02d73a4ea03856c1f9895ee5771977cc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

02d73a4ea03856c1f9895ee5771977cc_JaffaCakes118
Size

188KB
MD5

02d73a4ea03856c1f9895ee5771977cc
SHA1

56ebf04018ef5b76d5d5f17798013fbe3b7e10b8
SHA256

683ef61c781242205446a2927a36bb079607d82f85103a50269bf66e6df2ab4e
SHA512

24bd48c798cfcf2783e759ad5ca4657c8b05a81e968c64afad6409cb9013f8d51733245fbcc239ef1693a042dd77b8381e1d73b42dcc81bf9d031f2da53c5bd5
SSDEEP

3072:8kGX4t+Vsk5UpWGjh7TqzUAqUTF8/D71WdN5Pg0CjHBprB1IwL7u:8koVskKw7UArTF8/XFf/q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02d73a4ea03856c1f9895ee5771977cc_JaffaCakes118

Files

02d73a4ea03856c1f9895ee5771977cc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bc2a44d98897a9caee5c4f130a87e0b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\src\nprpjplug\nprpjplug.pdb

Imports

kernel32

CopyFileA
MultiByteToWideChar
SetEvent
CloseHandle
WaitForSingleObject
CreateEventA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
CreateProcessA
InterlockedIncrement
InterlockedDecrement
GetSystemInfo
GetVersion
GetModuleFileNameA
SetErrorMode
GetLastError
CreateDirectoryA
WritePrivateProfileStringA
InterlockedExchange
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
ExitProcess
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
WideCharToMultiByte
lstrlenW
GetTickCount

user32

SetTimer
KillTimer
GetSystemMetrics
CharNextA
CharPrevA
CharLowerA
EnumWindows
RegisterClassA
CreateWindowExA
SendMessageA
PeekMessageA
DispatchMessageA
GetPropA
SetWindowLongA
DefWindowProcA
CallWindowProcA
DestroyWindow
PostMessageA

advapi32

RegQueryValueA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyA
RegSetValueA
RegDeleteValueA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

shell32

ShellExecuteExA

msvcr71

__CppXcptFilter
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_adjust_fdiv
_initterm
memset
__security_error_handler
__dllonexit
_putenv
_onexit
_except_handler3
free
_purecall
_snprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
malloc
strncat
strncpy
atoi
sprintf
_stricmp
atol
strtok
strchr
_vsnprintf
strrchr
strstr
_mbctype
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??_U@YAPAXI@Z
??_V@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
_CxxThrowException
printf
memmove
realloc
_ismbcspace
__CxxFrameHandler

oleaut32

VariantChangeType
VariantInit
SysAllocString
VariantClear

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

Java_JSRealPlayerPlugin_AddToNowPlayingNative_stub
Java_JSRealPlayerPlugin_ClearNowPlaying_stub
Java_JSRealPlayerPlugin_DoAutoUpdateRequest_stub
Java_JSRealPlayerPlugin_GetComponentVersion_stub
Java_JSRealPlayerPlugin_GetInstalledComponents_stub
Java_JSRealPlayerPlugin_GetPlayerPropertyNative_stub
Java_JSRealPlayerPlugin_GetRealPlayerVersion_stub
Java_JSRealPlayerPlugin_HandleAction_stub
Java_JSRealPlayerPlugin_ImportNative_stub
Java_JSRealPlayerPlugin_OpenURLInPlayerBrowserNative_stub
Java_JSRealPlayerPlugin_PlayClipExNative_stub
Java_JSRealPlayerPlugin_PlayClipNative_stub
Java_JSRealPlayerPlugin_SetPlayerPropertyNative_stub
NP_GetEntryPoints
NP_Initialize
NP_Shutdown
NSCanUnload
NSGetFactory
NSRegisterSelf
NSUnregisterSelf
native_JSRealPlayerPlugin_AddToNowPlayingNative
native_JSRealPlayerPlugin_ClearNowPlaying
native_JSRealPlayerPlugin_DoAutoUpdateRequest
native_JSRealPlayerPlugin_GetComponentVersion
native_JSRealPlayerPlugin_GetInstalledComponents
native_JSRealPlayerPlugin_GetPlayerPropertyNative
native_JSRealPlayerPlugin_GetRealPlayerVersion
native_JSRealPlayerPlugin_HandleAction
native_JSRealPlayerPlugin_ImportNative
native_JSRealPlayerPlugin_OpenURLInPlayerBrowserNative
native_JSRealPlayerPlugin_PlayClipExNative
native_JSRealPlayerPlugin_PlayClipNative
native_JSRealPlayerPlugin_SetPlayerPropertyNative
register_JSRealPlayerPlugin
unregister_JSRealPlayerPlugin
unuse_JSRealPlayerPlugin
unuse_netscape_plugin_Plugin
use_JSRealPlayerPlugin
use_netscape_plugin_Plugin

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc2a44d98897a9caee5c4f130a87e0b6

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

msvcr71

oleaut32

msvcp71

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 8KB - Virtual size: 6KB