88d5e4b9a9090db356933427d0af7330_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

88d5e4b9a9090db356933427d0af7330_JaffaCakes118
Size

232KB
MD5

88d5e4b9a9090db356933427d0af7330
SHA1

5424dc1fac70725eaeff0dae733c71cfc14e67d2
SHA256

97a94424a7e6f5538226834e55c69b1e6f1d2392246976a8ecf7aa512bc06fc7
SHA512

244aef7d3d47d613fcf696c530de74562bc0a1a7ab7519804aeff51da650af1c82ae2fbe5d0803c8e7c3548e0e7688b397277fb32c6f77b3330a3c18c85450d8
SSDEEP

3072:qB0HmF9rxmVcsQFJUfUncaxrvEF43eI6BvhRaCLnB46Y5vC4hlrviQVKBA6uE:qBlzr8/+7ckephLBwvC4WQVKBl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88d5e4b9a9090db356933427d0af7330_JaffaCakes118

Files

88d5e4b9a9090db356933427d0af7330_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2c1bf039eca22ef9992b3e7692303bd5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\workspace\svnboot\UILib8\bin\JavaScriptParse.pdb

Imports

mfc71u

ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord3677
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord566
ord757
ord3824
ord2239
ord3781
ord776
ord384
ord1162
ord1087
ord1079
ord1200
ord314
ord1170
ord1168
ord1192
ord1115
ord371
ord1093
ord1199
ord1197
ord1033
ord315
ord765
ord5524
ord5558
ord300
ord870
ord266
ord762
ord283
ord2895
ord2461
ord310
ord578
ord764
ord3927
ord293
ord265
ord280
ord577
ord2462
ord5399
ord5398
ord2527
ord581

msvcr71

_onexit
__CxxFrameHandler
fprintf
_iob
fwprintf
fclose
fgets
strchr
fopen
wcscpy
memset
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_initterm
_adjust_fdiv
__CppXcptFilter
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_except_handler3
wcslen
_wfindfirst
_findclose
free
malloc
printf
exit
??0exception@@QAE@XZ
??1exception@@UAE@XZ

kernel32

DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcAddress
LoadLibraryW
LocalFree
LocalAlloc
ExitProcess
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA

user32

MessageBoxW
GetAsyncKeyState
MessageBoxA

msvcp71

??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

js32

JS_GetPrivate
JS_SetErrorReporter
JS_Init
JS_ShutDown
JS_Finish
JS_DestroyContext
JS_SetElement
JS_NewArrayObject
JS_NewDouble
JS_NewStringCopyZ
JS_GetStringChars
JS_ValueToString
JS_GetFunctionName
JS_GetFrameFunction
JS_SetCallHook
JS_SetPrivate
JS_DefineProperties
JS_InitClass
JS_DefineFunctions
JS_smprintf
JS_NewUCStringCopyZ
JS_GetStringBytes
JS_sprintf_append
JS_free
JS_EvaluateScript
JS_GetRuntime
JS_NewContext
JS_SetGlobalObject
JS_EvaluateUCScript
JS_DestroyContextNoGC
JS_GC
JS_GetOptions
JS_SetOptions
JS_CallFunctionName
JS_NewObject
JS_DefineObject

Exports

Exports

??0CJavaScript@@QAE@ABV0@@Z
??0CJavaScript@@QAE@XZ
??1CJavaScript@@UAE@XZ
??4CJavaScript@@QAEAAV0@ABV0@@Z
??_7CJavaScript@@6B@
?AddClass@CJavaScript@@QAEPAUJSObject@@PAU2@0PAUJSClass@@P6AHPAUJSContext@@0IPAJ3@ZIPAUJSPropertySpec@@PAUJSFunctionSpec@@56@Z
?AddFunction@CJavaScript@@QAEHPAUJSObject@@PAUJSFunctionSpec@@@Z
?AddObject@CJavaScript@@QAEPAUJSObject@@PAU2@PBDPAUJSClass@@0IPAUJSFunctionSpec@@PAUJSPropertySpec@@@Z
?AddObjectW@CJavaScript@@QAEPAUJSObject@@PAU2@PB_WPAUJSClass@@0IPAUJSFunctionSpec@@PAUJSPropertySpec@@@Z
?CallFunction@CJavaScript@@QAA_NPBDPAUJSObject@@PAJ0ZZ
?CallFunction@CJavaScript@@QAE_NPBDPAUJSObject@@IPAJ2@Z
?CallFunctionW@CJavaScript@@QAA_NPB_WPAUJSObject@@PAJ0ZZ
?CallFunctionW@CJavaScript@@QAE_NPB_WPAUJSObject@@IPAJ2@Z
?CreateGlobalClass@CJavaScript@@QAEHPAUJSClass@@H@Z
?CreateInstance@CJavaScript@@SAPAV1@XZ
?DestoryEngine@CJavaScript@@QAE_NXZ
?DestroyInstance@CJavaScript@@SAXXZ
?GCObject@CJavaScript@@QAEXXZ
?GetGlobalObject@CJavaScript@@QAEPAUJSObject@@XZ
?GetJavaScript@@YAPAVCJavaScript@@XZ
?GetJsContext@CJavaScript@@QAEPAUJSContext@@XZ
?GetPrivate@CJavaScript@@QAEPAXPAUJSObject@@@Z
?InitializeEngine@CJavaScript@@QAEHXZ
?InitializeRuntime_local@CJavaScript@@QAEHJH@Z
?LoadFile@CJavaScript@@QAE_NPB_W@Z
?LoadStringW@CJavaScript@@QAE_NPB_W@Z
?NewObject@CJavaScript@@QAEPAUJSObject@@PAU2@PAUJSClass@@0@Z
?RunScript@CJavaScript@@QAE_NPBD@Z
?RunScript@CJavaScript@@QAE_NPBDPAUJSObject@@PAJ@Z
?RunScriptW@CJavaScript@@QAE_NPB_W@Z
?RunScriptW@CJavaScript@@QAE_NPB_WPAUJSObject@@PAJ@Z
?SetGlobalObject@CJavaScript@@QAEXPAUJSObject@@@Z
?SetOpenCallStack@CJavaScript@@QAEXHH@Z
?SetPrivate@CJavaScript@@QAE_NPAUJSObject@@PAX@Z
?m_spJavaScript@CJavaScript@@0PAV1@A
?my_ErrorReporter@CJavaScript@@SAXPAUJSContext@@PBDPAUJSErrorReport@@@Z

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c1bf039eca22ef9992b3e7692303bd5

Headers

File Characteristics

PDB Paths

Imports

mfc71u

msvcr71

kernel32

user32

msvcp71

js32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 176KB - Virtual size: 181KB

.rsrc Size: 4KB - Virtual size: 736B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 176KB - Virtual size: 181KB

.rsrc
Size: 4KB - Virtual size: 736B

.reloc
Size: 8KB - Virtual size: 4KB