3402b7ae4eab8e4b3684d463e4b67eb3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3402b7ae4eab8e4b3684d463e4b67eb3_JaffaCakes118
Size

168KB
MD5

3402b7ae4eab8e4b3684d463e4b67eb3
SHA1

618ba24294c0357794c0975cc73e36f5af395458
SHA256

41bc624bb2df23e10c2682e293a35778e523c95110cd60a795edc14f41c793af
SHA512

99addc3bf887a897bc697f2373c4fb22c57631161c0f38565f4b248781572609b3740cd2dfa97b92b71eb778ccc9c3d4274bbdcf3e0559c5226d60f57567ae77
SSDEEP

3072:Dhj8ZvkD6qFpgEVIWPL9hZNh8agztUy6B:DhwWrVIkhZknu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3402b7ae4eab8e4b3684d463e4b67eb3_JaffaCakes118

Files

3402b7ae4eab8e4b3684d463e4b67eb3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

87012d775a531307da838be96080278c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Projects\pLan\Client\DLL\Release\pLan.pdb

Imports

ws2_32

socket
bind
setsockopt
connect
htonl
getsockopt
getsockname
WSASetLastError
getpeername
WSAGetLastError
ntohs
inet_ntoa
inet_addr
htons
gethostname
gethostbyname

wininet

InternetOpenA
InternetReadFile
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle

kernel32

ReadFile
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
HeapReAlloc
GetCurrentProcessId
SetEndOfFile
VirtualAlloc
IsBadReadPtr
VirtualFree
GetProcAddress
GetModuleHandleA
VirtualProtect
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
GetTickCount
CreateThread
GetLastError
TerminateThread
GetModuleFileNameA
QueryPerformanceCounter
HeapCreate
HeapDestroy
GetEnvironmentStringsW
CompareStringA
CompareStringW
DisableThreadLibraryCalls
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStrings
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
GetCurrentProcess
SetEnvironmentVariableA
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetTimeZoneInformation
CloseHandle
SetFilePointer
RtlUnwind
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
LCMapStringA
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsA

user32

SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyA

shell32

SHGetFolderPathA

Exports

Exports

Hooker
Unhooker
Version

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87012d775a531307da838be96080278c

Headers

File Characteristics

PDB Paths

Imports

ws2_32

wininet

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 106KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 16KB

.sdata Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 16KB

.sdata
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 8KB