85cff0c99b36dd19c5a49e6da1219014_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

85cff0c99b36dd19c5a49e6da1219014_JaffaCakes118
Size

915KB
MD5

85cff0c99b36dd19c5a49e6da1219014
SHA1

fe8417f9b8e55279da03938d5043a30bc67aa2d5
SHA256

05fdf74701643a6065209c83fedbad7884f71a3ce1817e50c6a23b9d7e42f33c
SHA512

128f4e353803e82f3726783cc84fdc28b3d9c566385f28a8acfa4597b8eb76860d9fcbb9072967a897f7cb27b19a852702031a6252d3c6720fa8ce2efd3d924a
SSDEEP

12288:5saDxRv9OjVrhWrTMHU9S/gbjD9jSg1cElgbo3GNkxkCyEAdMbsRMN/AEYuJ4AWe:5s+ErWMHU9DhtCWg2xAEdNUfJTH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85cff0c99b36dd19c5a49e6da1219014_JaffaCakes118

Files

85cff0c99b36dd19c5a49e6da1219014_JaffaCakes118
.dll windows:5 windows x86 arch:x86

245d68724fde03d53fac70f646e777ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\maxima\Documents\Visual Studio 2008\Projects\lsp\nonifslsp\Debug\lsp.pdb

Imports

ws2_32

WSACleanup
WSASetLastError
WSCGetProviderPath
WSAGetLastError
WSAStartup
WSCInstallProvider
htons
send
ioctlsocket
connect
gethostbyname
closesocket
getsockopt
recv
select
WSCEnumProtocols
WPUCompleteOverlappedRequest
WSCDeinstallProvider
WSCWriteProviderOrder

rpcrt4

UuidCreate

ole32

StringFromGUID2

msi

ord67
ord44
ord180

kernel32

SetEndOfFile
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
InterlockedExchange
VirtualAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
GetConsoleMode
GetConsoleCP
VirtualQuery
GetProcessHeap
LCMapStringW
CloseHandle
GetLastError
GetExitCodeThread
WaitForSingleObject
LeaveCriticalSection
CreateThread
CreateEventA
EnterCriticalSection
ExitThread
SetEvent
GetCurrentProcessId
ResetEvent
InterlockedIncrement
DebugBreak
GetVersionExA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsA
GetSystemDirectoryA
CreateSemaphoreA
GetSystemInfo
CreateIoCompletionPort
WaitForMultipleObjectsEx
PostQueuedCompletionStatus
ReleaseSemaphore
WaitForSingleObjectEx
GetQueuedCompletionStatus
lstrcpyW
OutputDebugStringA
HeapAlloc
HeapFree
CompareStringA
HeapDestroy
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
ExpandEnvironmentStringsW
InterlockedDecrement
DeleteCriticalSection
TlsFree
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
ReleaseMutex
GetModuleFileNameA
GetCurrentThreadId
WaitForMultipleObjects
CreateMutexA
GetModuleHandleA
ResumeThread
LocalFree
FormatMessageA
GlobalMemoryStatusEx
GetDriveTypeA
GetDiskFreeSpaceExA
GetLogicalDriveStringsA
GetUserGeoID
GetOEMCP
GetThreadLocale
GetLocaleInfoA
GetNativeSystemInfo
IsWow64Process
GetTempPathA
SetEnvironmentVariableA
GetCurrentDirectoryA
GetCurrentProcess
SetLastError
WriteFile
CreateFileA
LoadLibraryExA
SystemTimeToFileTime
GetSystemTime
LCMapStringA
SetFilePointer
ReadFile
SetConsoleCtrlHandler
GetTickCount
QueryPerformanceCounter
VirtualFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentThread
IsValidCodePage
GetCPInfo
GetACP
FatalAppExitA
CompareStringW
HeapCreate
GetFullPathNameA
ExitProcess
GetModuleHandleW
IsBadReadPtr
GetSystemTimeAsFileTime
RtlUnwind
GetCommandLineA
GetModuleFileNameW
WriteConsoleW
GetFileType
GetStdHandle
IsDebuggerPresent
RaiseException
lstrlenA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetHandleCount
GetStartupInfoA
HeapValidate

user32

LoadStringA
IsWindow
wvsprintfA
wsprintfA
PostQuitMessage
DefWindowProcA
RegisterClassA
CreateWindowExA
GetSystemMetrics
TranslateMessage
DispatchMessageA
DestroyWindow
UnregisterClassA
PostMessageA
GetMessageA

advapi32

GetTokenInformation
OpenProcessToken

shell32

SHGetFolderPathA
ord680

Exports

Exports

GetLspGuid
WSPStartup

Sections

.textbss
Size: - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 734KB - Virtual size: 733KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

245d68724fde03d53fac70f646e777ca

Headers

File Characteristics

PDB Paths

Imports

ws2_32

rpcrt4

ole32

msi

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.textbss Size: - Virtual size: 353KB

.text Size: 734KB - Virtual size: 733KB

.rdata Size: 133KB - Virtual size: 133KB

.data Size: 7KB - Virtual size: 17KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 29KB - Virtual size: 28KB

.textbss
Size: - Virtual size: 353KB

.text
Size: 734KB - Virtual size: 733KB

.rdata
Size: 133KB - Virtual size: 133KB

.data
Size: 7KB - Virtual size: 17KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 29KB - Virtual size: 28KB