234d5802c261be90e3a97502e49a365f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

234d5802c261be90e3a97502e49a365f_JaffaCakes118
Size

124KB
MD5

234d5802c261be90e3a97502e49a365f
SHA1

f2e1b40e9360cf58fb6c226bd5e3d5ff004e0d1d
SHA256

07a456cca20a32961fb7c45c8a64260459587c81fdd10f97c548c38b545a1654
SHA512

945d51938d51e45d68a4b9295fe9ea8007a2a11f24046ab2db1fc103ca247eeef685ba0f9edcdc3ab60987c0a228e80b8cfebb10bfc8ec6aa264ea645f4900cd
SSDEEP

3072:poEmavwOkaEDnP9wqUWz2EUy0fUcjRvol:dvoxUWz2EUy0fvi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
234d5802c261be90e3a97502e49a365f_JaffaCakes118

Files

234d5802c261be90e3a97502e49a365f_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e08bfe76a80f37a0d8cb3667697f8a89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Documents and Settings\Joe\My Documents\Visual Studio Projects\NavExcel\Release\NHelper.pdb

Imports

wininet

InternetCloseHandle
InternetOpenUrlA
InternetGetLastResponseInfoA
InternetOpenA
InternetReadFile

kernel32

GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetLastError
lstrlenA
lstrcmpiA
GetVersion
CompareStringA
CompareStringW
lstrcpynA
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
IsDBCSLeadByte
FreeLibrary
LoadLibraryExA
GetModuleFileNameA
GetCurrentThreadId
LocalFree
FormatMessageA
GetProcAddress
LoadLibraryA
lstrcmpA
ExpandEnvironmentStringsA
GetSystemDirectoryA
GetThreadLocale
CreateDirectoryA
DeleteFileA
GetTempFileNameA
FindClose
GetFileAttributesA
FindFirstFileA
GetTempPathA
CloseHandle
CreateFileA
lstrcpyA
lstrcatA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
VirtualQuery
GetSystemInfo
VirtualProtect
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
SetStdHandle
GetStartupInfoA
GetStdHandle
GetLocaleInfoA
GetACP
InterlockedExchange
InterlockedIncrement
GetSystemTimeAsFileTime
SetEnvironmentVariableA
GetCommandLineA
GetOEMCP
RemoveDirectoryA
SetHandleCount
SetEndOfFile
LCMapStringW
LCMapStringA
GetTimeZoneInformation
IsBadWritePtr
SetFilePointer
WriteFile
ReadFile
GetFileType
GetCurrentProcess
TerminateProcess
GetModuleHandleA
RtlUnwind
RaiseException
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
VirtualAlloc
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCPInfo

user32

CharNextA
GetWindowTextA
FindWindowExA
MessageBoxA
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowTextA
InvalidateRgn
UpdateWindow
IsChild
GetFocus
CallNextHookEx

advapi32

RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
VariantClear
VariantChangeType
VariantCopy
SysAllocStringLen
VariantInit
SysFreeString
SysStringLen
SysAllocStringByteLen
SysAllocString

shlwapi

PathFindExtensionA
StrToIntA
PathBuildRootA
PathFileExistsA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e08bfe76a80f37a0d8cb3667697f8a89

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 77KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 12KB - Virtual size: 8KB