@@UAE_JXZ
?SetNewSize@DSizedMemoryBlock@@UAE_J_J@Z
?CopyFrom@DSizedMemoryBlock@@UAE_JPAVDSIO@@J_J1@Z
?RandomRead@DSizedMemoryBlock@@UAE_JPAXKJ_J@Z
?GetWriteBuffer@DSizedMemoryBlock@@UAEPAXJ_JKPA_J@Z
?GetReadBuffer@DSizedMemoryBlock@@UAEPBXJ_JKPA_J@Z
?Write@DSizedMemoryBlock@@UAE_JPBXK@Z
?Read@DSizedMemoryBlock@@UAE_JPAXK@Z
?Seek@DSizedMemoryBlock@@UAE_JJ_J@Z
?Create@DSizedMemoryBlock@@QAE_JKJ@Z
??0DSizedMemoryBlock@@QAE@XZ
?Append@DStringW@@QAEJPBDJ@Z
?ds_strcpyn@@YAPADPADPBDH@Z
?MKallocI@@YAPAXKK@Z
??1DSizedMemoryBlock@@UAE@XZ

xccdx30

?BMPDecodeEx@@YAJKKKPAVDSIO@@JPAVDFrameBuffer@@KPBKAAVDCallback@@KPAUtagRGBQUAD@@@Z
??1DJBIGDecoder@@QAE@XZ
?GetImage@DJBIGDecoder@@QBEPAPAEXZ
?GetImage@DJBIGDecoder@@QBEPAEJ@Z
?GetWidth@DJBIGDecoder@@QBEJXZ
?GetHeight@DJBIGDecoder@@QBEJXZ
?Decode_in@DJBIGDecoder@@QAEJPAEKPAK@Z
?FreePageData@DJbig2Codec@@QAEXK@Z
?GetPageData@DJbig2Codec@@QAEPAEK@Z
?DecodePage@DJbig2Codec@@QAEJK@Z
?GetPagesCount@DJbig2Codec@@QAEKXZ
??1DJbig2Codec@@QAE@XZ
?PreDecode@DJbig2Codec@@QAEJXZ
?PumpData@DJbig2Codec@@QAEJPBEK@Z
?InitDecoder@DJbig2Codec@@QAEXKPAV1@P6AJAAJPAXPBEJ@ZP6AJ1JJJJJJ3KJ@ZJ@Z
??0DJbig2Codec@@QAE@XZ
?GetPageInfo@DJbig2Codec@@QAEJKAAK000@Z
?End@DZip@@QAEXXZ
?InitCompress@DZip@@QAEJJJJJJ@Z
?d_dst_init_dst@JPEG_Core@@MAEXPAUjpeg_compress_struct@@@Z
?d_src_init_src@JPEG_Core@@MAEXPAUjpeg_decompress_struct@@@Z
?Encode@JPEG_Core@@UAEJKKKE@Z
?Decode@JPEG_Core@@UAEJHK@Z
??_7JPEG_Core@@6B@
?SetInBuffer@DZip@@QAEXPAEK@Z
?Reset@DZip@@QAEXXZ
?Decompress@DZip@@QAEJH@Z
?SetOutBuffer@DZip@@QAEXPAEK@Z
?Compress@DZip@@QAEJH@Z
??1DZip@@QAE@XZ
??0DZip@@QAE@XZ
?InitDecompress@DZip@@QAEJK@Z
?DS_crc32@@YAKKPAEK@Z
??1JPEG_Core@@UAE@XZ
?ReadPageInfo@JPEG_Core@@QAEJPAK00@Z
??0JPEG2000@@QAE@XZ
??1JPEG2000@@QAE@XZ
?GetFormat@JPEG2000@@QAE?AW4JPEG2000_Fmt@1@XZ
?Decode@JPEG2000@@QAEJXZ
?Encode@JPEG2000@@QAEJW4JPEG2000_Fmt@1@KKKKPAEK@Z
?GetPageInfo@JPEG2000@@QAEJPAGPAK1PAE1PAH@Z
?Fill_FormatParameters@@YAJPAUFormatParameterList@@PBUFormatParameter@@KK@Z
??0DJBIGDecoder@@QAE@XZ

shlwapi

StrCmpIW

Exports

Exports

fmt_GetDllInfo

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21032f9071b9d4dc8b732d96d0a489b8

Headers

File Characteristics

Imports

kernel32

user32

dscrt30

xccdx30

shlwapi

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 64KB - Virtual size: 61KB

.rsrc Size: 4KB - Virtual size: 984B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 64KB - Virtual size: 61KB

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 8KB - Virtual size: 4KB