761a978bc5eba280a81e0531bf2460b8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

761a978bc5eba280a81e0531bf2460b8_JaffaCakes118
Size

216KB
MD5

761a978bc5eba280a81e0531bf2460b8
SHA1

59c209d3b161869b022a6ba8e3e3f07c56ebb646
SHA256

016a90dc88337724659f3f47a525e8d678c22e30e57c9ecb26b3c2ecb74aee4b
SHA512

f66f1a312c78010af0d1c3c30e21366070585152b5a3fd5e8e7b456f0d44f5c58bcbeef7d4bcf0f18898f9fdb3b4661f051b622cee3dad247670f2f6fcf73bbf
SSDEEP

3072:sKypwElgtnUfTh5yqVHANTdHvJXid9ioVBAZ4/tCBhXWaF:b/ElWn8TXgzPJXid1rAZ44zXW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
761a978bc5eba280a81e0531bf2460b8_JaffaCakes118

Files

761a978bc5eba280a81e0531bf2460b8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

4f9c47a03943605e9e19f9f2c317e6f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\MyWork\WorkProjects\NetNucleosProjects\Nik Monokin\ActiveCollector.2005-2011-01-05\ActiveCollector.2005\Bin\release\ActiveCollectorPlugin.pdb

Imports

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

kernel32

GetTickCount
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
QueueUserWorkItem
DeleteCriticalSection
RaiseException
lstrcmpiW
InterlockedDecrement
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
SetThreadLocale
GetThreadLocale
FlushFileBuffers
CloseHandle
CreateFileA
InterlockedIncrement
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenW
InterlockedCompareExchange
FreeLibrary
UnhandledExceptionFilter
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LoadLibraryA
InterlockedExchange
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
IsValidLocale
OutputDebugStringW
LoadLibraryW
GetProcAddress
HeapFree
RtlUnwind
TerminateProcess
GetCurrentProcess
GetConsoleCP
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer
EnumSystemLocalesA

user32

UnregisterClassA
SendMessageW
IsWindow
CharNextW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW

ole32

StringFromCLSID
CoGetClassObject
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
GetRunningObjectTable
CreateItemMoniker

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString

urlmon

CoInternetGetSession

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f9c47a03943605e9e19f9f2c317e6f1

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

user32

advapi32

ole32

oleaut32

urlmon

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 16KB - Virtual size: 13KB