37316cd40a67e013a29efe40a35b1324_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

37316cd40a67e013a29efe40a35b1324_JaffaCakes118
Size

1.8MB
MD5

37316cd40a67e013a29efe40a35b1324
SHA1

20f276158e3d5509726d3470898e1e4ee89f9c91
SHA256

557b6d36c471c1a653189d17c4d582abbbc325f7eb132f5c873a68a2235e13cb
SHA512

49c7964dd98b1cc75e9f5135f92582f67d9b2d3cb4703424375b68fc1f6c708fe76852b2b9109a0ecf9210da49c667533b970c3df0c3cdb37476f47cb2175f9f
SSDEEP

49152:bzRVucT3u5yLHSpOBGdPXTWtBbOwWAWBEc6b3SnrSMnDP:bNVFyIHE/6SnbnL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37316cd40a67e013a29efe40a35b1324_JaffaCakes118

Files

37316cd40a67e013a29efe40a35b1324_JaffaCakes118
.dll windows:6 windows x86 arch:x86

383be56dcde68598895f49287d36fdd6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetProcAddress
GetFileSize
ExitProcess
FreeLibrary
CreateDirectoryA
Sleep
FindClose
DeleteFileA
CreateFileW
WriteConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetProcessHeap
LoadLibraryA
GetLastError
FindNextFileA
FindFirstFileA
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
GetStringTypeW
GetACP
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
DecodePointer

ws2_32

WSACancelAsyncRequest
WSAAsyncGetProtoByNumber

comctl32

ord412
ImageList_DragShowNolock

version

VerFindFileA

winmm

mixerClose
mixerMessage
mixerGetID
mmioRenameW
mixerOpen
mixerGetNumDevs

user32

wsprintfA
WindowFromPoint

comdlg32

FindTextW

advapi32

SetServiceStatus

oleaut32

VarCyMul
VarI2FromStr

Exports

Exports

ServiceMain
error_print
modbus_rtu_check_integrity
modbus_rtu_set_rts
modbus_set_bits_from_byte
modbus_tcp_build_response_basis
modbus_tcp_prepare_response_tid
modbus_write_register
random_client_main
srtp_test_remove_stream
test_server

Sections

.text
Size: 1.6MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

383be56dcde68598895f49287d36fdd6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

comctl32

version

winmm

user32

comdlg32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.5MB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 144KB - Virtual size: 146KB

.tls Size: 512B - Virtual size: 512B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 1.6MB - Virtual size: 1.5MB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 144KB - Virtual size: 146KB

.tls
Size: 512B - Virtual size: 512B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB