8eac6737df88adf062d582760a7ecdba_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8eac6737df88adf062d582760a7ecdba_JaffaCakes118
Size

120KB
MD5

8eac6737df88adf062d582760a7ecdba
SHA1

1ee102409269ca5130a3dab3568ff91cadadd879
SHA256

37bffd8a0610164a3208fdae3a398ba7e629478c3872439c222699e63d417fe9
SHA512

69cb3a9033333ba2daeef691707c645903d0cb339fc57ba82fd8931d11e115c160cdc83e46eb550c69f9e52ef987058e232903bc861fc014fb46971ec7352a87
SSDEEP

1536:DDm7AMRu8homW/KY1SFu08w53RvsB2RUPcRkZMGXEeFeI5yCXX70TWUU1:DDmMMoB1SFu0nRpyc6OeMI5yCY6b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8eac6737df88adf062d582760a7ecdba_JaffaCakes118

Files

8eac6737df88adf062d582760a7ecdba_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

b590dc2c328ccb2dfb22e662453f44cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\!!!WORK\awork\soft\soft\GAV2009\QWProtect\QWProtect\Release_PLAT\WStech.pdb

Imports

winhttp

WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpen
WinHttpConnect

kernel32

RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
GetProcAddress
GetModuleHandleW
lstrcmpiW
TlsFree
TlsAlloc
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
lstrlenW
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
WideCharToMultiByte
TlsGetValue
lstrlenA
TlsSetValue
GetCurrentThreadId
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CloseHandle
FlushFileBuffers
SizeofResource
GetStringTypeW
LCMapStringW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetCommandLineA
VirtualFree
HeapCreate
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings

user32

CharNextW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc

oleaut32

SysAllocStringLen
VarBstrCat
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysStringLen
VariantClear
VariantInit
SysFreeString
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b590dc2c328ccb2dfb22e662453f44cd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 8KB