ee96fd41340b7739bd2a3b0763f22afb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ee96fd41340b7739bd2a3b0763f22afb_JaffaCakes118
Size

21KB
MD5

ee96fd41340b7739bd2a3b0763f22afb
SHA1

2a04138ac257e2d190b19dd1318fc7c4b563970c
SHA256

106e518c3a26065a8614a8369fbe699013449c68b701348b768c99a0a2b28b1e
SHA512

9da9822e64cd0e558e1e71cba869099d881edafdf4299a40d88e975b415ab1e6478e0d0a844e52a8c00ef3bc40d84c3e9ebccd1b887d0412ba40705933588e44
SSDEEP

384:BWL5IPiPaRI3yFwIHRoh32TzC+ftEhzDbnHkk+T3cr7FThK0Guuqv:BWtIPiPaRUhCgGnfeEx7cJrGuuqv

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/jdzcn_net/freeiis.dll
unpack001/jdzcn_net/freeiisver2.dll

Files

ee96fd41340b7739bd2a3b0763f22afb_JaffaCakes118
.rar
Down.asp
.asp .vbs polyglot
jdzcn_net/freeiis.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetFilterVersion
HttpFilterProc

Sections

nsp0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nsp1
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
jdzcn_net/freeiis.ini
jdzcn_net/freeiisver2.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4215988beda77c364bc263e2c9852249

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAptOffset
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaCastObjVar
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord101
ord102
ord103
ord104
ord105
__vbaVarAdd
__vbaVarMod
__vbaVarCopy
_CIatan
__vbaCastObj
__vbaStrMove
ord543
_allmul
ord544
_CItan
ord546
ord547
_CIexp
__vbaFreeStr
__vbaFreeObj

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jdzcn_net/下载说明.htm
.html .js polyglot
jdzcn_net/卸载IIS防盗.cmd
jdzcn_net/安装IIS防盗.cmd
rm.asp
.js
url.asp
.vbs
下载说明.htm
.html .js polyglot
天天网络IIS防盗连ISAPI插件使用说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

nsp0 Size: - Virtual size: 32KB

nsp1 Size: 10KB - Virtual size: 17KB

4215988beda77c364bc263e2c9852249

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 924B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

nsp0
Size: - Virtual size: 32KB

nsp1
Size: 10KB - Virtual size: 17KB

.text
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 924B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB