36fdb3e16a57165112764e4b2c83c08a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

36fdb3e16a57165112764e4b2c83c08a_JaffaCakes118
Size

644KB
MD5

36fdb3e16a57165112764e4b2c83c08a
SHA1

0eebe56465c61172ff53ec698d3b789050566783
SHA256

4ca2f192fdab6ca8df03c41cca1331ab0a539164a265263a2a7fb8a2484ab3f8
SHA512

04ec6f4a1d17901b3f36fb9db357f08bd46dd138d87c48cd0cb3088467c8cf74595006a44693e0097be2a39403896f467e3f9e2956a84e3c7e81fb1028f88d2f
SSDEEP

12288:pLU5ZzOZDJAGKq7Ul+zmkCaicWw6UOISMvQCcOoaUGAyWM+YKE2wi8uI47QCI8Yh:pLU5Zz2Kdl4mkCh7QCcjW6iyUlkD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36fdb3e16a57165112764e4b2c83c08a_JaffaCakes118

Files

36fdb3e16a57165112764e4b2c83c08a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

896989ef6f1fe8fb3a84e0e1c3408e84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\pkierski\!SVN_lc\gg-client\build\Win32\Release DLL\pdb\GGMedia.pdb

Imports

winmm

mixerSetControlDetails
mixerGetControlDetailsA
mixerClose
mixerGetLineInfoA
mixerGetLineControlsA
mixerOpen
waveOutClose
waveInClose
waveOutWrite
waveOutPause
waveOutGetPosition
waveOutRestart
waveOutReset
waveInPrepareHeader
waveInOpen
waveInAddBuffer
waveInReset
waveInGetNumDevs
waveOutGetDevCapsA
waveOutUnprepareHeader
waveInGetPosition
waveInUnprepareHeader
waveOutOpen
waveInGetDevCapsA
waveOutGetNumDevs
waveOutPrepareHeader
waveInStart

ws2_32

ntohl
htonl
ntohs
getsockname
listen
accept
setsockopt
ioctlsocket
inet_ntoa
recvfrom
WSAGetLastError
sendto
bind
send
gethostbyname
closesocket
socket
recv
htons
select
inet_addr
connect
gethostname
__WSAFDIsSet
WSACleanup
WSAStartup

iphlpapi

GetIpAddrTable

libiax2

iax_session_destroy
iax_get_event
iax_hangup
iax_send_voice
iax_send_cng
iax_destroy
iax_reject
iax_answer
iax_event_free
iax_accept
iax_init
iax_session_new
iax_register
iax_call
iax_set_networking
iax_send_dtmf

kernel32

RaiseException
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
GetProcessHeap
GetCommandLineA
GetCurrentThreadId
ExitProcess
GetModuleHandleA
GetProcAddress
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
GetLocaleInfoA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
WaitForSingleObject
GetTickCount
InitializeCriticalSection
Sleep
DeleteCriticalSection
CloseHandle
CreateThread
LeaveCriticalSection
EnterCriticalSection
ExitThread
SetPriorityClass
GetCurrentProcess
QueryPerformanceCounter
GlobalAlloc
CreateEventA
GetEnvironmentVariableA
SetThreadPriority
GetLastError
GlobalFree
ResetEvent
WaitForMultipleObjects
QueryPerformanceFrequency
GetVersionExA
UnhandledExceptionFilter
TerminateProcess
MultiByteToWideChar
ReadFile
ReleaseMutex
HeapAlloc
FreeEnvironmentStringsA
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
SetHandleCount
LoadLibraryA
InterlockedExchange
GetSystemTimeAsFileTime
HeapFree

user32

MessageBoxA

Exports

Exports

authorize
getfactory

Sections

.text
Size: 364KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

896989ef6f1fe8fb3a84e0e1c3408e84

Headers

File Characteristics

PDB Paths

Imports

winmm

ws2_32

iphlpapi

libiax2

kernel32

user32

Exports

Exports

Sections

.text Size: 364KB - Virtual size: 360KB

.rdata Size: 84KB - Virtual size: 81KB

.data Size: 20KB - Virtual size: 281KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 27KB

.text Size: 140KB - Virtual size: 140KB

.text
Size: 364KB - Virtual size: 360KB

.rdata
Size: 84KB - Virtual size: 81KB

.data
Size: 20KB - Virtual size: 281KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 27KB

.text
Size: 140KB - Virtual size: 140KB