831212c19f51bbaa58f1a6806ab75ce1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

831212c19f51bbaa58f1a6806ab75ce1_JaffaCakes118
Size

1.5MB
MD5

831212c19f51bbaa58f1a6806ab75ce1
SHA1

3b8bd98db80a5ac264078f2d6e6cf4f80f4e5fc8
SHA256

f7601c007a0695b0709df27fda6b93669f9097fda3c73ab2e2016c32c04ec2b3
SHA512

edbb229cd4bfdc4e48e04cf783c307f965b87f1686fab94e706831f4312913db917b4fd7d663b035d216754bc121796026d947c448a76ab0ccf8a4d091ed5894
SSDEEP

24576:2UVoI2OjTmf6OCuYDpOH87CZZYM7bIlb3Zp/dKP/S94ps4gSV:VuCW82ZMbZFdKP/SGps4/V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
831212c19f51bbaa58f1a6806ab75ce1_JaffaCakes118

Files

831212c19f51bbaa58f1a6806ab75ce1_JaffaCakes118
.dll windows:6 windows x86 arch:x86

dc643e1edf56f40fce9f348b151e4412

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

z:\halo\dev\hacclient\loader-v2\release\loader.pdb

Imports

kernel32

ReleaseMutex
VirtualProtect
GetCurrentDirectoryW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
FindFirstFileW
CreateMutexA
GetTickCount
CreateThread
GetTempPathA
GetExitCodeThread
SetCurrentDirectoryA
GetModuleHandleA
WaitForSingleObject
GetFullPathNameA
GetCommandLineW
GetProcAddress
CloseHandle
DeleteFileA
LoadLibraryA
CreateFileA
GetVersion
GetCurrentDirectoryA
HeapSize
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExA
GetFileSizeEx
GetLastError
OutputDebugStringA
GetStdHandle
GetFileType
WriteFile
GetModuleHandleW
MultiByteToWideChar
DeleteFiber
WideCharToMultiByte
GetSystemTimeAsFileTime
ConvertFiberToThread
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
SetLastError
GetSystemTime
SystemTimeToFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
ReadFile
CreateFileW
GetConsoleCP
SetFilePointerEx
GetModuleFileNameA
GetModuleHandleExW
WriteConsoleW
ExitProcess
SetConsoleCtrlHandler
GetACP
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
SetEndOfFile
GetTimeZoneInformation
HeapReAlloc
FindClose
GetFullPathNameW

user32

DestroyWindow
MessageBoxW
ShowWindow
CreateDialogParamA
PostQuitMessage
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW

shell32

CommandLineToArgvW
ord165
SHGetSpecialFolderPathA

ws2_32

recv
WSACleanup
WSASetLastError
send
closesocket
WSAGetLastError

winhttp

WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

advapi32

CryptEnumProvidersW
CryptGenRandom
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 1014KB - Virtual size: 1013KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc643e1edf56f40fce9f348b151e4412

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ws2_32

winhttp

crypt32

advapi32

Exports

Exports

Sections

.text Size: 1014KB - Virtual size: 1013KB

.rdata Size: 384KB - Virtual size: 383KB

.data Size: 35KB - Virtual size: 49KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 53KB - Virtual size: 53KB

.text
Size: 1014KB - Virtual size: 1013KB

.rdata
Size: 384KB - Virtual size: 383KB

.data
Size: 35KB - Virtual size: 49KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 53KB - Virtual size: 53KB