2e9c163644bcd4e71d21b53b1633b780_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e9c163644bcd4e71d21b53b1633b780_JaffaCakes118
Size

817KB
MD5

2e9c163644bcd4e71d21b53b1633b780
SHA1

5ed434339c59d3b715192bbe8493f0824d196e66
SHA256

4a266463d0177713f608a957291a74fe763ac191c221ece49ac0c8de9aed84ba
SHA512

cbdfc6e487b356f37c9a0ebb80446063bc3e066d57273055463df1e281ad34679535772e35d9309ffb0821228c6343e35506e93e9163f687b2d0b696ad3d6e3a
SSDEEP

24576:UKFeiNyDITftCeL4Gb7EWV21mqETJKFe0:UKFelT8VEWV+iTJKFe0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e9c163644bcd4e71d21b53b1633b780_JaffaCakes118

Files

2e9c163644bcd4e71d21b53b1633b780_JaffaCakes118
.dll windows:5 windows x86 arch:x86

4981a4ec636ece3d166fdd60164b1e74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\builds\27\Search Protector\SP-1.5.0-CI\Binaries\Win32\Release\ChromeModule.pdb

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
RaiseException
TerminateThread
OpenProcess
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
FormatMessageA
CreateWaitableTimerA
SetWaitableTimer
SystemTimeToFileTime
GetTickCount
ResumeThread
TlsSetValue
ResetEvent
OpenEventA
GetCurrentProcessId
Sleep
GetCurrentThreadId
TlsGetValue
TlsFree
TlsAlloc
ReleaseSemaphore
GetSystemTimeAsFileTime
CreateEventA
HeapAlloc
HeapFree
GetProcessHeap
LocalFree
FormatMessageW
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetModuleFileNameW
WaitForMultipleObjects
CreateEventW
SetEvent
CloseHandle
GetLastError
IsProcessorFeaturePresent

msvcp100

?_Init@locale@std@@CAPAV_Locimp@12@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1_Container_base12@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_BADOFF@std@@3_JB
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?exceptions@ios_base@std@@QAEXH@Z
?narrow@?$ctype@_W@std@@QBED_WD@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
??Bid@locale@std@@QAEIXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

msvcr100

??1bad_cast@std@@UAE@XZ
_except_handler4_common
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
strerror
_CxxThrowException
_gmtime64
memcpy
??0exception@std@@QAE@XZ
ldiv
memset
isdigit
atof
__RTDynamicCast
realloc
__CxxFrameHandler3
??8type_info@@QBE_NABV0@@Z
??0exception@std@@QAE@ABQBDH@Z
_wassert
malloc
isspace
wcstombs_s
toupper
free
calloc
??_V@YAXPAX@Z
_beginthreadex
_purecall
fclose
fputws
fgetws
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??3@YAXPAX@Z
_wfopen_s
memmove
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z

user32

RegisterWindowMessageW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

psapi

EnumProcesses
GetProcessImageFileNameW

ole32

CoUninitialize
CoWaitForMultipleHandles
CoInitialize
CoSetProxyBlanket
CoCreateInstance

oleaut32

SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayDestroy
VariantClear
VariantInit
SysAllocString
SysFreeString

Exports

Exports

CreateBrowserModule

Sections

.text
Size: 525KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4981a4ec636ece3d166fdd60164b1e74

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp100

msvcr100

user32

advapi32

psapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 525KB - Virtual size: 525KB

.rdata Size: 139KB - Virtual size: 138KB

.data Size: 21KB - Virtual size: 22KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 43KB - Virtual size: 42KB

.reloc Size: 81KB - Virtual size: 80KB

.text
Size: 525KB - Virtual size: 525KB

.rdata
Size: 139KB - Virtual size: 138KB

.data
Size: 21KB - Virtual size: 22KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 43KB - Virtual size: 42KB

.reloc
Size: 81KB - Virtual size: 80KB