a64b00217f5bcd71c4a7b368e846842b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a64b00217f5bcd71c4a7b368e846842b_JaffaCakes118
Size

105KB
MD5

a64b00217f5bcd71c4a7b368e846842b
SHA1

b77e09ac6b5330505ca41634c85421662f92aa1f
SHA256

4553f89f9c0b950dcf6323a5423560a9ec12416be1b1d64728e21d8070e40cff
SHA512

f3c8f27beea7f7697ff1415c5fb268e2a98be3a00eab495999dca461ea4ba7209b3e87480254b3202784b7fd26e418b34bbe426c3f95e0f3de53426eba7accc1
SSDEEP

3072:FC6JKRpCDOFvDMWXn/RjD5KMYpeGVdbduURvBvmV+fD7GJo:6pfQlpNRvBeV+fDH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a64b00217f5bcd71c4a7b368e846842b_JaffaCakes118

Files

a64b00217f5bcd71c4a7b368e846842b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

94d244ef2d28be7e745bc32a760aa5fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\libssh2-1.2.6\win32\Release_dll\libssh2.pdb

Imports

ws2_32

select
__WSAFDIsSet
getsockopt
ioctlsocket
send
recv
WSAGetLastError

libeay32

ord484
ord209
ord110
ord123
ord118
ord120
ord151
ord140
ord156
ord150
ord111
ord161
ord2784
ord965
ord964
ord963
ord333
ord323
ord486
ord213
ord258
ord961
ord3874
ord3819
ord3024
ord3033
ord3889
ord66
ord82
ord400
ord396
ord495
ord497
ord1334
ord1335
ord498
ord1336
ord316
ord268
ord269
ord267
ord3212
ord256
ord2927
ord464
ord304
ord2996
ord3155

kernel32

CreateFileMappingA
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
CloseHandle

user32

SendMessageA
FindWindowA

msvcr90

memcpy
memset
strncmp
_time64
strchr
_snprintf
fclose
fgets
fopen
free
fwrite
_errno
malloc
memmove
strtol
strrchr
realloc
memchr
isspace
fread
rewind
fgetc
feof
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
sprintf

Exports

Exports

libssh2_agent_connect
libssh2_agent_disconnect
libssh2_agent_free
libssh2_agent_get_identity
libssh2_agent_init
libssh2_agent_list_identities
libssh2_agent_userauth
libssh2_banner_set
libssh2_base64_decode
libssh2_channel_close
libssh2_channel_direct_tcpip_ex
libssh2_channel_eof
libssh2_channel_flush_ex
libssh2_channel_forward_accept
libssh2_channel_forward_cancel
libssh2_channel_forward_listen_ex
libssh2_channel_free
libssh2_channel_get_exit_status
libssh2_channel_handle_extended_data
libssh2_channel_handle_extended_data2
libssh2_channel_open_ex
libssh2_channel_process_startup
libssh2_channel_read_ex
libssh2_channel_receive_window_adjust
libssh2_channel_receive_window_adjust2
libssh2_channel_request_pty_ex
libssh2_channel_request_pty_size_ex
libssh2_channel_send_eof
libssh2_channel_set_blocking
libssh2_channel_setenv_ex
libssh2_channel_wait_closed
libssh2_channel_wait_eof
libssh2_channel_window_read_ex
libssh2_channel_window_write_ex
libssh2_channel_write_ex
libssh2_channel_x11_req_ex
libssh2_exit
libssh2_hostkey_hash
libssh2_init
libssh2_keepalive_config
libssh2_keepalive_send
libssh2_knownhost_add
libssh2_knownhost_addc
libssh2_knownhost_check
libssh2_knownhost_checkp
libssh2_knownhost_del
libssh2_knownhost_free
libssh2_knownhost_get
libssh2_knownhost_init
libssh2_knownhost_readfile
libssh2_knownhost_readline
libssh2_knownhost_writefile
libssh2_knownhost_writeline
libssh2_poll
libssh2_poll_channel_read
libssh2_publickey_add_ex
libssh2_publickey_init
libssh2_publickey_list_fetch
libssh2_publickey_list_free
libssh2_publickey_remove_ex
libssh2_publickey_shutdown
libssh2_scp_recv
libssh2_scp_send64
libssh2_scp_send_ex
libssh2_session_abstract
libssh2_session_block_directions
libssh2_session_callback_set
libssh2_session_disconnect_ex
libssh2_session_flag
libssh2_session_free
libssh2_session_get_blocking
libssh2_session_hostkey
libssh2_session_init_ex
libssh2_session_last_errno
libssh2_session_last_error
libssh2_session_method_pref
libssh2_session_methods
libssh2_session_set_blocking
libssh2_session_startup
libssh2_sftp_close_handle
libssh2_sftp_fstat_ex
libssh2_sftp_fstatvfs
libssh2_sftp_init
libssh2_sftp_last_error
libssh2_sftp_mkdir_ex
libssh2_sftp_open_ex
libssh2_sftp_read
libssh2_sftp_readdir_ex
libssh2_sftp_rename_ex
libssh2_sftp_rmdir_ex
libssh2_sftp_seek
libssh2_sftp_seek64
libssh2_sftp_shutdown
libssh2_sftp_stat_ex
libssh2_sftp_statvfs
libssh2_sftp_symlink_ex
libssh2_sftp_tell
libssh2_sftp_tell64
libssh2_sftp_unlink_ex
libssh2_sftp_write
libssh2_trace
libssh2_trace_sethandler
libssh2_userauth_authenticated
libssh2_userauth_hostbased_fromfile_ex
libssh2_userauth_keyboard_interactive_ex
libssh2_userauth_list
libssh2_userauth_password_ex
libssh2_userauth_publickey
libssh2_userauth_publickey_fromfile_ex
libssh2_version

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94d244ef2d28be7e745bc32a760aa5fb

Headers

File Characteristics

PDB Paths

Imports

ws2_32

libeay32

kernel32

user32

msvcr90

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 2KB - Virtual size: 2KB