0444338fe0809262a529fdca9006e89d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0444338fe0809262a529fdca9006e89d_JaffaCakes118
Size

180KB
MD5

0444338fe0809262a529fdca9006e89d
SHA1

c2ca2b52588216baa2c832a6bc9bbe1e4d48d613
SHA256

15893684c794ee616518171152fde2ae8824e2300335d5c8a14c6a59957e1c22
SHA512

e09721c6ed4a5506455bff6208481a90ff99345fc19aa2996de7a68d675fd283873579e78af2e51756471a412f88c8f1c4b2d8c01ff1c7cf14db1097eeee2b7d
SSDEEP

3072:ikDvf0YxwzVWRsvNRKpo5I0lKMLokQ2r5f2rkcN3:NDvcIRsvZe3MLokNFfgd3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0444338fe0809262a529fdca9006e89d_JaffaCakes118

Files

0444338fe0809262a529fdca9006e89d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d47772b1e5adb41af24f88c3724d8ff3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\dev\work\pluto_ga_refresh\0192_20120222_1953\Yahoo\YPager\output\dist\bin\Release\ypagerps.pdb

Imports

kernel32

DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
IsDebuggerPresent

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
NdrDllUnregisterProxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy

oleaut32

LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserFree
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
VARIANT_UserUnmarshal

ole32

HWND_UserUnmarshal
HWND_UserMarshal
HWND_UserSize
HWND_UserFree

msvcr80

_malloc_crt
_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_encode_pointer
_encoded_null
_decode_pointer
_initterm
_initterm_e
free
_amsg_exit
_adjust_fdiv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.orpc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d47772b1e5adb41af24f88c3724d8ff3

Headers

File Characteristics

PDB Paths

Imports

kernel32

rpcrt4

oleaut32

ole32

msvcr80

Exports

Exports

Sections

.orpc Size: 8KB - Virtual size: 5KB

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

.text Size: 112KB - Virtual size: 112KB

.orpc
Size: 8KB - Virtual size: 5KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 112KB - Virtual size: 112KB