fb0af500eac514d94091c16eb7cb2fb9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb0af500eac514d94091c16eb7cb2fb9_JaffaCakes118
Size

182KB
MD5

fb0af500eac514d94091c16eb7cb2fb9
SHA1

6d51745ddf0cbc6d826881fa652124658be91af4
SHA256

940676f21df4e99d6a982f7a34a3718c72da3d162c20bad3399a7cb03fa7abec
SHA512

42711896b6531c24e99353dd6f5e32c67c9e70056aee711c0c34c8fa942284c5fe3baf6a7199ec3b1d1c3c4647aa1047ecb58f56bf2f4338e9594337a8349b37
SSDEEP

3072:rLNro41T02/LQxTarXYNdFsqgE/71UC3B9MI1P8oLbbukadUKZeywOziWm:rLNrj1g2/LQxyYNdFvHPjXu76tWmW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb0af500eac514d94091c16eb7cb2fb9_JaffaCakes118

Files

fb0af500eac514d94091c16eb7cb2fb9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6fae978333d61889840352da72edd052

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\buildbot\wireshark\trunk-1.2-32\winxpx86\build\plugins\opcua\opcua.pdb

Imports

libwireshark

dissect_nt_64bit_time
proto_tree_add_string
tvb_get_guint8
tvb_get_letohs
proto_tree_add_text
proto_register_field_array
dissector_delete
dissector_add
col_set_str
tvb_memeql
check_col
proto_tree_add_item
proto_item_add_subtree
tvb_get_letohl
tcp_dissect_pdus
create_dissector_handle
range_foreach
range_copy
proto_register_protocol
proto_register_subtree_array
ep_strdup_printf
range_convert_str
prefs_register_protocol
prefs_register_range_preference

libglib-2.0-0

g_snprintf
g_free

msvcr90

_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange

Exports

Exports

plugin_reg_handoff
plugin_register
version

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fae978333d61889840352da72edd052

Headers

File Characteristics

PDB Paths

Imports

libwireshark

libglib-2.0-0

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 50KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 114KB - Virtual size: 116KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 114KB - Virtual size: 116KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB