4076a9732db92b4c0b064f78f05a98f9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4076a9732db92b4c0b064f78f05a98f9_JaffaCakes118
Size

205KB
MD5

4076a9732db92b4c0b064f78f05a98f9
SHA1

52c81379ac4879854cbb9a797dd514d105f6315e
SHA256

6fff85eea0082ae297120268c248f2572262338e863b984227260fe60a0d99d9
SHA512

cdcf0d7ec31515b107d6ced6e3df78ff227c1101be11dac46a6e299187a3c3d6af1ced6263c8ed1bebf67a0b87c1b6749c4a8cd62c2b1c8e2e4425c832d1359f
SSDEEP

3072:wYo8OhQ8sCIIvv7aE/gGd4aL31PgFboeMatJiK8v8DaJ/83MHi95b60h:wdRPgFboCTlaJE8CL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4076a9732db92b4c0b064f78f05a98f9_JaffaCakes118

Files

4076a9732db92b4c0b064f78f05a98f9_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

c7be21027dbd52451943bda528c26cea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\FF\build_system\non_templates\JS_Hijack\Release\JS_Hijack.pdb

Imports

kernel32

FindResourceA
FindResourceExA
GetLastError
GetProcAddress
GetModuleHandleA
lstrlenA
lstrcmpiA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
LoadResource
LoadLibraryExA
GetModuleHandleW
SetThreadLocale
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CompareStringW
CompareStringA
FlushFileBuffers
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
FreeLibrary
MultiByteToWideChar
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
InterlockedExchange
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FatalAppExitA
VirtualFree
HeapCreate
Sleep
ExitProcess
WriteFile
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA

user32

CharNextW
CharNextA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA

ole32

CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysStringLen
VariantInit
VarUI4FromStr
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantClear
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7be21027dbd52451943bda528c26cea

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 155KB - Virtual size: 155KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 6KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 155KB - Virtual size: 155KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 6KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 7KB