7e566084b5e0cea252924cd80e1d5cde_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7e566084b5e0cea252924cd80e1d5cde_JaffaCakes118
Size

97KB
MD5

7e566084b5e0cea252924cd80e1d5cde
SHA1

0aee604e78e4b2c79f565c6c721cbd16dc0ea4fd
SHA256

7ab743b5cac150344f35f8e5ac93f5662f84b590b4c69803acfa6791d89fcb30
SHA512

5ea90738df7e93a39233e85a07a4ef27729e7efb1103e181f5ee6d8fd6a8a0bfc8be06c32a443d68be51fbea0bf101d3a6dc2bfbd4840781f1df6686cea9c9da
SSDEEP

3072:aA/OXlQoCsmbZTCYN5G2Lkh/rAmkaGF7B5WNftEV:86TC2LkhzHihyTm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e566084b5e0cea252924cd80e1d5cde_JaffaCakes118

Files

7e566084b5e0cea252924cd80e1d5cde_JaffaCakes118
.dll windows:5 windows x64 arch:x64

412f6a59df6894f4c6a85418eded8750

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\MMVNC.PROXY\VNCSRV\x64\Release_minsize\VNCSRV.pdb

Imports

kernel32

SetThreadPriority
GetLastError
SetLastError
VirtualAlloc
GetVersionExA
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
ExitProcess
SetPriorityClass
GetCurrentProcess
GetExitCodeThread
SetThreadIdealProcessor
GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LoadLibraryW
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
CreateEventA
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
FlsAlloc
FlsFree
FlsGetValue
RtlUnwindEx
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetModuleFileNameW
GetStdHandle
WriteFile
GetModuleHandleW
RtlPcToFileHeader
RaiseException
DecodePointer
EncodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
FlsSetValue
HeapFree
HeapAlloc
TerminateThread
VirtualFree
GetCurrentThread
SetEvent
FreeLibrary
lstrcmpiA
SwitchToThread
GetModuleHandleA
TerminateProcess
OpenFile
LoadLibraryA
GetProcAddress
CreateThread
WriteProcessMemory
CloseHandle
GetCurrentThreadId
FindNextFileA
FindClose
VirtualAllocEx
FindFirstFileA
ReadProcessMemory
Sleep
WaitForSingleObject
OpenProcess
QueryPerformanceCounter

user32

GetAncestor
ChildWindowFromPointEx
EmptyClipboard
CloseWindow
GetWindowThreadProcessId
FindWindowExW
SetThreadDesktop
SetClipboardData
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
PostMessageW
GetSystemMetrics
OpenWindowStationA
CreateDesktopA
SetProcessWindowStation
WindowFromPoint
GetDesktopWindow
SendMessageA
GetThreadDesktop
OpenDesktopA
UpdateWindow
PostMessageA
ShowWindow
CreateWindowExA
InvalidateRect
CloseDesktop
SetParent
TrackPopupMenu
GetClassNameA
EnumDesktopWindows
SetMenuItemInfoA
InsertMenuA
DispatchMessageA
CreatePopupMenu
TranslateMessage
GetMessageA
RegisterClassA
SetClipboardViewer
LoadCursorA
OpenClipboard
DefWindowProcA
ChangeClipboardChain
GetClipboardData
PostQuitMessage
GetWindowDC
GetClassNameW
ReleaseDC
RedrawWindow
EnumChildWindows
IsWindowVisible
PrintWindow
GetWindow
SetWindowPlacement
ScreenToClient
GetWindowRect
IsIconic
NotifyWinEvent
IsZoomed
SetForegroundWindow
GetParent
UnhookWinEvent
GetIconInfo
GetWindowPlacement
GetWindowTextA
SetWinEventHook
BringWindowToTop
GetWindowLongA
SetWindowPos
IsWindow
CloseClipboard

gdi32

GetPixel
CreateCompatibleDC
SelectObject
DeleteObject
CreateBitmap
GetDIBits
StretchBlt
BitBlt
DeleteDC

advapi32

OpenThreadToken
GetTokenInformation
OpenProcessToken
RegEnumKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegGetValueA
LookupAccountSidA

shell32

ExtractIconExA
SHGetSpecialFolderPathA
ExtractAssociatedIconA
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoInitialize

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_SetBkColor

psapi

GetModuleFileNameExA

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

gdiplus

GdiplusStartup
GdipCloneImage
GdipGetImageEncoders
GdipDisposeImage
GdipGetImageEncodersSize
GdipAlloc
GdipCreateBitmapFromGdiDib
GdipCloneBitmapAreaI
GdipFree
GdipSaveImageToStream
GdiplusShutdown

ws2_32

connect
WSAStartup
inet_addr
WSARecv
WSAGetLastError
htons
setsockopt
WSACleanup
socket
WSAGetOverlappedResult
WSACreateEvent
WSAResetEvent
WSAWaitForMultipleEvents
recv
closesocket
send

Exports

Exports

Control
FreeBuffer
NetServerStart
NetServerStop
Release
Start

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SHARDAT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

412f6a59df6894f4c6a85418eded8750

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

psapi

rpcrt4

gdiplus

ws2_32

Exports

Exports

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 3KB - Virtual size: 2KB

.SHARDAT Size: 512B - Virtual size: 16B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 3KB - Virtual size: 2KB

.SHARDAT
Size: 512B - Virtual size: 16B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB