Loader
Behavioral task
behavioral1
Sample
ee233e16958768992086207345e84556_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ee233e16958768992086207345e84556_JaffaCakes118.dll
Resource
win10v2004-20231215-en
General
-
Target
ee233e16958768992086207345e84556_JaffaCakes118
-
Size
127KB
-
MD5
ee233e16958768992086207345e84556
-
SHA1
7647ac35b342f27ee51407ed63fa680b20b8fafb
-
SHA256
24fc6e7c22402cb67de02d3cffb6f9659db3a7c25e74c87c90f87dfaa6d140e0
-
SHA512
a530d2533ae761a183404130372c4b06514c06224f491cdc5c32694c355413531d29ccc56e2ca6d4b47442fb4ffb5457d5ce53ee89a2a6f4e2a9d5c0a4252de3
-
SSDEEP
1536:h+sRWd4nhueU5u2s1N/47TVWeBeu644kPOLD38lKHPEryZ21uZjYCBA3MpM7c8uW:5sURE3VW8POLwlKb21uRYCuLMF6eFk
Malware Config
Extracted
plugx
hdviet.tv-vn.com:8080
hdviet.tv-vn.com:8000
detail.misecure.com:443
detail.misecure.com:80
-
folder
Microsoft Malware Protectionwhy
Signatures
-
Plugx family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource ee233e16958768992086207345e84556_JaffaCakes118
Files
-
ee233e16958768992086207345e84556_JaffaCakes118.dll windows:5 windows x86 arch:x86
2d4775b7b89703e701e20d373dbc259e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetProcAddress
LoadLibraryA
ExitProcess
SetUnhandledExceptionFilter
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
GetLastError
SetLastError
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
HeapAlloc
HeapReAlloc
GetStringTypeW
OutputDebugStringW
HeapSize
LCMapStringW
FlushFileBuffers
CreateFileW
user32
wsprintfA
wsprintfW
Exports
Exports
Sections
.text Size: 96KB - Virtual size: 95KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