46af89a53b2cce2de6a74507c05acf24_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46af89a53b2cce2de6a74507c05acf24_JaffaCakes118
Size

252KB
MD5

46af89a53b2cce2de6a74507c05acf24
SHA1

c117e31b8e113f8ad79b438c8650ad76bca44a18
SHA256

fdeb079fa083d0a14ff6db2280da280648e7d070a4678f9a16fd51e464113ad3
SHA512

408bf73cdef87be71ad33c578cfab6b1775ebed63b45fa12a5c081406b29b87b777b493279efd6674510cfd45951cf763737a2a2902bfde8ad339a09ff6adc0a
SSDEEP

3072:27+06ZGxOplNXlI3CZFjP0y+Tp0LsIA9mDfUwuCRU6/bJt76C1gePwjIgGoElM2b:BbZhpBholTp0oI2mDhD1/1t+qZ0ElxL/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46af89a53b2cce2de6a74507c05acf24_JaffaCakes118

Files

46af89a53b2cce2de6a74507c05acf24_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e531bacc748133656219c5103fe6fbcc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\BUILD_~1\jdk6_22\control\build\WINDOW~1\tmp\sun\java.net\net\obj\net.pdb

Imports

java

_JNU_NewStringPlatform@8
_JNU_ThrowByName@12
_JNU_ReleaseStringPlatformChars@12
_JNU_ThrowOutOfMemoryError@8
_JNU_ThrowByNameWithLastError@12
jio_snprintf
_JNU_ThrowNullPointerException@8
_JNU_GetStringPlatformChars@12

ws2_32

recvfrom
gethostname
gethostbyname
gethostbyaddr
WSASendDisconnect
WSAStartup
WSACleanup
recv
send
accept
listen
ioctlsocket
shutdown
__WSAFDIsSet
getprotobyname
getsockopt
socket
sendto
WSAIoctl
getsockname
WSASetLastError
ntohs
select
htonl
WSAGetLastError
setsockopt
bind
WSACreateEvent
WSAEventSelect
htons
connect
WSACloseEvent
closesocket
ntohl

jvm

_JVM_CurrentTimeMillis@8
_JVM_InitializeSocketLibrary@0
_JVM_GetSockOpt@20

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA

msvcr71

_initterm
wcscpy
strtok
strncmp
strstr
strchr
sscanf
fprintf
_adjust_fdiv
_assert
__CppXcptFilter
strerror
_errno
memset
isspace
strcmp
sprintf
strcpy
calloc
strlen
strncpy
wcslen
malloc
realloc
memcpy
free
_except_handler3
__dllonexit
_onexit
strcat
_strdup
_iob

kernel32

EnterCriticalSection
LeaveCriticalSection
GetVersionExA
LoadLibraryA
GetProcAddress
GetOverlappedResult
FreeLibrary
Sleep
SetHandleInformation
InitializeCriticalSection

