ef0d2e59ada01cec2024ccb58f28a165_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ef0d2e59ada01cec2024ccb58f28a165_JaffaCakes118
Size

148KB
MD5

ef0d2e59ada01cec2024ccb58f28a165
SHA1

ac4d413063d46ae5bfaffe9c83ef604469b6913b
SHA256

1cc861dfa07803a61424b72e21e0013f14336627471745b02da60ecf34fac65b
SHA512

3dc7c45144c23e4e31ed98af3e806dee24c40a37e27a462a603348604f572596d418a82874d529c3c3407c6d388cc218fb44a4c5c36d206d35f47ce8d4eb0e4b
SSDEEP

3072:5HetteKDBlfiOTU7Wcj0zYtt3CKr8Z5i:5H8tllDU7dozW3Lr8Z5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef0d2e59ada01cec2024ccb58f28a165_JaffaCakes118

Files

ef0d2e59ada01cec2024ccb58f28a165_JaffaCakes118
.dll windows:4 windows x86 arch:x86

493c1ea0c2a13c5b32d137c84ee69984

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Bin\Release\RSSParser.pdb

Imports

kernel32

WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
CloseHandle
TerminateThread
InitializeCriticalSection
DeleteCriticalSection
DeleteFileA
GetTempFileNameA
GetTempPathA
ResumeThread
GetTickCount
lstrcatA
GetLastError
CreateEventA
SetEvent
CopyFileA
ResetEvent
ReleaseSemaphore
CreateSemaphoreA
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime
lstrlenA
WinExec
lstrcpyA

user32

SendMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueA

shlwapi

PathFileExistsA

msvcp71

?_Nomemory@std@@YAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

wininet

InternetSetOptionA
InternetOpenA
InternetQueryOptionA
InternetSetStatusCallback
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetCloseHandle

msvcr71

_strlwr
realloc
free
_endthreadex
_local_unwind2
_except_handler3
atoi
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
__security_error_handler
_callnewh
??3@YAXPAX@Z
__CxxFrameHandler
_snprintf
_purecall
_mbsstr
_CxxThrowException
fclose
fprintf
fopen
??_V@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_beginthreadex
??0exception@@QAE@XZ
strchr
_atoi64
strncpy
memmove
_stricmp
fread
ftell
fseek
fwrite
malloc

Exports

Exports

RSS_GetParserManager
RSS_GotoURL

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

493c1ea0c2a13c5b32d137c84ee69984

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

msvcp71

wininet

msvcr71

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 504B

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 504B

.reloc
Size: 12KB - Virtual size: 9KB