8e2756aadac1340d0e8a76dfb94ba160_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8e2756aadac1340d0e8a76dfb94ba160_JaffaCakes118
Size

50KB
MD5

8e2756aadac1340d0e8a76dfb94ba160
SHA1

68bbbc44b317d2262c5e8f532a2114ea27e139cf
SHA256

7ea1a42582082be1aa9bf2ce615a5b38f8481a002caab133c2c3efac98dd897c
SHA512

baa9dd7897fcfa2fd4fbd98e3f7435da2da38348212fb73f2678e8f9e6f791eb551a3660b4ae4382ee700cce87242c8ccaf909942cd04d06448f930dc7ebb520
SSDEEP

1536:cwOEf1p/DxsyOhr5MglO1qO2eY7mRxiRxgIm:Rrxsys5MyO1qO2eY7mRxiRxgIm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e2756aadac1340d0e8a76dfb94ba160_JaffaCakes118

Files

8e2756aadac1340d0e8a76dfb94ba160_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

a1be3f668856433f0cc9bbef25043288

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Serhij\Documents\Visual Studio 2008\Projects\QWProtect\QWProtect\Release\QWProtect.pdb

Imports

winhttp

WinHttpOpenRequest
WinHttpReadData
WinHttpOpen
WinHttpConnect
WinHttpCloseHandle
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable

kernel32

InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleFileNameW
SetThreadLocale
GetThreadLocale
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
TlsGetValue
DisableThreadLibraryCalls
TlsSetValue
GetCurrentThreadId
InterlockedCompareExchange
Sleep
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
TlsAlloc
TlsFree
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
lstrlenA

user32

SetWindowsHookExW
UnhookWindowsHookEx
CharNextW
CallNextHookEx

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ole32

CoCreateInstance

oleaut32

SysStringLen
SysFreeString
UnRegisterTypeLi
RegisterTypeLi
VariantInit
VariantClear
DispCallFunc
LoadRegTypeLi
LoadTypeLi
VarBstrCat
SysAllocString
SysAllocStringLen

atl90

ord49
ord32
ord58
ord56
ord15
ord67
ord10
ord68
ord23
ord31
ord61
ord11
ord30
ord64

msvcr90

_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
??3@YAXPAX@Z
_CxxThrowException
wcsncpy_s
free
??_V@YAXPAX@Z
_purecall
??_U@YAPAXI@Z
__CxxFrameHandler3
??2@YAPAXI@Z
_wcsnicmp
wcsstr
memcpy_s
malloc
_resetstkoflw
_time64
memset
_except_handler4_common
_adjust_fdiv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1be3f668856433f0cc9bbef25043288

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

kernel32

user32

advapi32

ole32

oleaut32

atl90

msvcr90

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 3KB - Virtual size: 2KB