11eab86b8debd091db9080e37e3402a3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

11eab86b8debd091db9080e37e3402a3_JaffaCakes118
Size

164KB
MD5

11eab86b8debd091db9080e37e3402a3
SHA1

9a8e0a3c23831d0032c9f8bb91c6b4946ce5e158
SHA256

abbcc1a91a01748a58a9b95e9792c09ffe20cbcee940dd227c6b8bd8e3cacd7e
SHA512

6ab7d87d3dcb5bf5ea5ed98ddc4f0b84ae6bb7a894d9e2d58676d25e608e29129fc6987ab602641978532c79223e25f7cb848f79b75431ad0a2087db5208d063
SSDEEP

3072:r4wV99dF8YzgJTJPlN+RKehMuqKfrf+O40XqDWP:rDL8CglJ/9w+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11eab86b8debd091db9080e37e3402a3_JaffaCakes118

Files

11eab86b8debd091db9080e37e3402a3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0548887de85f746f81880d1d90875875

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\JinZQ\技术研究+++++++++++++++++++++++++++++++++++++++++++\WebBrowser技术研究\WebDll-Project\WebDllx\Release\WebDllx.pdb

Imports

mfc71

ord1191
ord1084
ord1098
ord371
ord1175
ord762
ord293
ord577
ord764
ord266
ord265
ord1917
ord1187

msvcr71

rand
_access
isspace
strchr
strpbrk
time
srand
sprintf
_CxxThrowException
__CxxFrameHandler
memmove
realloc
strncpy
_open
_lseek
_close
_write
_stricmp
strncmp
memset
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
atoi
malloc
free
_resetstkoflw
_except_handler3
_vscwprintf
vswprintf
wcslen
strstr
printf
_snprintf

kernel32

HeapReAlloc
HeapDestroy
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
LocalFree
LoadLibraryA
CopyFileA
MoveFileExA
MoveFileA
GetCurrentThreadId
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
FreeLibrary
GetModuleHandleA
lstrcmpA
GlobalAlloc
GlobalLock
GlobalUnlock
HeapAlloc
GetCurrentProcess
FlushInstructionCache
MulDiv
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
HeapFree
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
lstrcmpiA
lstrlenW
lstrlenA
EnterCriticalSection
LeaveCriticalSection
GetPrivateProfileStringA
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
GetPriorityClass
OpenProcess
OutputDebugStringW
GetTickCount
WritePrivateProfileStringA
Sleep
CreateThread
GetModuleFileNameA
Thread32Next
Thread32First
GetProcessId
CreateProcessA
GetWindowsDirectoryA
DeleteFileA

user32

ShowWindow
RegisterClassA
LoadIconA
MessageBoxA
GetWindowThreadProcessId
PeekMessageA
SetTimer
IsChild
GetWindow
BeginPaint
EndPaint
CallWindowProcA
GetDesktopWindow
UpdateWindow
InvalidateRect
ReleaseDC
GetDC
PostQuitMessage
FillRect
SetCapture
ReleaseCapture
GetSysColor
DefWindowProcA
SendMessageA
CreateWindowExA
SetWindowLongA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetFocus
InvalidateRgn
DispatchMessageA
UnregisterClassA
GetWindowLongA
IsWindow
GetWindowTextLengthA
RegisterWindowMessageA
GetWindowTextA
SetWindowTextA
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
CreateAcceleratorTableA
CharNextA
GetParent
GetClassNameA
SetWindowPos
DestroyWindow
RedrawWindow
DestroyAcceleratorTable
GetDlgItem
GetClientRect
SetFocus
TranslateMessage

gdi32

DeleteObject
SelectObject
DeleteDC
CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

shlwapi

PathFileExistsA

ole32

OleUninitialize
OleInitialize
CoTaskMemRealloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
CoInitialize
CoCreateInstance
CoTaskMemFree

oleaut32

LoadRegTypeLi
SysStringByteLen
SysStringLen
SysAllocString
SysAllocStringLen
VariantInit
VariantChangeType
VariantCopy
VariantClear
SysFreeString
LoadTypeLi
VarUI4FromStr
OleCreateFontIndirect

psapi

GetModuleFileNameExA

Exports

Exports

EngineProc
process1
process2
process3
process5

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HookData
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

Sharing

General

Malware Config

Signatures

Files

0548887de85f746f81880d1d90875875

Headers

File Characteristics

PDB Paths

Imports

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

oleaut32

psapi

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 71KB

HookData Size: 4KB - Virtual size: 4B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 71KB

HookData
Size: 4KB - Virtual size: 4B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 12KB - Virtual size: 11KB