a76ed7873a9e538bfe1e2a67813693e1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a76ed7873a9e538bfe1e2a67813693e1_JaffaCakes118
Size

92KB
MD5

a76ed7873a9e538bfe1e2a67813693e1
SHA1

6c6779b3b22596e69cd745f34bbe026dffd744eb
SHA256

ee3caf4e742622264bbd008dea7a613fedbbe75fe59cf464e35c57498c524810
SHA512

05e35d3a5e2102bc413f24a8158540aa6fa9a889cfaa72d70f604a0d0591ba023f25a3a762d0d7a1b25b297c799f8e17b2a782ea5504ca3a9b300bcab4474ba2
SSDEEP

1536:sfwMOHjGcoumbyk2CDjKh60ZynIE8qgnjHqz/H15UokAIhwVwb:oHcFUDSZyI04jUV+wImqb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a76ed7873a9e538bfe1e2a67813693e1_JaffaCakes118

Files

a76ed7873a9e538bfe1e2a67813693e1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f335b069140557d1e3887371040ec826

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\kernel-proxy\Release\kernel-proxy.pdb

Imports

kernel32

GetFullPathNameA
GetFileAttributesA
GetProcAddress
LoadLibraryA
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventA
SetEvent
ResetEvent
GetCurrentThreadId
FindClose
CreateFileA
WideCharToMultiByte
AreFileApisANSI
GetFullPathNameW
MultiByteToWideChar
SetLastError
GetModuleFileNameA
GetFileAttributesW
FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentProcessId
GetTickCount
FreeLibrary
Sleep
WaitForSingleObject
CreateThread
CloseHandle
GetLastError
VirtualProtect
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime

advapi32

RegOpenKeyA
RegCloseKey
RegQueryValueExA

msvcr71

?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1exception@@UAE@XZ
_except_handler3
__security_error_handler
_mbsupr
sscanf
atol
fread
realloc
??_V@YAXPAX@Z
??_U@YAPAXI@Z
sprintf
fopen
fgets
fclose
strchr
??2@YAPAXI@Z
_CxxThrowException
??0exception@@QAE@ABV0@@Z
strrchr
??3@YAXPAX@Z
__CxxFrameHandler
??0exception@@QAE@XZ
free
malloc
??1type_info@@UAE@XZ
_unlink
_chmod
_stat
_close
_strnicmp
_access

msvcp71

?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

Exports

Exports

HandShake

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f335b069140557d1e3887371040ec826

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msvcr71

msvcp71

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 24KB - Virtual size: 85KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 24KB - Virtual size: 85KB

.reloc
Size: 8KB - Virtual size: 7KB