29f76db0519a437a6fc01a0cce7401ad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29f76db0519a437a6fc01a0cce7401ad_JaffaCakes118
Size

160KB
MD5

29f76db0519a437a6fc01a0cce7401ad
SHA1

b8979794cbc83b98c45aa66733663af1518dcfae
SHA256

5e7f3167ec69ae920a77df0aaa3d303752490d61074d087746ca149e04b8ebed
SHA512

edf7c25b4773d91588ecc0febc5350715cb30de3f93eceb15b516ef0681f59358cc82f62cde03a8049b8157383751c4250bb47327f4fa25b0e76888de057ff12
SSDEEP

3072:+/cNMS1iywXfZ2X5vbmppXUcnbMAZeKT95t9i76FT5e+u2Sd:6S4yuIRb6pEcbMAZp9d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29f76db0519a437a6fc01a0cce7401ad_JaffaCakes118

Files

29f76db0519a437a6fc01a0cce7401ad_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e63eb68ea550c160574ab774e0ad9a76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\BUILD_~1\jdk6_16\control\build\WINDOW~1\tmp\deploy\plugin\jpiexp\obj\jpiexp.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA

kernel32

GetCurrentProcessId
WaitForSingleObject
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
TlsAlloc
TlsSetValue
TlsGetValue
lstrlenA
lstrlenW
InterlockedIncrement
InterlockedDecrement
OutputDebugStringA
ResetEvent
lstrcmpiA
CreateEventA
LoadLibraryA
lstrcatA
GetProcAddress
TlsFree
DisableThreadLibraryCalls
MulDiv
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
CreateThread
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
LocalFree
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
ExitProcess
CloseHandle
lstrcpyA
SetEvent
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetLastError

user32

PostMessageA
SetWindowLongA
CallWindowProcA
GetWindowThreadProcessId
RegisterWindowMessageA
IsChild
GetClassInfoExA
wsprintfA
UnregisterClassA
PostThreadMessageA
WaitMessage
EnumWindows
IsWindowVisible
BringWindowToTop
SetForegroundWindow
GetPropA
SetPropA
GetWindowLongA
RemovePropA
CharNextA
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
FillRect
GetClientRect
GetDC
ReleaseDC
UnionRect
PtInRect
DefWindowProcA
SendMessageA
GetKeyState
RegisterClassExA
EnumThreadWindows
IsWindow
DestroyWindow
ShowWindow
SetWindowPos
InvalidateRect
GetFocus
SetFocus
EnableWindow
GetParent
BeginPaint
EndPaint
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
PeekMessageA
LoadCursorA
CreateWindowExA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
OleSaveToStream
WriteClassStm
OleLoadFromStream
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemFree
OleRegGetMiscStatus
CoCreateInstance
OleRun

oleaut32

SysAllocStringByteLen
SysStringByteLen
OleCreatePropertyFrame
SysStringLen
VariantChangeType
SysAllocString
DispCallFunc
VariantClear
VariantInit
GetErrorInfo
SysFreeString
VarUI4FromStr

msvcr71

__security_error_handler
__CppXcptFilter
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
memset
getenv
_stricmp
wcsncpy
??_U@YAPAXI@Z
_resetstkoflw
_wcsnicmp
malloc
_local_unwind2
??2@YAPAXI@Z
wcslen
realloc
sprintf
__CxxFrameHandler
_CxxThrowException
_purecall
??_V@YAXPAX@Z
??3@YAXPAX@Z
free
_except_handler3

gdi32

DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
GetDeviceCaps
CreateDCA
GetStockObject
CreateRectRgnIndirect
RestoreDC

Exports

Exports

?Equals@CJSObject@@CGJPAUJNIEnv_@@PAV_jobject@@JJJ@Z
?GetDispType@CJSObject@@CGPAV_jstring@@PAUJNIEnv_@@PAV_jobject@@JJ@Z
?GetStub@CJSObject@@CGPAV_jobject@@PAUJNIEnv_@@PAV2@J@Z
?InvokeStub@CJSObject@@CGPAV_jobject@@PAUJNIEnv_@@PAV2@JPAV_jstring@@JPAV_jobjectArray@@JJ@Z
?Java_sun_plugin_services_WIExplorerBrowserService_installBrowserListener@@YGEPAUJNIEnv_@@PAV_jobject@@@Z
?ReleaseStub@CJSObject@@CGXPAUJNIEnv_@@PAV_jobject@@JJ@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
_Java_sun_plugin_com_DispatchImpl_getWindowHandle@12
_Java_sun_plugin_services_WPlatformService_createEvent@8
_Java_sun_plugin_services_WPlatformService_deleteEvent@12
_Java_sun_plugin_services_WPlatformService_dispatchNativeEvent@8
_Java_sun_plugin_services_WPlatformService_signalEvent@12
_Java_sun_plugin_services_WPlatformService_waitEvent@28
_Java_sun_plugin_viewer_IExplorerAppletStatusListener_notifyStatusChange@16
_Java_sun_plugin_viewer_context_IExplorerAppletContext_nativeInvokeScript@24
_Java_sun_plugin_viewer_frame_IExplorerEmbeddedFrame_activateBrowserWindow@12
_Java_sun_plugin_viewer_frame_IExplorerEmbeddedFrame_enableModeless@24
_Java_sun_plugin_viewer_frame_IExplorerEmbeddedFrame_transferFocus@16

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e63eb68ea550c160574ab774e0ad9a76

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

ole32

oleaut32

msvcr71

gdi32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 52KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 56KB - Virtual size: 54KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 56KB - Virtual size: 54KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 6KB