3626417d6bcab92067b08ad5e814ec4f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3626417d6bcab92067b08ad5e814ec4f_JaffaCakes118
Size

151KB
MD5

3626417d6bcab92067b08ad5e814ec4f
SHA1

85ee73969c19a717f0bb4d80796fa57a069f0bde
SHA256

df35279f50f49bd3b1138df3bdbee7c09a41c842f14d2dae4c51105adc295963
SHA512

e1a01e2718e11d2d86960076a302681b4001ca011e88f2b5429e0abba39298ee416e74b898f0e42409c4a378227e10f96189f4e6759b9614505ca4da6e8c914e
SSDEEP

3072:NAXFfSvGQ9ZnrnoByJbXAHc8QIeZABQ8A/B42s95gtBldO:LVbnbogjAHqVAe/K2sgtBzO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3626417d6bcab92067b08ad5e814ec4f_JaffaCakes118

Files

3626417d6bcab92067b08ad5e814ec4f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

55674d94eec289d62967be60a77c2859

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\php-sdk\snap_5_3\vc9\x86\obj\Release_TS\php5apache2_2_filter.pdb

Imports

php5ts

executor_globals_id
zend_ini_deactivate
php_execute_script
zend_memory_peak_usage
tsrm_startup
sapi_startup
sapi_shutdown
tsrm_shutdown
php_request_shutdown
core_globals_id
sapi_get_default_content_type
php_handle_auth_data
_estrdup
php_request_startup
php_module_startup
ts_resource_ex
sapi_send_headers
sapi_module
php_register_variable_safe
php_register_variable
sapi_free_header
php_handle_aborted_connection
php_module_shutdown_wrapper
zend_error
_erealloc
php_info_print_table_start
php_info_print_table_row
_efree
php_info_print_table_end
add_next_index_stringl
add_next_index_string
_estrndup
_array_init
add_assoc_string_ex
_object_init
add_property_long_ex
add_property_string_ex
zend_parse_parameters
php_error_docref0
sapi_globals_id
zend_hash_copy
_zend_hash_init
zend_hash_destroy
zend_hash_internal_pointer_reset_ex
zend_hash_get_current_key_ex
zend_hash_move_forward_ex
zend_hash_get_current_data_ex
zend_alter_ini_entry
zend_hash_find
_zend_hash_add_or_update

libhttpd

_ap_register_output_filter@16
_ap_hook_post_read_request@16
_ap_hook_insert_filter@16
_ap_hook_post_config@16
_ap_hook_pre_config@16
_ap_save_brigade@16
_ap_add_common_vars@4
_ap_add_cgi_vars@4
_ap_add_output_filter@16
_ap_add_input_filter@16
_ap_add_version_component@8
_ap_auth_type@4
_ap_get_brigade@24
ap_log_rerror
ap_log_error
_ap_set_content_length@12
_ap_pass_brigade@8
ap_loaded_modules
_ap_get_server_version@0
_ap_run_sub_req@4
_ap_destroy_sub_req@4
_ap_sub_req_lookup_uri@12
_ap_server_root_relative@8
_ap_register_input_filter@16

libapr-1

apr_psprintf
_apr_pool_cleanup_register@16
apr_pool_cleanup_null
_apr_palloc@8
_apr_table_elts@4
_apr_table_set@12
_apr_table_get@8
_apr_table_add@12
_apr_table_clear@4
_apr_table_unset@8
_apr_pool_userdata_set@16
_apr_pstrdup@8
_apr_pool_userdata_get@12

libaprutil-1

_apr_bucket_transient_create@12
_apr_brigade_create@8
_apr_bucket_flush_create@4
_apr_brigade_destroy@4
_apr_brigade_flatten@12
_apr_brigade_split@8
_apr_brigade_partition@16
_apr_brigade_length@12
_apr_bucket_eos_create@4
apr_bucket_type_eos
_apr_brigade_cleanup@4

msvcr90

_stricmp
_strdup
_strnicmp
_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
_setjmp3
memset
strncmp
atoi
realloc
free
strtol
memcpy
strchr

kernel32

GetSystemTimeAsFileTime
Sleep
InterlockedCompareExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedExchange
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls

Exports

Exports

php5_module

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 128KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

55674d94eec289d62967be60a77c2859

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

php5ts

libhttpd

libapr-1

libaprutil-1

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text Size: 128KB - Virtual size: 132KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 128KB - Virtual size: 132KB