fd975523a660e207e91e91772b2868bb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fd975523a660e207e91e91772b2868bb_JaffaCakes118
Size

152KB
MD5

fd975523a660e207e91e91772b2868bb
SHA1

9285d6e8f008352364013d516a70bad99aacad3f
SHA256

c19331892d5d8755809039aa9a73e446c7c85cbc47422f4012d337029c8df514
SHA512

343cc19ab2c2072d10a1fc928923e02006f71218072df3d8b2da80b8ae82104e8354bfcb1d01e4fcc07516b53a5100864806295c318f523c74ed2fa9f3ebb202
SSDEEP

1536:RMYr+xJlw8WxJ/WICPwBPwEErIMokF6gL2sAc9nZeD+lyrpK3aa2s/6a7:RMXzwNxJ/1CxdmDs5Zeprqaap7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd975523a660e207e91e91772b2868bb_JaffaCakes118

Files

fd975523a660e207e91e91772b2868bb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

10c6765c52153c109f15a4d9da22a943

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xpcom

?Free@nsMemory@@SAXPAX@Z
?Alloc@nsMemory@@SAPAXI@Z
?sEmptyBuffer@?$nsCharTraits@D@@2PBDB
?Adopt@nsCSubstring@@QAEXPADI@Z
?smprintf@nsTextFormatter@@SAPAGPBGZZ
?AppendUTF16toUTF8@@YAXPBGAAVnsACString@@@Z
??0nsGetServiceByContractID@@QAE@PBDPAVnsISupports@@PAI@Z
?assign_from_helper@nsCOMPtr_base@@QAEXABVnsCOMPtr_helper@@ABUnsID@@@Z
?sCanonicalVTable@nsObsoleteACString@@2PBXB
?assign_with_AddRef@nsCOMPtr_base@@QAEXPAVnsISupports@@@Z
?NS_NewGenericModule2@@YAIPAUnsModuleInfo@@PAPAVnsIModule@@@Z
??1nsACString@@QAE@XZ
??1nsCOMPtr_base@@QAE@XZ

nspr4

PR_AtomicIncrement
PR_AtomicDecrement

plc4

PL_strfree
PL_strdup

xpcom_compat

_NR_RegDeleteKey@12
_NR_RegEnumSubkeys@24
_NR_RegGetKey@16
_NR_RegDeleteKeyRaw@12
_NR_RegGetKeyRaw@16
_NR_RegGetEntryInfo@16
_NR_RegDeleteEntry@12
_NR_RegGetUsername@4
_NR_RegSetUsername@4
_NR_RegPack@12
_NR_RegEnumEntries@24
_NR_RegAddKeyRaw@16
_NR_RegAddKey@16
_NR_RegSetEntry@24
_NR_RegSetEntryString@16
_NR_RegGetEntryString@20
_NR_RegFlush@4
_NR_RegClose@4
_NR_RegOpen@8
_NR_ShutdownRegistry@0
_NR_StartupRegistry@0
?Create@nsFileSpecImpl@@SGIPAVnsISupports@@ABUnsID@@PAPAX@Z
?Create@nsDirectoryIteratorImpl@@SGIPAVnsISupports@@ABUnsID@@PAPAX@Z
_NR_RegGetEntry@20

msvcrt

strchr
strcpy
free
_initterm
strncpy
_adjust_fdiv
malloc
??2@YAPAXI@Z

kernel32

DisableThreadLibraryCalls

Exports

Exports

NSGetModule
NS_RegistryGetFactory

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

10c6765c52153c109f15a4d9da22a943

Headers

File Characteristics

Imports

xpcom

nspr4

plc4

xpcom_compat

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 376B

.rsrc Size: 4KB - Virtual size: 904B

.reloc Size: 4KB - Virtual size: 592B

.text Size: 124KB - Virtual size: 124KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 376B

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 4KB - Virtual size: 592B

.text
Size: 124KB - Virtual size: 124KB