0d9cc782fa9725bdca7b30a382c8cc5f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0d9cc782fa9725bdca7b30a382c8cc5f_JaffaCakes118
Size

200KB
MD5

0d9cc782fa9725bdca7b30a382c8cc5f
SHA1

47658b1bea7e4154743e0908888c0ee66a18cf84
SHA256

e99f59afee29ffc78735f0ca2cb0c208cace81b1b5f715452ebc7df8bc8ef504
SHA512

31ac1e5fecfdf4d912400990abf1327921dbac8e21eef26226dad771de74280ee79d1289aac5f510c671864c942df50ca269ccaddfb55f9fdef88979e2e16c6d
SSDEEP

3072:WruXzvdG08UymGVzkONwL/zeSf8rzEGZekFEw+J56nfDqKfrf+OK0JMDxC:WSXzvdG08U1mzm/Pf8rzEiekFWa67C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d9cc782fa9725bdca7b30a382c8cc5f_JaffaCakes118

Files

0d9cc782fa9725bdca7b30a382c8cc5f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9d65b456f75e93775c70487e70103d47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\JinZQ\技术研究+++++++++++++++++++++++++++++++++++++++++++\WebBrowser技术研究\WebDll-Project\WebDllx\Release\WebDllx.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

mfc71

ord266
ord1917
ord1187
ord1191
ord764
ord577
ord293
ord762
ord1175
ord371
ord1098
ord1084
ord265

msvcr71

rand
isspace
strchr
strpbrk
strrchr
_access
time
atoi
sprintf
_CxxThrowException
__CxxFrameHandler
wcslen
srand
_snprintf
printf
strstr
_vscwprintf
_except_handler3
_resetstkoflw
free
vswprintf
malloc
realloc
strncpy
strncmp
memset
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_stricmp
_close
_open
_write
_lseek
_initterm
_adjust_fdiv
__CppXcptFilter
memmove

kernel32

HeapReAlloc
GetSystemTimeAsFileTime
HeapDestroy
HeapSize
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
LocalFree
LoadLibraryA
GetCurrentThreadId
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
FreeLibrary
GetModuleHandleA
lstrcmpA
GlobalAlloc
GlobalLock
GlobalUnlock
HeapAlloc
GetCurrentProcess
FlushInstructionCache
MulDiv
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
HeapFree
GetWindowsDirectoryA
MoveFileA
GetProcessId
Thread32First
Thread32Next
MoveFileExA
CopyFileA
CreateProcessA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
lstrcmpiA
lstrlenW
lstrlenA
EnterCriticalSection
LeaveCriticalSection
GetPrivateProfileStringA
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
GetPriorityClass
OpenProcess
OutputDebugStringW
GetTickCount
WritePrivateProfileStringA
Sleep
CreateThread
GetModuleFileNameA
DeleteFileA

user32

PostQuitMessage
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
RegisterClassA
LoadIconA
MessageBoxA
GetWindowThreadProcessId
PeekMessageA
SetTimer
CreateAcceleratorTableA
CharNextA
GetClassNameA
SetWindowPos
RegisterWindowMessageA
RedrawWindow
wsprintfA
GetDlgItem
SetFocus
GetFocus
IsChild
GetWindow
BeginPaint
EndPaint
CallWindowProcA
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
GetClientRect
FillRect
GetWindowTextLengthA
SetWindowTextA
GetClassInfoExA
DestroyWindow
LoadCursorA
SetCapture
ReleaseCapture
GetSysColor
DefWindowProcA
DestroyAcceleratorTable
RegisterClassExA
SendMessageA
CreateWindowExA
SetWindowLongA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetWindowLongA
GetForegroundWindow
GetWindowTextA
GetWindowRect
IsWindow
UnregisterClassA
GetParent

gdi32

DeleteObject
SelectObject
DeleteDC
CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

PathFileExistsA

ole32

CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemRealloc
StringFromGUID2
CoInitialize
CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize
CoTaskMemAlloc

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysFreeString
VariantCopy
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysAllocString
VariantClear

psapi

GetModuleFileNameExA

Exports

Exports

EngineProc
pro_cess1
pro_cess2
pro_cess3
pro_cess5

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dfsaewr4
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d65b456f75e93775c70487e70103d47

Headers

File Characteristics

PDB Paths

Imports

version

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

oleaut32

psapi

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 71KB

dfsaewr4 Size: 4KB - Virtual size: 4B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 71KB

dfsaewr4
Size: 4KB - Virtual size: 4B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 16KB - Virtual size: 14KB