45cced3ff989fed32c351b5ff4943902_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

45cced3ff989fed32c351b5ff4943902_JaffaCakes118
Size

74KB
MD5

45cced3ff989fed32c351b5ff4943902
SHA1

74b7f8e53482b3a695a38cbb0ba84d53f1cf2cf0
SHA256

dfd5db3efd8d305ca961231186c70b9275f4cc218b53cdda9d0cd5737cd4a82a
SHA512

f4ceca6401e3eac3bafe7456867031428322b414015df7431a20e87cb7f83a90a7ed8a15301122858d3c9b2fcce90ef8dd5fe6ac684e9569ced6887f7d53aeab
SSDEEP

1536:E2+kPPF45lKdVJalJHu2JJ4ch0jDeij05hNN9+Hxjt+Uccg:N+SPulGVJalJHu6J4ch0jkhN+Zg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Add-Ons/Extras/RyokkaKyusekihyo.apx

Files

45cced3ff989fed32c351b5ff4943902_JaffaCakes118
.zip
Add-Ons/Extras/RyokkaKyusekihyo.apx
.dll windows:4 windows x86 arch:x86

f30f592d7f6e34f5128f1d32058598b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
WritePrivateProfileStringA
lstrcpyA
GetPrivateProfileStringA
CopyFileA
CreateDirectoryA
lstrcatA
lstrcmpA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetModuleFileNameA

user32

RegisterWindowMessageA
MessageBoxA

shell32

SHGetFolderPathA

dg

DGShowModelessDialog
?RegisterAdditionalHelpLocation@DG@@YI_NJJABVLocation@IO@@@Z
DGCreateDockablePalette
DGBeginProcessEvents
DGIsDialogOpen
?UnregisterAdditionalHelpLocation@DG@@YI_NJJ@Z
DGModalDialog
DGSetItemEnable
DGGetItemValLong
DGGetItemText
DGSetItemText
DGSetFocus
DGGetCheckedRadio
DGModelessClose
DGHideModelessDialog
DGSetItemValLong

gsroot

??1CStr@UniString@GS@@QAE@XZ
?ToCStr@UniString@GS@@QBE?AVCStr@12@KKW4GSCharCode@@W4OnConversionError@12@@Z
??0UniString@GS@@QAE@PBG@Z
??1Object@GS@@UAE@XZ
??0Guid@GS@@QAE@PBD@Z
?RSAddModule@@YIJPAUHINSTANCE__@@@Z
?RSRemoveModule@@YIXJ@Z
?RSSetActiveModule@@YIJJ@Z
?RSGetActiveModule@@YIJXZ
?BMGetPtrSize@@YGJPAD@Z
?RSGetIndString@@YI_NPADJJJW4ResStringType@@@Z
?BNFillMemory@@YGXPAXJE@Z
?DBPrintf@@YAXPBDZZ
?NULLGuid@GS@@3VGuid@1@B
?BMKillHandle@@YGXPAPAPAD@Z
?BMReallocHandle@@YGPAPADPAPADJKF@Z
?BMAllocateHandle@@YGPAPADJKF@Z
?BMGetHandleSize@@YGJQBQBD@Z
?BMKillPtr@@YGXPAPAD@Z
??1UniString@GS@@UAE@XZ
??1UStr@UniString@GS@@QAE@XZ
?ucscpy@GS@@YIPAGPAGPBG@Z
?ToUStr@UniString@GS@@QBE?AVUStr@12@KK@Z
??0UniString@GS@@QAE@PBDW4GSCharCode@@@Z
?ReleaseBuffer@UniString@GS@@AAEXXZ
??_7UniString@GS@@6B@

inputoutput

?Clear@Location@IO@@QAEXXZ
??0Location@IO@@QAE@XZ
?ToPath@Location@IO@@QBEJPAV?$CString@$0BAA@@2@@Z
??1Location@IO@@UAE@XZ
??4Location@IO@@QAEAAV01@ABV01@@Z
?GetStatus@Location@IO@@QBEJXZ
??0Location@IO@@QAE@PBD@Z

msvcr80

_CIcos
_CIsin
sprintf
atof
__CxxFrameHandler3
atoi
_access
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
__clean_type_info_names_internal
_except_handler4_common
_CIsqrt
_CIatan2
memset
_hypot

Exports

Exports

GetExportedFuncAddrs
SetImportedFuncAddrs

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RIKCAD21ײ/APX_GDL/Ήϕ\/ΉώOp`.gsm
.vbs
RIKCAD21ײ/APX_GDL/Ήϕ\/Ήϕ\.gsm
RIKCAD21ײ/APX_GDL/Ήϕ\/Ή͈͏Wv\.gsm

Sharing

General

Malware Config

Signatures

Files

f30f592d7f6e34f5128f1d32058598b2

Headers

File Characteristics

Imports

kernel32

user32

shell32

dg

gsroot

inputoutput

msvcr80

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 28KB - Virtual size: 24KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 28KB - Virtual size: 24KB

.reloc
Size: 8KB - Virtual size: 5KB