a0563459d74fe756b566fd227cdeba77_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a0563459d74fe756b566fd227cdeba77_JaffaCakes118
Size

508KB
MD5

a0563459d74fe756b566fd227cdeba77
SHA1

f6e095000fdb9777891a8c0bcbbee4c258ba28ad
SHA256

722aa992aca05be023ae34b059e3e5e9f03e3d515d1f192603b05471a752b557
SHA512

36604e422fe8401afe92626dfad455e6ffcff0f89e79e113d0b6ac5980a1a216e3d6376a8cdb2c397b085e061b5fd4887382aa4a0a3b443ea9f7eee85a6bb75d
SSDEEP

12288:d/7p6CSm5BW+V71YbW+OeO+OeNhBBhhBBLrOGPoNj7+1U:d/oCSm5BW+V71YbHCkoNjC1U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0563459d74fe756b566fd227cdeba77_JaffaCakes118

Files

a0563459d74fe756b566fd227cdeba77_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2f1735a7ababa3160b0096ced51bdc58

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

z:\SVN\CensorNet-CloudLink\trunk\src\bin\release\TLSPWin32.pdb

Imports

ws2_32

WSAStartup
WSAGetLastError
inet_addr
WSCEnumProtocols
ioctlsocket
getservbyname
htonl
getservbyport
ntohs
WSCGetProviderPath
inet_ntoa
__WSAFDIsSet
socket
WSASetLastError
recv
send
shutdown
connect
closesocket
setsockopt
htons
WSACleanup
WPUCompleteOverlappedRequest
gethostbyname
gethostbyaddr

kernel32

GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
CloseHandle
EnterCriticalSection
CreateThread
SleepEx
LeaveCriticalSection
GetLastError
WaitForSingleObject
ResetEvent
GetCurrentProcess
GetProcessId
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetComputerNameA
HeapAlloc
CreateIoCompletionPort
GetSystemInfo
IsValidCodePage
PostQueuedCompletionStatus
WaitForMultipleObjectsEx
ReleaseSemaphore
GetQueuedCompletionStatus
ExitThread
WaitForSingleObjectEx
InterlockedIncrement
InterlockedDecrement
HeapFree
SetEvent
WideCharToMultiByte
GetCurrentThread
TlsSetValue
GetSystemDirectoryA
CreateEventW
HeapCreate
TlsAlloc
ExpandEnvironmentStringsW
LoadLibraryW
ExpandEnvironmentStringsA
LoadLibraryA
GetProcAddress
FreeLibrary
HeapDestroy
TlsFree
TlsGetValue
Sleep
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ReadFile
SetFilePointer
GetTickCount
CreateSemaphoreW
WriteConsoleW
CompareStringW
GetOEMCP
GetACP
ExitProcess
GetModuleHandleA
QueryPerformanceCounter
GetStringTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
WriteFile
HeapReAlloc
VirtualAlloc
VirtualFree
HeapSize
GetTimeZoneInformation
GetStringTypeA
GetCPInfo
CompareStringA
SetEndOfFile
CreateFileW
GetComputerNameExA
lstrlenW
MultiByteToWideChar
GetProcessHeap
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
LocalFree
Process32NextW
GetCurrentThreadId
DeleteFileA
GetLocalTime
CreateFileA
GetFileSize
MoveFileA
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetVersionExA
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
SetLastError

user32

DestroyWindow
LoadIconW
LoadCursorW
RegisterClassW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
DefWindowProcW
wsprintfW
IsWindow

gdi32

GetStockObject

netapi32

NetGetJoinInformation
NetApiBufferFree
DsGetDcNameW

wldap32

ord224
ord97
ord147
ord167
ord27
ord145
ord14
ord88
ord73
ord208
ord41
ord26
ord127
ord301
ord46
ord140

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

advapi32

ConvertSidToStringSidW
RegOpenKeyExW
GetTokenInformation
OpenProcessToken
LookupAccountSidW
GetUserNameA
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

Exports

Exports

WSPStartup

Sections

.text
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f1735a7ababa3160b0096ced51bdc58

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

netapi32

wldap32

wtsapi32

advapi32

Exports

Exports

Sections

.text Size: 376KB - Virtual size: 375KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 4KB - Virtual size: 980B

.reloc Size: 32KB - Virtual size: 29KB

.text
Size: 376KB - Virtual size: 375KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 4KB - Virtual size: 980B

.reloc
Size: 32KB - Virtual size: 29KB