Exports

Exports

_JNI_OnLoad@8
_Java_java_net_DatagramPacket_init@8
_Java_java_net_Inet4AddressImpl_getHostByAddr@12
_Java_java_net_Inet4AddressImpl_getLocalHostName@8
_Java_java_net_Inet4AddressImpl_isReachable0@24
_Java_java_net_Inet4AddressImpl_lookupAllHostAddr@12
_Java_java_net_Inet4Address_init@8
_Java_java_net_Inet6AddressImpl_getHostByAddr@12
_Java_java_net_Inet6AddressImpl_getLocalHostName@8
_Java_java_net_Inet6AddressImpl_isReachable0@32
_Java_java_net_Inet6AddressImpl_lookupAllHostAddr@12
_Java_java_net_Inet6Address_init@8
_Java_java_net_InetAddressImplFactory_isIPv6Supported@8
_Java_java_net_InetAddress_init@8
_Java_java_net_NetworkInterface_getAll@8
_Java_java_net_NetworkInterface_getAll_XP@8
_Java_java_net_NetworkInterface_getByIndex@12
_Java_java_net_NetworkInterface_getByIndex_XP@12
_Java_java_net_NetworkInterface_getByInetAddress0@12
_Java_java_net_NetworkInterface_getByInetAddress0_XP@12
_Java_java_net_NetworkInterface_getByName0@12
_Java_java_net_NetworkInterface_getByName0_XP@12
_Java_java_net_NetworkInterface_getMTU0@16
_Java_java_net_NetworkInterface_getMTU0_XP@16
_Java_java_net_NetworkInterface_getMacAddr0@20
_Java_java_net_NetworkInterface_getMacAddr0_XP@16
_Java_java_net_NetworkInterface_init@8
_Java_java_net_NetworkInterface_isLoopback0@16
_Java_java_net_NetworkInterface_isLoopback0_XP@16
_Java_java_net_NetworkInterface_isP2P0@16
_Java_java_net_NetworkInterface_isP2P0_XP@16
_Java_java_net_NetworkInterface_isUp0@16
_Java_java_net_NetworkInterface_isUp0_XP@16
_Java_java_net_NetworkInterface_supportsMulticast0@16
_Java_java_net_NetworkInterface_supportsMulticast0_XP@16
_Java_java_net_PlainDatagramSocketImpl_bind0@16
_Java_java_net_PlainDatagramSocketImpl_connect0@16
_Java_java_net_PlainDatagramSocketImpl_datagramSocketClose@8
_Java_java_net_PlainDatagramSocketImpl_datagramSocketCreate@8
_Java_java_net_PlainDatagramSocketImpl_disconnect0@12
_Java_java_net_PlainDatagramSocketImpl_getTTL@8
_Java_java_net_PlainDatagramSocketImpl_getTimeToLive@8
_Java_java_net_PlainDatagramSocketImpl_init@8
_Java_java_net_PlainDatagramSocketImpl_join@16
_Java_java_net_PlainDatagramSocketImpl_leave@16
_Java_java_net_PlainDatagramSocketImpl_peek@12
_Java_java_net_PlainDatagramSocketImpl_peekData@12
_Java_java_net_PlainDatagramSocketImpl_receive0@12
_Java_java_net_PlainDatagramSocketImpl_send@12
_Java_java_net_PlainDatagramSocketImpl_setTTL@12
_Java_java_net_PlainDatagramSocketImpl_setTimeToLive@12
_Java_java_net_PlainDatagramSocketImpl_socketGetOption@12
_Java_java_net_PlainDatagramSocketImpl_socketSetOption@16
_Java_java_net_PlainSocketImpl_initProto@8
_Java_java_net_PlainSocketImpl_socketAccept@12
_Java_java_net_PlainSocketImpl_socketAvailable@8
_Java_java_net_PlainSocketImpl_socketBind@16
_Java_java_net_PlainSocketImpl_socketClose0@12
_Java_java_net_PlainSocketImpl_socketConnect@20
_Java_java_net_PlainSocketImpl_socketCreate@12
_Java_java_net_PlainSocketImpl_socketGetOption@16
_Java_java_net_PlainSocketImpl_socketListen@12
_Java_java_net_PlainSocketImpl_socketSendUrgentData@12
_Java_java_net_PlainSocketImpl_socketSetOption@20
_Java_java_net_PlainSocketImpl_socketShutdown@12
_Java_java_net_SocketInputStream_init@8
_Java_java_net_SocketInputStream_socketRead0@28
_Java_java_net_SocketOutputStream_init@8
_Java_java_net_SocketOutputStream_socketWrite0@24
_Java_sun_net_dns_ResolverConfigurationImpl_init0@8
_Java_sun_net_dns_ResolverConfigurationImpl_loadDNSconfig0@8
_Java_sun_net_dns_ResolverConfigurationImpl_notifyAddrChange0@8
_Java_sun_net_spi_DefaultProxySelector_getSystemProxy@16
_Java_sun_net_spi_DefaultProxySelector_init@8
_Java_sun_net_www_protocol_http_NTLMAuthSequence_getCredentialsHandle@20
_Java_sun_net_www_protocol_http_NTLMAuthSequence_getNextToken@20
_Java_sun_net_www_protocol_http_NTLMAuthSequence_initFirst@8
_NET_Bind@12
_NET_BindV6@4
_NET_GetSockOpt@20
_NET_InetAddressToSockaddr@24
_NET_MapSocketOption@12
_NET_MapSocketOptionV6@12
_NET_SetSockOpt@20
_NET_SocketClose@4
_NET_ThrowNew@12
_NET_Timeout2@16
_NET_Timeout@8
_ipv6_available@0

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e531bacc748133656219c5103fe6fbcc

Headers

File Characteristics

PDB Paths

Imports

java

ws2_32

jvm

advapi32

msvcr71

kernel32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 872B

.rsrc Size: 4KB - Virtual size: 920B

.reloc Size: 4KB - Virtual size: 3KB

.text Size: 176KB - Virtual size: 176KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 872B

.rsrc
Size: 4KB - Virtual size: 920B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 176KB - Virtual size: 176KB