c79ab6d2e8a2d52822f1c26939a3375e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c79ab6d2e8a2d52822f1c26939a3375e_JaffaCakes118
Size

320KB
MD5

c79ab6d2e8a2d52822f1c26939a3375e
SHA1

656fd5d6f9a2945343368e94d2b61e7459abcc65
SHA256

0560a44822546a9ce0e844c3b5a544b371b5fdee02ea56fb13513e47cc17d401
SHA512

58149c116a4be2378661ea1e1f9014d78f7c994fe064cc40f8933e38679656dcbd1b9c9bfb16ca86eab55eaeeade5964c0594f41562031e3d2c12f4112cbb16c
SSDEEP

6144:ziJkiKjh1xj4LOhgzkdgyClhuU7MeOqwmW0ag:ziJ1Kjhzj4LOPfsuCMeOD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c79ab6d2e8a2d52822f1c26939a3375e_JaffaCakes118

Files

c79ab6d2e8a2d52822f1c26939a3375e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d6a9505ac6bf480574c5dcffd2efaf40

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

npdrmv2.pdb

Imports

mfc42

ord823
ord825

msvcrt

memmove
free
_onexit
__dllonexit
_adjust_fdiv
malloc
wcsncmp
_wcsnicmp
atoi
realloc
memcpy
_purecall
wcscmp
swprintf
wcscpy
wcsncpy
memcmp
memset
_wcsicmp
_ftol
_CIpow
_except_handler3
printf
__CxxFrameHandler
_initterm
wcslen
strlen
_strnicmp
strcpy
strcat

kernel32

GetSystemInfo
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
lstrlenA
GetProcessHeap
HeapAlloc
HeapFree
FlushInstructionCache
VirtualAlloc
GetLocalTime
GetSystemTime
VirtualFree
GetCPInfo
InterlockedDecrement
InterlockedIncrement
CompareStringW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
SetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalFree
GetVersionExA
lstrlenW
GetProcAddress
CompareStringA
LocalAlloc
FormatMessageA
lstrcpynW
LoadLibraryA
IsBadWritePtr
GetVersionExW

ole32

CoTaskMemFree

oleaut32

SysAllocStringLen
SysStringLen
SysAllocString
SysFreeString
SysStringByteLen

user32

RegisterWindowMessageA
wsprintfA
IsCharAlphaW
SendMessageA

wininet

InternetGetConnectedState
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpSendRequestA

advapi32

RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegCloseKey

Exports

Exports

Java_npdrmv2_GetDRMSecurityVersion_stub
Java_npdrmv2_GetDRMVersion_stub
Java_npdrmv2_GetLicenseFromURL_stub
Java_npdrmv2_GetSystemInfo_stub
Java_npdrmv2_StoreLicense_stub
NP_GetEntryPoints
NP_Initialize
NP_Shutdown
native_npdrmv2_GetDRMSecurityVersion
native_npdrmv2_GetDRMVersion
native_npdrmv2_GetLicenseFromURL
native_npdrmv2_GetSystemInfo
native_npdrmv2_StoreLicense
register_npdrmv2
unregister_npdrmv2
unuse_netscape_plugin_Plugin
unuse_npdrmv2
use_netscape_plugin_Plugin
use_npdrmv2

Sections

.text
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6a9505ac6bf480574c5dcffd2efaf40

Headers

File Characteristics

PDB Paths

Imports

mfc42

msvcrt

kernel32

ole32

oleaut32

user32

wininet

advapi32

Exports

Exports

Sections

.text Size: 207KB - Virtual size: 206KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 207KB - Virtual size: 206KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 10KB - Virtual size: 9KB