fd4dd68724057998c63112a9e06dabc5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fd4dd68724057998c63112a9e06dabc5_JaffaCakes118
Size

256KB
MD5

fd4dd68724057998c63112a9e06dabc5
SHA1

63ece0ee6557b8d87f8051b5743ef32c8b0699a9
SHA256

7e21dfcf7e2720c428b236cd12ef9b663c692525e4fceb35cd66aa3722ba8865
SHA512

5d7ac9c9cd5b15e15ea26e31a7e6c31cfde7605b5bfdd4148fc8c3b7118dda9a9b5876be604ffda4fa237d34c819184c7f8a639472b7e8392fd824420283db79
SSDEEP

3072:gKj5pEkexSEKJJGxU0bw28xBYRwZC4/+DHrb1xd+j7ylpoDgM7+wYcqkhrb/k:1jvSStJGxXw37YvUILb5+jYw9qyqyXk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd4dd68724057998c63112a9e06dabc5_JaffaCakes118

Files

fd4dd68724057998c63112a9e06dabc5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

cfc50272764ebe2f5f223b4a42f99250

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\work\cool-369\dist\Win32\release\CoolSocket.pdb

Imports

kernel32

GetModuleFileNameA
DisableThreadLibraryCalls

user32

KillTimer
SetTimer

wsock32

htonl
WSAGetLastError
send
connect
htons
sendto
bind
setsockopt
inet_ntoa
WSACleanup
ntohs
inet_addr
getsockname
getpeername
recv
recvfrom
WSAAsyncSelect
WSAStartup
closesocket
socket
listen
accept
gethostbyname
gethostname
WSAAsyncGetHostByName
WSACancelAsyncRequest

xprt

_XprtAtomicIncrement@4
_XprtAtomicDecrement@4
_XprtFreeString@4
xprt_memcpy
xprt_memset
_XprtInetAtoN@12
?GetString@TBstr@XPRT@@QBEPBGXZ
?GetMultibyteString@TBstr@XPRT@@QBEPBDXZ
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z
_XprtPostMessage@16
_XprtReleaseMessageId@4
??1TBstr@XPRT@@QAE@XZ
?Detach@TBstr@XPRT@@QAEPAGXZ
?Init@TCritSec@XPRT@@QAEXXZ
?Term@TCritSec@XPRT@@QAEXXZ
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?Lock@TCritSec@XPRT@@QAEXXZ
?Unlock@TCritSec@XPRT@@QAEXXZ
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
??1TPtrFromPtrMap@XPRT@@QAE@XZ
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
_XprtGetMessageQueue@0
_XprtRequestMessageId@0
??0TBstr@XPRT@@QAE@XZ
_XprtRegisterMessageCallback@8
_XprtUnregisterMessageCallback@4
?Empty@TBstr@XPRT@@QAEXXZ
?GetBstrPtr@TBstr@XPRT@@QAEPAPAGXZ
?Assign@TBstr@XPRT@@QAEAAV12@PBD@Z
_XprtMemFree@4
??0TBstr@XPRT@@QAE@PBG@Z
??0TPtrArray@XPRT@@QAE@XZ
_XprtAllocString@4
?Attach@TBstr@XPRT@@QAEXPAG@Z
?SetSize@TPtrArray@XPRT@@QAEXHH@Z
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
?InsertAt@TPtrArray@XPRT@@QAEXHPAXH@Z
??1TPtrArray@XPRT@@QAE@XZ
?RemoveAt@TPtrArray@XPRT@@QAEXHH@Z
?Compare@TBstr@XPRT@@QBEHPBG@Z
?CompareNoCase@TBstr@XPRT@@QBEHPBG@Z
?CompareNormal@TBstr@XPRT@@QBEHPBG@Z
?Append@TPtrArray@XPRT@@QAEHABV12@@Z
??1TPtrList@XPRT@@QAE@XZ
??0TPtrList@XPRT@@QAE@H@Z
?AddTail@TPtrList@XPRT@@QAEPAU__POSITION@2@PAX@Z
?RemoveHead@TPtrList@XPRT@@QAEPAXXZ
?RemoveAll@TPtrList@XPRT@@QAEXXZ
xprt_uintlen
xprt_intlen
_XprtStringLen@4
_XprtStringUtf8ByteLen@4
kUnicodeEncoding
kUtf8Encoding
kLatin1Encoding
kAsciiEncoding
?IsEmpty@TBstr@XPRT@@QBE_NXZ
kEnglishLanguage
?GetBestEncoding@TBstr@XPRT@@QBE?AV12@XZ
_XprtBinToBase64@16
??0TBstr@XPRT@@QAE@PBGH@Z
_XprtUtf8ToString@16
xprt_memmove
_XprtBase64ToBin@12
?GetLength@TBstr@XPRT@@QBEHXZ
_XprtStringToUtf8@16
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
xprt_iswdigit
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
?Copy@TBstr@XPRT@@QBEPAGXZ
?GetAt@TBstr@XPRT@@QBEGH@Z
?Format@TBstr@XPRT@@QAAXPBGZZ
_XprtMemAlloc@4
??0TBstr@XPRT@@QAE@PBD@Z
xprt_memcmp
xprt_rand

xpcs

_XpcsCreateSimpleInstance@12
_XpcsRegisterClass@8
_XpcsUnregisterClass@4

xptl

_XptlModuleTerm@4
_XptlModuleRegisterServer@12
_XptlModuleUnregisterServer@8
_XptlModuleGetClassObject@16
_XptlComPtrAssign@8
_XptlInternalQueryInterface@16
_XptlModuleInit@12

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cfc50272764ebe2f5f223b4a42f99250

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

wsock32

xprt

xpcs

xptl

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 312B

.rsrc Size: 4KB - Virtual size: 1024B

.reloc Size: 8KB - Virtual size: 4KB

.text Size: 184KB - Virtual size: 184KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 312B

.rsrc
Size: 4KB - Virtual size: 1024B

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 184KB - Virtual size: 184KB