31434254fa1ba4c66befa336b3e5b693_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

31434254fa1ba4c66befa336b3e5b693_JaffaCakes118
Size

197KB
MD5

31434254fa1ba4c66befa336b3e5b693
SHA1

97cb32144d0eb6a19ead21a1035255d6b19631f5
SHA256

43c05c94f60781f2baba80357a1fa0537eb1ac70923bb2e45fad2bf11567adf6
SHA512

b808b0b1b3f6cbd1cf6ed50364b13adeee65add51e2d17eb264fd9313c183317a7cd3f043bef6bb2bf4336a8f8e67f3a69b853614df67df76d6a2cb12fc4bdd2
SSDEEP

6144:nLwgNczKThdQRUiYaiOy/i7HujMWuzZ3:LxeAQPX7OAWuzZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31434254fa1ba4c66befa336b3e5b693_JaffaCakes118

Files

31434254fa1ba4c66befa336b3e5b693_JaffaCakes118
.dll windows:5 windows x86 arch:x86

25b29c7f1cb718125c9034fc5b65b7e8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\build\source\nprpjplug\rel32\nprpjplug.pdb

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
CreateProcessA
InterlockedIncrement
InterlockedDecrement
GetSystemInfo
GetVersion
GetModuleFileNameA
GetVersionExA
SetErrorMode
GetLastError
CreateDirectoryA
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateEventA
WaitForSingleObject
CloseHandle
SetEvent
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
CopyFileA
WritePrivateProfileStringA
GetTickCount
RaiseException
lstrlenW
WideCharToMultiByte
lstrlenA
Sleep

user32

CharLowerA
CharPrevA
CharNextA
GetSystemMetrics
SetTimer
KillTimer
EnumWindows
RegisterClassA
CreateWindowExA
SendMessageA
PeekMessageA
DispatchMessageA
GetPropA
SetWindowLongA
DefWindowProcA
CallWindowProcA
DestroyWindow
PostMessageA

advapi32

RegDeleteKeyA
RegCreateKeyA
RegSetValueA
RegQueryValueA
RegDeleteValueA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyA

shell32

ShellExecuteExA

msvcr90

_putenv
??3@YAXPAX@Z
_purecall
_snprintf
??2@YAPAXI@Z
malloc
free
memset
strncat
strncpy
strchr
strcpy_s
strncpy_s
_strlwr_s
_ultoa_s
strnlen
strncmp
_scprintf
atoi
memcpy_s
??_V@YAXPAX@Z
sprintf_s
_stricmp
sprintf
atol
strtok
_vsnprintf
strrchr
strstr
_ismbblead
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??_U@YAPAXI@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
printf
memmove
realloc
_ismbcspace
__CxxFrameHandler3
memmove_s
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
memcpy

oleaut32

VariantChangeType
VariantInit
SysAllocString
VariantClear

shlwapi

PathIsURLA

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

Exports

Exports

Java_JSRealPlayerPlugin_AddToNowPlayingNative_stub
Java_JSRealPlayerPlugin_ClearNowPlaying_stub
Java_JSRealPlayerPlugin_DoAutoUpdateRequest_stub
Java_JSRealPlayerPlugin_GetComponentVersion_stub
Java_JSRealPlayerPlugin_GetInstalledComponents_stub
Java_JSRealPlayerPlugin_GetPlayerPropertyNative_stub
Java_JSRealPlayerPlugin_GetRealPlayerVersion_stub
Java_JSRealPlayerPlugin_HandleAction_stub
Java_JSRealPlayerPlugin_ImportNative_stub
Java_JSRealPlayerPlugin_OpenURLInPlayerBrowserNative_stub
Java_JSRealPlayerPlugin_PlayClipExNative_stub
Java_JSRealPlayerPlugin_PlayClipNative_stub
Java_JSRealPlayerPlugin_SetPlayerPropertyNative_stub
NP_GetEntryPoints
NP_Initialize
NP_Shutdown
NSCanUnload
NSGetFactory
NSRegisterSelf
NSUnregisterSelf
native_JSRealPlayerPlugin_AddToNowPlayingNative
native_JSRealPlayerPlugin_ClearNowPlaying
native_JSRealPlayerPlugin_DoAutoUpdateRequest
native_JSRealPlayerPlugin_GetComponentVersion
native_JSRealPlayerPlugin_GetInstalledComponents
native_JSRealPlayerPlugin_GetPlayerPropertyNative
native_JSRealPlayerPlugin_GetRealPlayerVersion
native_JSRealPlayerPlugin_HandleAction
native_JSRealPlayerPlugin_ImportNative
native_JSRealPlayerPlugin_OpenURLInPlayerBrowserNative
native_JSRealPlayerPlugin_PlayClipExNative
native_JSRealPlayerPlugin_PlayClipNative
native_JSRealPlayerPlugin_SetPlayerPropertyNative
register_JSRealPlayerPlugin
unregister_JSRealPlayerPlugin
unuse_JSRealPlayerPlugin
unuse_netscape_plugin_Plugin
use_JSRealPlayerPlugin
use_netscape_plugin_Plugin

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25b29c7f1cb718125c9034fc5b65b7e8

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

msvcr90

oleaut32

shlwapi

msvcp90

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 101KB - Virtual size: 100KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 101KB - Virtual size: 100KB

.reloc
Size: 9KB - Virtual size: 8KB