681c10d222767b5de9db3af7a682eec9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

681c10d222767b5de9db3af7a682eec9_JaffaCakes118
Size

122KB
MD5

681c10d222767b5de9db3af7a682eec9
SHA1

00cec9275d44895f39eea33346ae5d713ba3f2e1
SHA256

70badafdc0614817cd3f2e66a76a2728582062dee054c422029d3658c56e125c
SHA512

7eccb3992955e784a8048b7c18793597401e72597901302a78679838f1c321092890a6a97735f434c51d11493c794f7e53f80bb26bb7e1fd58ec6608dd42724a
SSDEEP

1536:FKRnklv+Jd4LtqvSlDfMCv9hEs89D1hx02BpI40luWhMLL0bFK7hXq5R82V4Fz9u:FKRAWaZqifJF85q+LLVhEi2V4FzFqvz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
681c10d222767b5de9db3af7a682eec9_JaffaCakes118

Files

681c10d222767b5de9db3af7a682eec9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d083b563d07e2bccd2416b955589b35c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\imsdk_src\imsdk-20170223\bin\NetProxy.pdb

Imports

yvsdkcomm

n_thirdappid
g_upflow
file_ipaddr
proxy_ipaddr
httpdns_server_ipaddr
room_getip_server_ipaddr
im_getip_server_ipaddr
g_downflow
g_isoversea
voice_recoginition_ipaddr
speech_ipaddr
file_ipaddr_port

ws2_32

WSAStartup
socket
ioctlsocket
getaddrinfo
ntohs
htonl
gethostbyname
inet_ntoa
send
recv
__WSAFDIsSet
select
closesocket
WSAIoctl
setsockopt
WSAGetLastError
connect
htons
inet_addr

yunva_lib

yunva_encrypt
yunva_decrypt

kernel32

QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
CreateThread
SetThreadPriority
ResumeThread
GetSystemTimeAsFileTime
GetCurrentProcessId
IsProcessorFeaturePresent
EncodePointer
OutputDebugStringW
IsDebuggerPresent
SetEvent
Sleep
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
DecodePointer
GetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
CreateEventW

msvcp120

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ

rpcrt4

UuidCreateSequential
UuidCreate

msvcr120

strncmp
tolower
memset
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
??_V@YAXPAX@Z
strncpy
?terminate@@YAXXZ
_except_handler4_common
_except1
__clean_type_info_names_internal
_CxxThrowException
__CxxFrameHandler3
_libm_sse2_pow_precise
floor
memcpy
_purecall
strchr
sscanf
??3@YAXPAX@Z
printf
??2@YAPAXI@Z
memmove
strerror
_errno
malloc
free
_time64
sprintf
atoi
strstr
memchr

Exports

Exports

??0CHttpDnsTool@@QAE@ABV0@@Z
??0CHttpDnsTool@@QAE@P6AXHPBD0@Z@Z
??0CHttpDnsTool@@QAE@XZ
??0CIpFetcher@@QAE@ABV0@@Z
??0CIpFetcher@@QAE@XZ
??0CServerConnectorIm@@QAE@ABV0@@Z
??0CServerConnectorIm@@QAE@XZ
??0CServerConnectorRoom@@QAE@ABV0@@Z
??0CServerConnectorRoom@@QAE@XZ
??0IServerHttpTool@@QAE@ABV0@@Z
??0IServerHttpTool@@QAE@XZ
??1CHttpDnsTool@@QAE@XZ
??1CIpFetcher@@QAE@XZ
??1CServerConnectorIm@@QAE@XZ
??1CServerConnectorRoom@@QAE@XZ
??4CHttpDnsTool@@QAEAAV0@ABV0@@Z
??4CIpFetcher@@QAEAAV0@ABV0@@Z
??4CServerConnectorIm@@QAEAAV0@ABV0@@Z
??4CServerConnectorRoom@@QAEAAV0@ABV0@@Z
??4IServerHttpTool@@QAEAAV0@ABV0@@Z
??_7CHttpDnsTool@@6B@
??_7CServerConnectorIm@@6B@
??_7CServerConnectorRoom@@6B@
??_7IServerHttpTool@@6B@
?CheckNetTypeAsync@CIpFetcher@@QAEHXZ
?ConnectServer@CServerConnectorIm@@QAEHI@Z
?ConnectServer@CServerConnectorRoom@@QAEHI@Z
?GetAddrByHostAsync@CIpFetcher@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@H@Z
?GetDomainlistIp@CHttpDnsTool@@QAEHXZ
?GetIp@CHttpDnsTool@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetIpAddr@CIpFetcher@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z
?GetIpAddrHttpDns@CIpFetcher@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z
?GetIpAddrNns@CIpFetcher@@QAEXXZ
?Init@CIpFetcher@@QAEXXZ
?Ipaddrclear@CIpFetcher@@QAEXXZ
?Release@CIpFetcher@@QAEXXZ
?SetIp@CIpFetcher@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?UnInit@CIpFetcher@@QAEXXZ
?addAddr@CIpFetcher@@QAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?explain_url@CHttpDnsTool@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV23@1AAG@Z
?http_Disconnect@IServerHttpTool@@UAEXXZ
?http_Fail@CHttpDnsTool@@EAEXHPAVhttp_base@@@Z
?http_Fail@CServerConnectorIm@@EAEXHPAVhttp_base@@@Z
?http_Fail@CServerConnectorRoom@@EAEXHPAVhttp_base@@@Z
?http_Release@IServerHttpTool@@UAEXXZ
?http_Respond@CHttpDnsTool@@EAEXPAVhttp_base@@HPAV?$CRingQueue@$0CIAA@@@@Z
?http_Respond@CServerConnectorIm@@EAEXPAVhttp_base@@HPAV?$CRingQueue@$0CIAA@@@@Z
?http_Respond@CServerConnectorRoom@@EAEXPAVhttp_base@@HPAV?$CRingQueue@$0CIAA@@@@Z
get_recv_size
get_send_size
get_signal
ipFetcher
net_checknetwork
net_disconnect
net_exitconnect
net_proxy_generate
net_proxy_get_ip
net_proxy_get_ip_by_host
net_proxy_getnetstatus
net_proxy_init
net_proxy_register
net_proxy_release

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d083b563d07e2bccd2416b955589b35c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

yvsdkcomm

ws2_32

yunva_lib

kernel32

msvcp120

rpcrt4

msvcr120

Exports

Exports

Sections

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 6KB