8dccb5fdcb635f1be1a4a6e3c4771c08_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8dccb5fdcb635f1be1a4a6e3c4771c08_JaffaCakes118
Size

858KB
MD5

8dccb5fdcb635f1be1a4a6e3c4771c08
SHA1

b250139f750cb8ff8d9d91178459871f6f11c962
SHA256

4180e68810203f6c7c01fe91b9b6191eb1a5096760e2414a9e1532c662b492ed
SHA512

55cc909792bee49d54e58b6685ab2dea97609580e5fe21875ba0850be2046afd95bedb00531998232d8cde63a3452c79c67b242069c4a7ef3d551631a3494c46
SSDEEP

24576:W9wcqfAj/P3pBEbLLqAvpsjKh3nfRl47b2NDg0zs:kwci2P3jGLLqAv223nfRu7b2m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rf.dll

Files

8dccb5fdcb635f1be1a4a6e3c4771c08_JaffaCakes118
.zip
rf.dll
.dll windows:5 windows x86 arch:x86

ddfeab7f8f01d2a2904a730b3080e0e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\LPLoader\release\Release_Mule.pdb

Imports

kernel32

GetCurrentProcess
OpenProcess
DuplicateHandle
TerminateProcess
OutputDebugStringA
CreateMutexA
MapViewOfFile
UnmapViewOfFile
CreateProcessA
SetPriorityClass
ResumeThread
CreateToolhelp32Snapshot
Module32First
ExpandEnvironmentStringsA
HeapAlloc
GetProcessHeap
HeapFree
Process32First
Process32Next
GetCurrentProcessId
FindResourceA
LoadResource
SizeofResource
LockResource
FreeResource
WriteFile
DeleteFileA
GetTempPathA
GetTempFileNameA
OpenFileMappingA
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
EnterCriticalSection
ReleaseMutex
LeaveCriticalSection
VirtualAlloc
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
VirtualFree
IsBadReadPtr
VirtualProtect
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
GetThreadPriority
SetThreadPriority
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
CreateThread
GetProcessAffinityMask
SetProcessAffinityMask
VirtualQuery
WaitForMultipleObjects
SetEnvironmentVariableA
CompareStringW
CreateFileW
SetEndOfFile
SetLastError
GetSystemDirectoryA
GetWindowsDirectoryA
GlobalMemoryStatusEx
GetVersionExA
LocalAlloc
LocalFree
GetSystemInfo
FreeLibrary
GetLocalTime
GetTickCount
GetModuleFileNameA
GetModuleHandleA
GetFileAttributesA
CloseHandle
LoadLibraryW
InterlockedExchange
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetLocaleInfoW
HeapSize
GetModuleFileNameW
ExitProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
HeapDestroy
HeapCreate
GetConsoleMode
GetConsoleCP
SetFilePointer
ReadFile
RtlUnwind
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
GetLastError
CreateFileA
GetProcAddress
LoadLibraryA
GetPriorityClass
UnhandledExceptionFilter
GetCurrentThreadId
DecodePointer
EncodePointer
HeapReAlloc
GetSystemTimeAsFileTime

user32

GetWindow
GetWindowTextA
GetDesktopWindow

advapi32

RegQueryValueExA
RegCloseKey
SetSecurityDescriptorDacl
GetLengthSid
InitializeSecurityDescriptor
LookupAccountSidA
FreeSid
AddAccessAllowedAce
InitializeAcl
AllocateAndInitializeSid
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueA
SetSecurityInfo
SetEntriesInAclA
OpenProcessToken
RegOpenKeyA

oleaut32

VariantClear

ws2_32

WSAStartup
WSACleanup
gethostname
gethostbyname
inet_ntoa
ntohl
inet_addr

wininet

InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetCrackUrlA
InternetReadFile
HttpQueryInfoA
InternetCanonicalizeUrlA
InternetOpenUrlA

netapi32

Netbios

iphlpapi

GetBestInterface
GetIpAddrTable
SendARP
GetAdaptersInfo

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

Exports

Exports

Run

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ddfeab7f8f01d2a2904a730b3080e0e4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

oleaut32

ws2_32

wininet

netapi32

iphlpapi

setupapi

Exports

Exports

Sections

.text Size: 224KB - Virtual size: 223KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 7KB - Virtual size: 18KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 224KB - Virtual size: 223KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 7KB - Virtual size: 18KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 20KB - Virtual size: 19KB