68c3d9b33d2c17a7c35d7a9d4060e6cc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

68c3d9b33d2c17a7c35d7a9d4060e6cc_JaffaCakes118
Size

198KB
MD5

68c3d9b33d2c17a7c35d7a9d4060e6cc
SHA1

02e5718688f88e19385b02af435af4b52e8a531b
SHA256

d28d8c612e5b564dabb8a00821c02ffe62b37188fd12ead6e4498c4854a30a37
SHA512

a543893b579502237da249c0d6a2bcc9b58e6e5a1c6d64e099571790c10aac77e0ac62dabc3a186c3762c22d62f028dfd56a4564823fa3b9cb05d838d06e0356
SSDEEP

6144:FVxBU9hh4CMVl0dVIVWEfJYXvXyAeJywWTBJAxMrZqxSkj:FJU9hhsz07yWyY6A3Tr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68c3d9b33d2c17a7c35d7a9d4060e6cc_JaffaCakes118

Files

68c3d9b33d2c17a7c35d7a9d4060e6cc_JaffaCakes118
.dll windows:5 windows x86 arch:x86

dc1380c197fbc885429e29f9940eb063

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\C_Progs\rvc\server\Release\rvc.pdb

Imports

advapi32

RegSetValueA
OpenProcessToken
GetUserNameW
RegCreateKeyW
RegEnumKeyW
RegSetValueExA
RegCreateKeyExW
RegSetValueW
RegQueryValueExA
RegQueryValueExW
RegOpenKeyW
RegQueryInfoKeyW
RegDeleteKeyA
RegDeleteKeyW
RegEnumKeyExA
RegCreateKeyA
RegQueryValueW
LookupPrivilegeValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteValueW
RegDeleteValueA
RegEnumValueA
RegEnumValueW
RegOpenKeyExW
RegNotifyChangeKeyValue
GetUserNameA
RegOpenKeyA
RegEnumKeyA
RegFlushKey
RegEnumKeyExW
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW

ws2_32

WSAStartup
htonl
select
shutdown
gethostname
inet_ntoa
connect
ntohl
inet_addr
htons
getsockname
setsockopt
bind
socket
closesocket
listen
accept
ioctlsocket
recv
send
gethostbyname

gdi32

CreateDIBSection
SelectObject
BitBlt
PatBlt
DeleteDC
CreateCompatibleDC
GetDeviceCaps
GdiFlush
CreateDCA
DeleteObject

kernel32

FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
CreateMutexA
CloseHandle
PeekNamedPipe
WriteFile
Sleep
GetExitCodeProcess
CreateProcessA
TerminateProcess
ReadFile
GetEnvironmentVariableA
ExitThread
GetStartupInfoA
CreatePipe
ResumeThread
CreateThread
TerminateThread
CreateEventA
FindFirstFileA
FindClose
ResetEvent
FindNextFileA
lstrcmpA
lstrlenA
SetEvent
IsBadReadPtr
lstrcatA
lstrcpyA
CreateFileA
GetFileSize
ExpandEnvironmentStringsA
GetWindowsDirectoryA
GetSystemDirectoryA
CreateDirectoryA
GetLastError
SetLastError
lstrcmpiA
RemoveDirectoryA
CopyFileA
GetModuleFileNameA
WinExec
DeleteFileA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetCurrentProcess
Process32First
GetLogicalDrives
GetDriveTypeA
OpenProcess
Process32Next
CreateToolhelp32Snapshot
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetEnvironmentVariableA
WaitForSingleObject
MoveFileA
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentThreadId
GetSystemTimeAsFileTime
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetFullPathNameA
GetCurrentDirectoryA
SetFilePointer
LCMapStringA
LCMapStringW
ExitProcess
RtlUnwind
GetConsoleCP
GetConsoleMode
RaiseException
SetHandleCount
GetModuleHandleA

user32

SetWindowsHookExA
DrawIconEx
GetIconInfo
GetCursorInfo
CallNextHookEx
UnhookWindowsHookEx

netapi32

NetApiBufferFree
NetUserGetInfo

wininet

InternetCheckConnectionA

iphlpapi

GetIpAddrTable

Exports

Exports

AdjustTokenPrivileges
GetUserNameA
GetUserNameW
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegEnumKeyA
RegEnumKeyExA
RegEnumKeyExW
RegEnumKeyW
RegEnumValueA
RegEnumValueW
RegFlushKey
RegNotifyChangeKeyValue
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegQueryValueW
RegSetValueA
RegSetValueExA
RegSetValueExW
RegSetValueW
a
self_delete

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SData
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc1380c197fbc885429e29f9940eb063

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

ws2_32

gdi32

kernel32

user32

netapi32

wininet

iphlpapi

Exports

Exports

Sections

.text Size: 151KB - Virtual size: 150KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 5KB - Virtual size: 12KB

.SData Size: 512B - Virtual size: 4B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 151KB - Virtual size: 150KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 5KB - Virtual size: 12KB

.SData
Size: 512B - Virtual size: 4B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB