plugx | 77363996b2b67f31b9c7d99913a6a192_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

77363996b2b67f31b9c7d99913a6a192_JaffaCakes118
Size

192KB
MD5

77363996b2b67f31b9c7d99913a6a192
SHA1

209427e5780d41bf512483b89f9b97b1d23d8835
SHA256

3cf78a6d0244c33a14905f91f9912e2c7255c3247313456ca4eec93a7839abbd
SHA512

51d5735a6d2557f2f19f5c0627a37f6effc56b0627e8843afdd0c33013bf07c42c511c100af54eacc26867e2c157145345a6559c4d181df6023a7c68cd53c455
SSDEEP

3072:8+4wi6QVNbGTiDA9+/eA72Rd5DdYneSP2WjT7TG3dzpp9ZjdsHQT:li3VIWBF2Rd5DyneSP20EViw

Score

10^/10

plugx

Malware Config

Signatures

Detects PlugX payload 1 IoCs

Processes:

resource yara_rule

sample family_plugx
Plugx family
plugx

resource	yara_rule
sample	family_plugx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
77363996b2b67f31b9c7d99913a6a192_JaffaCakes118

Files

77363996b2b67f31b9c7d99913a6a192_JaffaCakes118
.dll windows:5 windows x86 arch:x86

4e93f006a7a217646c4deea8a050114b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ResumeThread
VirtualQueryEx
CreateFileMappingW
MapViewOfFile
VirtualProtect
GetFileAttributesW
SetErrorMode
OpenFileMappingW
SetFilePointer
SetEndOfFile
GlobalLock
GetLocalTime
GlobalUnlock
QueryDosDeviceW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
FindFirstFileW
FindClose
FindNextFileW
FlushFileBuffers
SetFileTime
GetFileTime
CreateDirectoryW
ExpandEnvironmentStringsW
GetProcessHeap
HeapFree
lstrcpyW
QueryPerformanceFrequency
QueryPerformanceCounter
CreateNamedPipeW
ConnectNamedPipe
GetOverlappedResult
GetConsoleCP
FreeConsole
GetConsoleOutputCP
GetConsoleWindow
AllocConsole
SetConsoleCtrlHandler
GetModuleHandleA
GetStdHandle
WriteConsoleInputW
GenerateConsoleCtrlEvent
GetConsoleMode
GetConsoleDisplayMode
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
ReadConsoleOutputW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
GetModuleHandleW
RemoveDirectoryW
GetComputerNameW
ProcessIdToSessionId
lstrcpynA
ResetEvent
VirtualProtectEx
CreateThread
lstrcmpA
ExitThread
LocalAlloc
lstrcatW
OutputDebugStringA
LocalFree
LocalLock
LocalUnlock
PostQueuedCompletionStatus
LocalReAlloc
CreateIoCompletionPort
TerminateThread
GetCurrentThread
GetQueuedCompletionStatus
QueueUserAPC
GlobalMemoryStatus
DeleteFileW
WriteProcessMemory
ReadProcessMemory
OpenProcess
GetVersionExW
GetCurrentThreadId
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
lstrlenW
WriteFile
SetFileAttributesW
ReadFile
GetFileSize
CreateFileW
lstrcpyA
lstrcmpW
lstrcpynW
WaitForMultipleObjects
GetTickCount
CreateEventW
CreateProcessW
GetCurrentProcessId
lstrcmpiW
ExitProcess
GetCurrentProcess
TerminateProcess
GetLastError
CreateMutexW
GetCommandLineW
VirtualFreeEx
VirtualAllocEx
GetExitCodeThread
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
GetSystemDefaultLCID
GetSystemInfo
DisconnectNamedPipe
GetSystemTime
CloseHandle
WaitForSingleObject
SetEvent
GetProcAddress
LoadLibraryA
SetConsoleScreenBufferSize
Sleep

user32

GetAsyncKeyState
GetWindowThreadProcessId
GetClassNameW
GetWindowTextW
GetForegroundWindow
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
CloseDesktop
CreateDesktopW
GetKeyState
DispatchMessageW
TranslateMessage
GetMessageW
SetTimer
ExitWindowsEx
GetIconInfo
DestroyIcon
SetWindowLongW
CloseClipboard
GetClipboardData
OpenClipboard
GetPriorityClipboardFormat
DefWindowProcW
LoadCursorW
WindowFromPoint
SetCapture
SetCursorPos
mouse_event
keybd_event
OpenWindowStationW
GetProcessWindowStation
SetProcessWindowStation
OpenInputDesktop
GetThreadDesktop
SetThreadDesktop
CloseWindowStation
PostMessageA
ShowWindow
KillTimer
EndPaint
BeginPaint
PostQuitMessage
ChangeClipboardChain
SetClipboardViewer
DefWindowProcA
GetSystemMetrics
wsprintfA
MessageBoxW
wsprintfW
CreateWindowExW

gdi32

CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
GdiFlush
BitBlt
GetDeviceCaps
DeleteDC
DeleteObject
GetDIBits
CreateDCW
SelectObject

advapi32

QueryServiceStatusEx
StartServiceW
ChangeServiceConfig2W
CreateServiceW
OpenServiceW
OpenSCManagerW
DeleteService
InitiateSystemShutdownA
DuplicateTokenEx
CreateProcessAsUserW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceConfig2W
ControlService
ChangeServiceConfigW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
LookupAccountSidW
GetLengthSid
SetTokenInformation
RegEnumValueA
ImpersonateLoggedOnUser
RegOpenCurrentUser
RegOverridePredefKey
RevertToSelf
RegEnumValueW
CloseServiceHandle

shell32

ExtractIconExW
CommandLineToArgvW
SHFileOperationW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantClear

odbc32

ord136
ord43
ord13
ord127
ord18
ord61
ord111
ord9
ord141
ord75
ord24
ord171
ord31
ord157
ord2

wtsapi32

WTSEnumerateProcessesW

ws2_32

setsockopt
closesocket
WSARecvFrom
WSASocketA
getsockname
bind
WSASendTo
WSACleanup
WSAGetLastError
WSAStartup
WSAIoctl

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e93f006a7a217646c4deea8a050114b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

odbc32

wtsapi32

ws2_32

Sections

.text Size: 125KB - Virtual size: 124KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 40KB - Virtual size: 55KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 125KB - Virtual size: 124KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 40KB - Virtual size: 55KB

.reloc
Size: 11KB - Virtual size: 10KB