1a0c207dafad81f5beb4214eb43d5b01_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1a0c207dafad81f5beb4214eb43d5b01_JaffaCakes118
Size

132KB
MD5

1a0c207dafad81f5beb4214eb43d5b01
SHA1

efb0d28f3d9ab63dd5f7b8ff1182701a3896f9db
SHA256

758d3a40700e567c71ac727a49fdcf1e47cf67d26c4d791e4da623ffdc212be4
SHA512

a02d3c27e8909892a9a9b7e6a09243e18cbc5e2b542e8377aeb5ad72286cef0c4f71e0868f966361b82b1b4e9da3b56f5845dce1f187fde60636b23c88a1032b
SSDEEP

3072:cCZ32aBQ4pmyU9XwhgWDGbGm8/0ywi07YpCf7sJ:7vBQCmyU9XwCLbb8/0xi9Cw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a0c207dafad81f5beb4214eb43d5b01_JaffaCakes118

Files

1a0c207dafad81f5beb4214eb43d5b01_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2223d4ec8f25713399de8eab55e90d49

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Programming\Projects\Npp\Plugin\NppPlugins_CVS\NppPlugins\NppDocShare\build\Release Unicode\NppDocShare.pdb

Imports

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW

ws2_32

send
shutdown
getpeername
inet_ntoa
accept
socket
htons
bind
getsockname
ntohs
listen
WSAGetLastError
inet_addr
WSAStartup
closesocket
recv
gethostbyname
connect

comctl32

ord8

kernel32

GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LCMapStringW
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
LCMapStringA
RtlUnwind
LocalFree
LocalAlloc
lstrlenW
FormatMessageW
GetLastError
CreateDirectoryW
lstrcpyW
GetModuleFileNameW
CloseHandle
CreateFileW
lstrcatW
LeaveCriticalSection
EnterCriticalSection
SetEvent
DeleteCriticalSection
WaitForSingleObject
GetTickCount
CreateEventW
InitializeCriticalSection
CreateThread
ResetEvent
LoadLibraryA
VirtualQuery
InterlockedExchange
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
WriteFile
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
SetUnhandledExceptionFilter
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA

user32

GetDlgItemTextA
GetDlgItemInt
SetWindowLongW
SendDlgItemMessageA
SendDlgItemMessageW
SetDlgItemTextW
EndDialog
InvalidateRect
EnableWindow
wsprintfW
MessageBoxW
GetKeyState
CallWindowProcW
PostMessageW
LoadIconW
SendMessageW
GetDlgItem
CreateDialogParamW
CharNextW

Exports

Exports

beNotified
getFuncsArray
getName
isUnicode
messageProc
setInfo

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2223d4ec8f25713399de8eab55e90d49

Headers

File Characteristics

PDB Paths

Imports

shlwapi

ws2_32

comctl32

kernel32

user32

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 63KB - Virtual size: 66KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 63KB - Virtual size: 66KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 5KB - Virtual size: 5KB