3bd1559e8593ec89a938275566f77dca_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3bd1559e8593ec89a938275566f77dca_JaffaCakes118
Size

148KB
MD5

3bd1559e8593ec89a938275566f77dca
SHA1

6df907794b6490264a59370c747c849e73717836
SHA256

64694d3bab97f405930b48a071a775d2b0fc28caabc1985ad17ececacf2186c9
SHA512

68eb5d830a7555db03546185292f082feb576f0d064993367b58edcf302dec2891f8fc678dcc65faa38105e7b4c79c57240299c7641ce0a04ffdb21d089dc011
SSDEEP

3072:dNLErI+nfy4vaaIrqbrwgZqEF5xW/3Dbr4HbrHM6uOrJc:dNLE9ypG0AqWvaznibr36

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bd1559e8593ec89a938275566f77dca_JaffaCakes118

Files

3bd1559e8593ec89a938275566f77dca_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6c7e98ff976b6572de82a93de635d14f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\BUILD_~1\jdk6_21\control\build\WINDOW~1\tmp\deploy\plugin\eula\obj\eula.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA

gdi32

DeleteObject
RestoreDC
CreateFontIndirectA
DPtoLP
GetDeviceCaps
DeleteDC
SetViewportOrgEx
ModifyWorldTransform
SetGraphicsMode
SaveDC
SetTextColor
GetStockObject
SetBkMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetObjectA
CreateSolidBrush
SetWindowOrgEx

shell32

ShellExecuteA

comctl32

ord17

kernel32

GetCurrentProcessId
GetTickCount
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryA
GlobalAlloc
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetLastError
lstrlenA
lstrcmpiA
FindResourceA
FlushInstructionCache
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
lstrcpynA
GetCurrentThreadId
IsDBCSLeadByte
SetLastError
FreeLibrary
SizeofResource
LoadResource
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
MulDiv
GlobalUnlock
GlobalLock
lstrcmpA
GlobalFree
GlobalHandle
LockResource
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
QueryPerformanceCounter
DisableThreadLibraryCalls
ExitProcess
GetSystemTimeAsFileTime

user32

GetClassNameA
GetParent
CreateAcceleratorTableA
CreateWindowExA
GetClassInfoExA
RegisterClassExA
RedrawWindow
GetWindowTextLengthA
GetDC
DialogBoxIndirectParamA
GetActiveWindow
SetWindowContextHelpId
IsWindow
GetWindowTextA
LoadCursorA
DestroyAcceleratorTable
UnregisterClassA
SetWindowLongA
GetWindowLongA
GetClientRect
FillRect
SetCapture
ReleaseCapture
GetSysColor
DestroyWindow
DefWindowProcA
GetFocus
IsChild
GetWindow
SetFocus
BeginPaint
EndPaint
CallWindowProcA
GetDesktopWindow
InvalidateRgn
InvalidateRect
MapDialogRect
ReleaseDC
GetDlgCtrlID
EndDialog
wsprintfA
GetCursorPos
GetWindowRect
PtInRect
SetWindowTextA
SetCursor
LoadStringA
MessageBoxA
CharNextA
SendMessageA
GetDlgItem
EnableWindow
RegisterWindowMessageA
SetWindowPos

ole32

OleUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

LoadRegTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringByteLen
VarUI4FromStr
SysStringLen
SysAllocString
SysAllocStringLen
SysFreeString
LoadTypeLi

msvcr71

__dllonexit
memset
??2@YAPAXI@Z
??_U@YAPAXI@Z
realloc
__CxxFrameHandler
strncmp
_CxxThrowException
_resetstkoflw
malloc
??_V@YAXPAX@Z
??3@YAXPAX@Z
free
_except_handler3
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
__CppXcptFilter
__security_error_handler
?terminate@@YAXXZ

Exports

Exports

ShowEulaDialog

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c7e98ff976b6572de82a93de635d14f

Headers

File Characteristics

PDB Paths

Imports

advapi32

gdi32

shell32

comctl32

kernel32

user32

ole32

oleaut32

msvcr71

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 60KB - Virtual size: 56KB

.rsrc Size: 32KB - Virtual size: 29KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 60KB - Virtual size: 56KB

.rsrc
Size: 32KB - Virtual size: 29KB

.reloc
Size: 4KB - Virtual size: 3KB