1863825835e4e49d0443a0dedb775493_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1863825835e4e49d0443a0dedb775493_JaffaCakes118
Size

156KB
MD5

1863825835e4e49d0443a0dedb775493
SHA1

8487ba0a697ab478e1f121083d917648f5fb94b5
SHA256

5ff9ff0fb1681d1f9057a1e04f0e961a4146f36c7def4ba2cdc64617d71c5b5b
SHA512

1e2cf310d0ba3bb4a5505850742bbcf9508127d2da457ee360295d819719688c9f37926dfb5e29f30a73f880eeed92a8a2e7688e18b8d89e142937ce8d3c6fb0
SSDEEP

3072:elbr2Yk1mYZIC8MmRSXwcV5Dsn4xbtP54nia4s:eRtk1QPMmRSXwuten

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1863825835e4e49d0443a0dedb775493_JaffaCakes118

Files

1863825835e4e49d0443a0dedb775493_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

4126313e18b2f85e68f506dc47f6b09d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

g:\公司工作\韩国网银\工程\全量包\网页密码截取包\IE插件\LoginMgr20111001\LoginMgr\Release\LoginMgr.pdb

Imports

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

iphlpapi

GetAdaptersInfo

rpcrt4

NdrOleFree
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrOleAllocate
NdrStubForwardingFunction
NdrDllCanUnloadNow

kernel32

FlushFileBuffers
CloseHandle
CreateFileA
GetProcessHeap
GetModuleHandleA
lstrlenA
GetModuleFileNameA
MultiByteToWideChar
lstrlenW
GetLastError
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
RaiseException
Sleep
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
LockResource
FindResourceExA
SetThreadLocale
GetThreadLocale
GetProcAddress
GetModuleHandleW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
HeapAlloc
HeapFree
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
VirtualFree
HeapReAlloc
HeapCreate
HeapDestroy
ExitProcess
WriteFile
GetStdHandle
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetHandleCount

user32

ShowWindow
CharNextW
GetForegroundWindow
CharNextA
GetWindowLongA
GetWindowTextA

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA

ole32

CoCreateInstance
OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2

oleaut32

VarUI4FromStr
SysFreeString
VariantClear
SysAllocStringLen
SysAllocString
LoadRegTypeLi
LoadTypeLi
SysStringLen
RegisterTypeLi
UnRegisterTypeLi
GetErrorInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4126313e18b2f85e68f506dc47f6b09d

Headers

File Characteristics

PDB Paths

Imports

wininet

iphlpapi

rpcrt4

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 114KB - Virtual size: 113KB

.orpc Size: 512B - Virtual size: 52B

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 114KB - Virtual size: 113KB

.orpc
Size: 512B - Virtual size: 52B

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB