53084d6d1a31cb5e1fd3df2ddfd609f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

53084d6d1a31cb5e1fd3df2ddfd609f1_JaffaCakes118
Size

292KB
MD5

53084d6d1a31cb5e1fd3df2ddfd609f1
SHA1

0ee25a66fb6fe7f3fb09959e33709dda7f27e626
SHA256

ad5295b64b1bd580d0d562dd08629f2d92a8410b09a3ac70f56bea2185b9ddba
SHA512

4853191f399bfd36f7632ff3562c8f1428fbe8b38d566c0b2f2c2942fa9c4961296f6bc67e4652762f156cfce6bb7b540270e6a9c0e9e9a387b8656ffd7c589a
SSDEEP

3072:OtpopQtY2lRSONiCq3kvZKmZ8VzBw/x2kYf+SifwdY0+zfUf4nGSCnu5Lxj5GrmM:apox6ZwBwZ23f+SifzRnGlnupN50mPn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53084d6d1a31cb5e1fd3df2ddfd609f1_JaffaCakes118

Files

53084d6d1a31cb5e1fd3df2ddfd609f1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ad4dbe2a7813e5d0cbaccc4b322e8c41

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord2954
ord6055
ord4078
ord1776
ord4407
ord5241
ord2384
ord5163
ord6370
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord3946
ord540
ord423
ord2541
ord4949
ord641
ord2514
ord324
ord5290
ord2558
ord2122
ord556
ord3237
ord2956
ord4459
ord6648
ord4129
ord2764
ord860
ord2818
ord613
ord2652
ord6215
ord289
ord668
ord2116
ord2795
ord924
ord858
ord3181
ord2781
ord2770
ord941
ord356
ord1669
ord4160
ord3706
ord3626
ord3663
ord640
ord5574
ord2414
ord1641
ord5785
ord1640
ord2859
ord323
ord5026
ord6030
ord4502
ord4760
ord2379
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord5265
ord4376
ord823
ord4998
ord4713
ord6052
ord1775
ord2385
ord6371
ord5286
ord4438
ord4661
ord4625
ord4425
ord449
ord746
ord2278
ord3571
ord939
ord535
ord6385
ord665
ord5186
ord354
ord6374
ord4627
ord3721
ord567
ord795
ord4275
ord755
ord470
ord2452
ord5791
ord2614
ord3439
ord913
ord4277
ord2763
ord5594
ord398
ord4189
ord3692
ord5710
ord2023
ord4218
ord2578
ord3402
ord2411
ord4398
ord3582
ord616
ord3317
ord2864
ord2754
ord5875
ord4538
ord6241
ord5787
ord283
ord5788
ord472
ord4284
ord6358
ord5981
ord3742
ord818
ord6197
ord6380
ord6442
ord2567
ord5786
ord5794
ord4123
ord1088
ord2080
ord816
ord2753
ord562
ord2078
ord1567
ord5583
ord268
ord2642
ord4299
ord6880
ord5651
ord3127
ord3616
ord350
ord922
ord4278
ord2575
ord4396
ord3574
ord609
ord539
ord3874
ord6172
ord5789
ord2380
ord3619
ord861
ord3920
ord3711
ord783
ord2714
ord1233
ord2448
ord1997
ord940
ord6929
ord6927
ord5465
ord798
ord5194
ord533
ord3790
ord6407
ord2044
ord5834
ord5450
ord6394
ord5440
ord6383
ord1132
ord537
ord4113
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord800
ord1227
ord6467
ord1168
ord1216
ord6354
ord2724
ord3952
ord825
ord561
ord3670
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord5649
ord2998
ord2876
ord4707
ord4705
ord5150
ord3868
ord2953
ord5213
ord1963
ord2137
ord6002
ord4920
ord4856
ord2156
ord5674
ord4639
ord4687
ord4342
ord994
ord5618
ord1693
ord2439
ord1210
ord1226
ord1177
ord743
ord446
ord3681
ord3353
ord3278
ord5498
ord4472
ord6365
ord3326
ord6364
ord2687
ord2486
ord4249
ord3279
ord1877
ord3401
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4853
ord815
ord1131

msvcrt

__CxxFrameHandler
sprintf
atol
time
atoi
_mbsicmp
_mbscmp
strrchr
_atoi64
atof
_purecall
_ftol
_CIacos
memmove
_mbsnbcpy
strncpy
srand
rand
strncmp
_stat
strstr
_strnicmp
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ

kernel32

InterlockedIncrement
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetModuleHandleA
SetErrorMode
GetVolumeInformationA
GetFileTime
GetSystemDirectoryA
GetTimeZoneInformation
InterlockedExchange
Sleep
ExitProcess
LoadLibraryA
GetProcAddress
FreeLibrary
GetLocalTime
LocalAlloc
CreateFileA
LocalFree
lstrcpyA
GlobalLock
OpenFile
_lwrite
_lclose
GlobalUnlock
GlobalSize
GlobalAlloc
GlobalReAlloc
GlobalFree
SetCurrentDirectoryA
GetEnvironmentVariableA
GetCurrentProcessId
GetVersionExA
OpenMutexA
CloseHandle

user32

InvalidateRect
SendMessageA
EnableWindow
GetDC
LoadImageA
GetClientRect
PostMessageA
SetRectEmpty
GetSysColor
WindowFromDC
CopyRect
SetRect
IsWindowEnabled
SetClassLongA
GetClassLongA
GetWindowRect
GetSystemMetrics
GetParent
LoadCursorFromFileA
UpdateWindow
IsWindow
IsRectEmpty
EqualRect
SetWindowRgn
ReleaseDC
GetWindowDC
GetFocus
DestroyCursor
PtInRect
LoadCursorA
SetTimer
GetCapture
SetCapture
ReleaseCapture
SetCursor
LoadIconA
KillTimer
OffsetRect

gdi32

CreateFontIndirectA
CreateFontA
OffsetRgn
StretchBlt
GetTextExtentPoint32A
CreateCompatibleBitmap
Rectangle
BitBlt
CreateHalftonePalette
GetDIBColorTable
CreatePalette
GetStockObject
SelectPalette
RealizePalette
GetDIBits
CreateCompatibleDC
CreateRectRgn
GetPixel
CombineRgn
GetDeviceCaps
GetObjectA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
RegQueryValueExA
RegEnumValueA
RegSetValueExA
RegEnumKeyExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
AllocateAndInitializeSid
FreeSid

comctl32

_TrackMouseEvent

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

LoadRegTypeLi

ddraw

DirectDrawCreate

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad4dbe2a7813e5d0cbaccc4b322e8c41

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

comctl32

ole32

oleaut32

ddraw

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 153KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 20KB - Virtual size: 43KB

.rsrc Size: 60KB - Virtual size: 58KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 156KB - Virtual size: 153KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 20KB - Virtual size: 43KB

.rsrc
Size: 60KB - Virtual size: 58KB

.reloc
Size: 20KB - Virtual size: 16KB