24ea18e954a03782ee7fb4394e6360f8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24ea18e954a03782ee7fb4394e6360f8_JaffaCakes118
Size

1.0MB
MD5

24ea18e954a03782ee7fb4394e6360f8
SHA1

313c13d2512b513cd191209232a7d44320ad4a7b
SHA256

f4e2e49a732c7bf885b8aed2a005004a6ce7763dab7f01a1d36760cba74e8f3b
SHA512

aebe5cc0db7049e5a534a3a37b0ca53f9578fcf83ea2d36b04a95896fb28c6ee7497b60d456d0a47c93b9568137ae5cd5078167bfb7b701fb4e15677514ba0c0
SSDEEP

24576:Ko9wd8p9Cg1Gc46Aotp3aGPZoEvjzrPpF87QkXIVYgVIgnkI:KbyH1Gsnp35RH73RkYrFnkI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LPDragoon.dll

Files

24ea18e954a03782ee7fb4394e6360f8_JaffaCakes118
.zip
LPDragoon.dll
.dll windows:5 windows x86 arch:x86

0c942ddcccb1c83aa08c25a6330e9f41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\CPP_OLD\Projects\LPBusiness\Release\LPDragoon.pdb

Imports

kernel32

SetLastError
GetCurrentProcess
OpenProcess
DuplicateHandle
TerminateProcess
CreateMutexA
LoadLibraryExA
MapViewOfFile
UnmapViewOfFile
CreateProcessA
SetFileAttributesA
GetLogicalDriveStringsA
lstrcmpiA
QueryDosDeviceA
lstrlenA
lstrcatA
HeapAlloc
GetProcessHeap
HeapFree
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcessId
FindResourceA
LoadResource
SizeofResource
LockResource
FreeResource
GetTempPathA
GetTempFileNameA
OpenFileMappingA
DeleteCriticalSection
WaitForSingleObject
ReleaseMutex
MoveFileExA
VirtualAlloc
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
VirtualFree
IsBadReadPtr
VirtualProtect
InterlockedIncrement
InterlockedDecrement
FindResourceW
FindResourceExW
SetFilePointer
SetFileTime
ReadFile
CreateDirectoryA
GetCurrentDirectoryA
LocalFileTimeToFileTime
VirtualQuery
CreateThread
InitializeCriticalSectionAndSpinCount
Sleep
RaiseException
GetProcessId
GetCurrentThreadId
ExitProcess
FormatMessageA
GetFileSize
MapViewOfFileEx
CreateFileMappingW
GetModuleHandleW
MoveFileA
CompareStringW
CreateFileW
SetEndOfFile
SetStdHandle
GetPrivateProfileSectionA
GetSystemDirectoryA
GetWindowsDirectoryA
lstrcpyA
GlobalMemoryStatusEx
GetVersionExA
LocalAlloc
LocalFree
GetSystemInfo
WriteFile
EnterCriticalSection
ExpandEnvironmentStringsA
GetTickCount
GetModuleFileNameA
GetModuleHandleA
GetFileAttributesA
CloseHandle
CreateFileA
GetProcAddress
LoadLibraryA
FreeLibrary
OutputDebugStringA
SystemTimeToFileTime
GetLocalTime
WriteConsoleW
LoadLibraryW
FlushFileBuffers
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetLocaleInfoW
GetStartupInfoW
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetModuleFileNameW
GetStdHandle
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RtlUnwind
GetSystemTimeAsFileTime
InterlockedExchange
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
HeapDestroy
DeleteFileA
GetLastError
InitializeCriticalSection
LeaveCriticalSection

advapi32

LookupAccountSidA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegCreateKeyExA
SetSecurityDescriptorDacl
GetLengthSid
InitializeSecurityDescriptor
ControlService
StartServiceA
DeleteService
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetNamedSecurityInfoA
FreeSid
AddAccessAllowedAce
InitializeAcl
AllocateAndInitializeSid
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueA
SetSecurityInfo
SetEntriesInAclA
OpenProcessToken
RegSetValueExA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
ord51
ord165
ShellExecuteExA

ole32

CoCreateInstance
CoInitialize
CoAddRefServerProcess
CoReleaseServerProcess

oleaut32

VariantClear

shlwapi

PathAddBackslashA
SHDeleteKeyA
PathIsDirectoryA
PathRemoveFileSpecA
PathFileExistsA

wininet

InternetConnectA
HttpOpenRequestA
InternetCloseHandle
InternetSetOptionA
InternetCanonicalizeUrlA
InternetOpenUrlA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
InternetCrackUrlA
FindCloseUrlCache
InternetOpenA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ws2_32

WSAStartup
WSACleanup
gethostname
gethostbyname
inet_ntoa
inet_addr
ntohl

netapi32

Netbios

iphlpapi

GetBestInterface
SendARP
GetIpAddrTable
GetAdaptersInfo

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

psapi

GetProcessImageFileNameA

Exports

Exports

Run

Sections

.text
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c942ddcccb1c83aa08c25a6330e9f41

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

version

ws2_32

netapi32

iphlpapi

setupapi

psapi

Exports

Exports

Sections

.text Size: 346KB - Virtual size: 345KB

.rdata Size: 78KB - Virtual size: 77KB

.data Size: 136KB - Virtual size: 148KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 346KB - Virtual size: 345KB

.rdata
Size: 78KB - Virtual size: 77KB

.data
Size: 136KB - Virtual size: 148KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 34KB - Virtual size: 34KB