150ac3ad4a220702764eeb7334d18689_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

150ac3ad4a220702764eeb7334d18689_JaffaCakes118
Size

74KB
MD5

150ac3ad4a220702764eeb7334d18689
SHA1

bae368760507cc665a03c6c7bc7cda9f68b9c6be
SHA256

59203c62d4a0c775f821264659bd891118930051ced1eef387c32dd1bfabfefd
SHA512

9fb0d44385441e65df38e46ced284be2b08de27a663fa6cc4caa3da116cb94d8ee30d44ea10f98a40e20c1e7d425a2e5ec9a23ba958e3982bcb306c0a4ee720b
SSDEEP

1536:sVxeIeSLU1p3aeFuQPuRFgX8F9G9rFX6MKvPVhtlf6Mk:s7emA1daeFfeFDSXEHtlf6Mk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
150ac3ad4a220702764eeb7334d18689_JaffaCakes118

Files

150ac3ad4a220702764eeb7334d18689_JaffaCakes118
.dll windows:5 windows x86 arch:x86

82cba2df23dd8ad1ef495a427b1f1ef3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

snmpapi.pdb

Imports

msvcrt

strncmp
_iob
fflush
fprintf
wcslen
sprintf
_except_handler3
putchar
isprint
fopen
isxdigit
time
localtime
strftime
vsprintf

ntdll

NtQuerySystemInformation
RtlExtendedLargeIntegerDivide
RtlGetNtProductType

kernel32

GlobalAlloc
GlobalReAlloc
GlobalFree
OutputDebugStringA
DisableThreadLibraryCalls
GetVersionExA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
SetLastError

ws2_32

htons
gethostbyname
htonl
getservbyname
inet_addr

Exports

Exports

SnmpSvcAddrIsIpx
SnmpSvcAddrToSocket
SnmpSvcGetEnterpriseOID
SnmpSvcGetUptime
SnmpSvcGetUptimeFromTime
SnmpSvcInitUptime
SnmpSvcSetLogLevel
SnmpSvcSetLogType
SnmpTfxClose
SnmpTfxOpen
SnmpTfxQuery
SnmpUtilAnsiToUnicode
SnmpUtilAsnAnyCpy
SnmpUtilAsnAnyFree
SnmpUtilDbgPrint
SnmpUtilIdsToA
SnmpUtilMemAlloc
SnmpUtilMemFree
SnmpUtilMemReAlloc
SnmpUtilOctetsCmp
SnmpUtilOctetsCpy
SnmpUtilOctetsFree
SnmpUtilOctetsNCmp
SnmpUtilOidAppend
SnmpUtilOidCmp
SnmpUtilOidCpy
SnmpUtilOidFree
SnmpUtilOidNCmp
SnmpUtilOidToA
SnmpUtilPrintAsnAny
SnmpUtilPrintOid
SnmpUtilUTF8ToUnicode
SnmpUtilUnicodeToAnsi
SnmpUtilUnicodeToUTF8
SnmpUtilVarBindCpy
SnmpUtilVarBindFree
SnmpUtilVarBindListCpy
SnmpUtilVarBindListFree

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 490B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82cba2df23dd8ad1ef495a427b1f1ef3

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 56KB - Virtual size: 56KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 490B

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 490B