a9cc91f97eb3119c2a03bfa641155f09_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a9cc91f97eb3119c2a03bfa641155f09_JaffaCakes118
Size

1.7MB
MD5

a9cc91f97eb3119c2a03bfa641155f09
SHA1

37e9768dc413c385a43dfed89086c5aa50429251
SHA256

0319134cba61ed82778d142de7d45f3f7c3e205b1a06ad023505ed418502ab1b
SHA512

07048c48c754ec28743e5efbde45d626fe1c27c8ccde63d7507722f64ccd5a84aa06d8661c71d77fbac43e160183d552285980703ee2958ed4ec5e9814285ddd
SSDEEP

24576:2TXhex1cv6E7sQcz9ztJ25H3/sWnNIIRHToV/yE0GxWO:2Thexus7w90oRHTkyE0w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9cc91f97eb3119c2a03bfa641155f09_JaffaCakes118

Files

a9cc91f97eb3119c2a03bfa641155f09_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9124cf96ebd7cf61837c3f8a262002aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\dev\Project\Bionic3D\Projects\Bionic.VC7\Release_Final_AlternativeDLL\ThriXXX010267.pdb

Imports

wsock32

bind
listen
accept
WSAStartup
gethostname
__WSAFDIsSet
getsockopt
recv
send
socket
htons
connect
WSACleanup
WSAGetLastError
inet_addr
inet_ntoa
select
setsockopt
shutdown
closesocket
ioctlsocket
gethostbyname

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleFileNameA
VirtualQuery
CloseHandle
GetFileTime
CreateFileA
GetEnvironmentVariableA
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
GetCurrentProcess
ReadProcessMemory
GetCurrentThreadId
SetUnhandledExceptionFilter
Sleep
DebugBreak
FormatMessageA
GetSystemTime
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
GetLastError
SetFilePointer
GetFileSize
WriteFile
ReadFile
SetEndOfFile
SetFileTime
SetConsoleTextAttribute
SetConsoleCursorPosition
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
FreeConsole
FindClose
FindFirstFileA
SetConsoleCtrlHandler
AllocConsole
GetStdHandle
VirtualFree
VirtualAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
SystemTimeToFileTime
LocalFree
TerminateThread
ResumeThread
CreateThread
GetThreadLocale
GetSystemDefaultLCID
GetSystemDefaultLangID
GetUserDefaultLCID
GetUserDefaultLangID
GetProcAddress
LoadLibraryA
SetThreadPriority
GetCurrentThread
FreeLibrary
SetLastError
GlobalMemoryStatus
LoadLibraryExA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MulDiv
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore

user32

GetSysColor
IsDlgButtonChecked
ScreenToClient
CreateDialogParamA
SendMessageA
GetAsyncKeyState
DialogBoxParamA
GetDlgItem
SetDlgItemTextA
CheckDlgButton
EndDialog
SetWindowTextA
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
FillRect
DefWindowProcA
DestroyWindow
UnregisterClassA
EnumDisplaySettingsA
GetClientRect
AdjustWindowRect
GetSystemMetrics
GetClassLongA
SetClassLongA
SetCursor
PeekMessageA
TranslateMessage
DispatchMessageA
GetFocus
GetWindowRect
SetWindowLongA
GetWindowLongA
SetWindowPos
ShowWindow
ChangeDisplaySettingsA
GetDC
ReleaseDC
wsprintfA
MessageBoxA
ClientToScreen

gdi32

CreateFontA
SwapBuffers
GetDeviceCaps
SetPixelFormat
ChoosePixelFormat
DescribePixelFormat
GetStockObject
CreateFontIndirectA
SelectObject
GetOutlineTextMetricsA
GetGlyphOutlineA

advapi32

RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyA
RegCloseKey
RegFlushKey
RegQueryInfoKeyA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA

thrixxx017010jp2

?jasdll_init@@YAHXZ
?jasdll_setdbglevel@@YAHH@Z
?jasdll_image_getfmt@@YAHPAUjas_stream_t@@@Z
?jasdll_stream_close@@YAHPAUjas_stream_t@@@Z
?jasdll_image_decode@@YAPAUjas_image_t@@PAUjas_stream_t@@HPAD@Z
?jasdll_matrix_create@@YAPAUjas_matrix_t@@HH@Z
?jasdll_image_readcmpt@@YAHPAUjas_image_t@@GIIIIPAUjas_matrix_t@@@Z
?jasdll_matrix_destroy@@YAXPAUjas_matrix_t@@@Z
?jasdll_image_destroy@@YAXPAUjas_image_t@@@Z
?jasdll_image_clearfmts@@YAXXZ
?jasdll_malloc@@YAPAXI@Z

thrixxx010208png

ord48
ord9
ord147
ord13
ord83
ord91
ord160
ord138
ord159
ord157
ord8
ord14
ord49
ord38
ord26
ord29
ord24
ord20
ord36
ord37
ord98
ord23
ord78
ord135
ord12
ord7
ord122

msvcr71

_setjmp3
fwrite
fread
atof
time
atoi
_beginthread
strncmp
_controlfp
?name@type_info@@QBEPBDXZ
_snprintf
??2@YAPAXI@Z
atol
strtoul
sprintf
isspace
isupper
islower
isxdigit
isdigit
strtod
strrchr
strncpy
memmove
?raw_name@type_info@@QBEPBDXZ
printf
_heapchk
sscanf
exit
strchr
getenv
qsort
??3@YAXPAX@Z
strstr
malloc
free
_purecall
_CItanh
_CIsinh
_CIpow
modf
_CIfmod
floor
_CIcosh
ceil
_CIasin
_errno
fclose
_vsnprintf
fflush
fseek
fputc
strerror
clearerr
ftell
fprintf
_fdopen
fopen
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
__CppXcptFilter
_except_handler3
?terminate@@YAXXZ
_gcvt
_itoa
_stricmp
_CIacos

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

q7szv4eo
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rttxvzku
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

52uroma9
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6ko5yik2
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9124cf96ebd7cf61837c3f8a262002aa

Headers

File Characteristics

PDB Paths

Imports

wsock32

version

kernel32

user32

gdi32

advapi32

thrixxx017010jp2

thrixxx010208png

msvcr71

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 140KB - Virtual size: 140KB

.data Size: 40KB - Virtual size: 120KB

.rsrc Size: 16KB - Virtual size: 16KB

q7szv4eo Size: 104KB - Virtual size: 104KB

rttxvzku Size: 4KB - Virtual size: 4KB

52uroma9 Size: 30KB - Virtual size: 32KB

6ko5yik2 Size: 108KB - Virtual size: 108KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 140KB - Virtual size: 140KB

.data
Size: 40KB - Virtual size: 120KB

.rsrc
Size: 16KB - Virtual size: 16KB

q7szv4eo
Size: 104KB - Virtual size: 104KB

rttxvzku
Size: 4KB - Virtual size: 4KB

52uroma9
Size: 30KB - Virtual size: 32KB

6ko5yik2
Size: 108KB - Virtual size: 108KB