0d8e832a2b3e8e298fbc46c68e9209cf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d8e832a2b3e8e298fbc46c68e9209cf_JaffaCakes118
Size

510KB
MD5

0d8e832a2b3e8e298fbc46c68e9209cf
SHA1

6abab2c8d5eb9af6c576e1a94d2d3570211ae7ab
SHA256

9cbfb3323f210da6bd1ffa5a51dcb9670230753755c558af09413a2b812b4cbe
SHA512

98bf31713ff4d77de4a71bd26a70224a10a511c5aa4e82c07f57b7b1ecd5979acdff10e63150c86cdbe4f5c528b557c78690d1ef61462ba0d5f8ebe5347ea66a
SSDEEP

12288:sVdOF1/lLIPW/ODF93EaO7mFQ07XfmB+8snDbj8hG5p8g0:rTuPW/YX4cPY+XbohG5p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d8e832a2b3e8e298fbc46c68e9209cf_JaffaCakes118

Files

0d8e832a2b3e8e298fbc46c68e9209cf_JaffaCakes118
.dll windows:5 windows x86 arch:x86

44e03dba94e4b7715f9275efb08d3483

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Ruan\Source\Source\Debug\ws2_32.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
SetCurrentDirectoryA
GetCommandLineA
GetWindowsDirectoryA
CreateProcessA
IsDebuggerPresent
RaiseException
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetLastError
DeleteFileA
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
HeapValidate
IsBadReadPtr
CloseHandle
RtlUnwind
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
FatalAppExitA
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
SetConsoleCtrlHandler
LoadLibraryW
HeapSize
HeapReAlloc
VirtualAlloc
SetStdHandle
FlushFileBuffers
CreateFileA
InitializeCriticalSectionAndSpinCount
GetTimeFormatA
GetDateFormatA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
ReadFile
InterlockedExchange
SetEndOfFile
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

FreeAddrInfoW
GetAddrInfoW
GetNameInfoW
WEP
WPUCompleteOverlappedRequest
WSAAccept
WSAAddressToStringA
WSAAddressToStringW
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSAAsyncGetProtoByName
WSAAsyncGetProtoByNumber
WSAAsyncGetServByName
WSAAsyncGetServByPort
WSAAsyncSelect
WSACancelAsyncRequest
WSACancelBlockingCall
WSACleanup
WSACloseEvent
WSAConnect
WSACreateEvent
WSADuplicateSocketA
WSADuplicateSocketW
WSAEnumNameSpaceProvidersA
WSAEnumNameSpaceProvidersW
WSAEnumNetworkEvents
WSAEnumProtocolsA
WSAEnumProtocolsW
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAGetQOSByName
WSAGetServiceClassInfoA
WSAGetServiceClassInfoW
WSAGetServiceClassNameByClassIdA
WSAGetServiceClassNameByClassIdW
WSAHtonl
WSAHtons
WSAInstallServiceClassA
WSAInstallServiceClassW
WSAIoctl
WSAIsBlocking
WSAJoinLeaf
WSALookupServiceBeginA
WSALookupServiceBeginW
WSALookupServiceEnd
WSALookupServiceNextA
WSALookupServiceNextW
WSANSPIoctl
WSANtohl
WSANtohs
WSAProviderConfigChange
WSARecv
WSARecvDisconnect
WSARecvFrom
WSARemoveServiceClass
WSAResetEvent
WSASend
WSASendDisconnect
WSASendTo
WSASetBlockingHook
WSASetEvent
WSASetLastError
WSASetServiceA
WSASetServiceW
WSASocketA
WSASocketW
WSAStartup
WSAStringToAddressA
WSAStringToAddressW
WSAUnhookBlockingHook
WSAWaitForMultipleEvents
WSApSetPostRoutine
WSCDeinstallProvider
WSCEnableNSProvider
WSCEnumProtocols
WSCGetProviderPath
WSCInstallNameSpace
WSCInstallProvider
WSCUnInstallNameSpace
WSCUpdateProvider
WSCWriteNameSpaceOrder
WSCWriteProviderOrder
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getnameinfo
getpeername
getprotobyname
getprotobynumber
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.textbss
Size: - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 389KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WS2_32_
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44e03dba94e4b7715f9275efb08d3483

Headers

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.textbss Size: - Virtual size: 185KB

.text Size: 389KB - Virtual size: 388KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 5KB - Virtual size: 16KB

.idata Size: 3KB - Virtual size: 3KB

.WS2_32_ Size: 11KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 18KB

.textbss
Size: - Virtual size: 185KB

.text
Size: 389KB - Virtual size: 388KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 5KB - Virtual size: 16KB

.idata
Size: 3KB - Virtual size: 3KB

.WS2_32_
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB