abf2b2e5917a84c53a7e661283dc7ba0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

abf2b2e5917a84c53a7e661283dc7ba0_JaffaCakes118
Size

97KB
MD5

abf2b2e5917a84c53a7e661283dc7ba0
SHA1

ea8921373254347be6e4f6b10d1eb4c06116fb15
SHA256

50c9c7e4a19859dfc11d12bf972ae56fccbbf8e48095236cc9435c94cf5c7483
SHA512

3f019a86b8bd0d9e86bcb6f29155070a9ae6238ed370882465c192a142d4a95192d52bbfb6abb10c9169ad110f7a3d8d4dc47cbfa63326adc1c346383e69d073
SSDEEP

1536:z63YhfrY91AAKvt2OG6vXUMlJljJ6o/g6s6IJAHWD0KN:+CM10vzGWxlJCo/g6+JAHWDbN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abf2b2e5917a84c53a7e661283dc7ba0_JaffaCakes118

Files

abf2b2e5917a84c53a7e661283dc7ba0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e531bacc748133656219c5103fe6fbcc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\BUILD_AREA\jdk6\control\build\windows-i586\tmp\sun\java.net\net\obj\net.pdb

Imports

java

_JNU_NewStringPlatform@8
_JNU_ThrowByName@12
_JNU_ReleaseStringPlatformChars@12
_JNU_ThrowOutOfMemoryError@8
_JNU_ThrowByNameWithLastError@12
jio_snprintf
_JNU_ThrowNullPointerException@8
_JNU_GetStringPlatformChars@12

ws2_32

recvfrom
gethostname
gethostbyname
gethostbyaddr
WSASendDisconnect
WSAStartup
WSACleanup
recv
send
accept
listen
ioctlsocket
shutdown
__WSAFDIsSet
getprotobyname
getsockopt
socket
sendto
WSAIoctl
getsockname
WSASetLastError
ntohs
select
htonl
WSAGetLastError
setsockopt
bind
WSACreateEvent
WSAEventSelect
htons
connect
WSACloseEvent
closesocket
ntohl

jvm

_JVM_CurrentTimeMillis@8
_JVM_InitializeSocketLibrary@0
_JVM_GetSockOpt@20

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA

msvcr71

_initterm
wcscpy
strtok
strncmp
strstr
strchr
sscanf
fprintf
_adjust_fdiv
_assert
__CppXcptFilter
strerror
_errno
memset
isspace
strcmp
sprintf
strcpy
calloc
strlen
strncpy
wcslen
malloc
realloc
memcpy
free
_except_handler3
__dllonexit
_onexit
strcat
_strdup
_iob

kernel32

EnterCriticalSection
LeaveCriticalSection
GetVersionExA
LoadLibraryA
GetProcAddress
GetOverlappedResult
FreeLibrary
Sleep
SetHandleInformation
InitializeCriticalSection

Exports

Exports

_JNI_OnLoad@8
_Java_java_net_DatagramPacket_init@8
_Java_java_net_Inet4AddressImpl_getHostByAddr@12
_Java_java_net_Inet4AddressImpl_getLocalHostName@8
_Java_java_net_Inet4AddressImpl_isReachable0@24
_Java_java_net_Inet4AddressImpl_lookupAllHostAddr@12
_Java_java_net_Inet4Address_init@8
_Java_java_net_Inet6AddressImpl_getHostByAddr@12
_Java_java_net_Inet6AddressImpl_getLocalHostName@8
_Java_java_net_Inet6AddressImpl_isReachable0@32
_Java_java_net_Inet6AddressImpl_lookupAllHostAddr@12
_Java_java_net_Inet6Address_init@8
_Java_java_net_InetAddressImplFactory_isIPv6Supported@8
_Java_java_net_InetAddress_init@8
_Java_java_net_NetworkInterface_getAll@8
_Java_java_net_NetworkInterface_getAll_XP@8
_Java_java_net_NetworkInterface_getByIndex@12
_Java_java_net_NetworkInterface_getByIndex_XP@12
_Java_java_net_NetworkInterface_getByInetAddress0@12
_Java_java_net_NetworkInterface_getByInetAddress0_XP@12
_Java_java_net_NetworkInterface_getByName0@12
_Java_java_net_NetworkInterface_getByName0_XP@12
_Java_java_net_NetworkInterface_getMTU0@16
_Java_java_net_NetworkInterface_getMTU0_XP@16
_Java_java_net_NetworkInterface_getMacAddr0@20
_Java_java_net_NetworkInterface_getMacAddr0_XP@16
_Java_java_net_NetworkInterface_init@8
_Java_java_net_NetworkInterface_isLoopback0@16
_Java_java_net_NetworkInterface_isLoopback0_XP@16
_Java_java_net_NetworkInterface_isP2P0@16
_Java_java_net_NetworkInterface_isP2P0_XP@16
_Java_java_net_NetworkInterface_isUp0@16
_Java_java_net_NetworkInterface_isUp0_XP@16
_Java_java_net_NetworkInterface_supportsMulticast0@16
_Java_java_net_NetworkInterface_supportsMulticast0_XP@16
_Java_java_net_PlainDatagramSocketImpl_bind0@16
_Java_java_net_PlainDatagramSocketImpl_connect0@16
_Java_java_net_PlainDatagramSocketImpl_datagramSocketClose@8
_Java_java_net_PlainDatagramSocketImpl_datagramSocketCreate@8
_Java_java_net_PlainDatagramSocketImpl_disconnect0@12
_Java_java_net_PlainDatagramSocketImpl_getTTL@8
_Java_java_net_PlainDatagramSocketImpl_getTimeToLive@8
_Java_java_net_PlainDatagramSocketImpl_init@8
_Java_java_net_PlainDatagramSocketImpl_join@16
_Java_java_net_PlainDatagramSocketImpl_leave@16
_Java_java_net_PlainDatagramSocketImpl_peek@12
_Java_java_net_PlainDatagramSocketImpl_peekData@12
_Java_java_net_PlainDatagramSocketImpl_receive0@12
_Java_java_net_PlainDatagramSocketImpl_send@12
_Java_java_net_PlainDatagramSocketImpl_setTTL@12
_Java_java_net_PlainDatagramSocketImpl_setTimeToLive@12
_Java_java_net_PlainDatagramSocketImpl_socketGetOption@12
_Java_java_net_PlainDatagramSocketImpl_socketSetOption@16
_Java_java_net_PlainSocketImpl_initProto@8
_Java_java_net_PlainSocketImpl_socketAccept@12
_Java_java_net_PlainSocketImpl_socketAvailable@8
_Java_java_net_PlainSocketImpl_socketBind@16
_Java_java_net_PlainSocketImpl_socketClose0@12
_Java_java_net_PlainSocketImpl_socketConnect@20
_Java_java_net_PlainSocketImpl_socketCreate@12
_Java_java_net_PlainSocketImpl_socketGetOption@16
_Java_java_net_PlainSocketImpl_socketListen@12
_Java_java_net_PlainSocketImpl_socketSendUrgentData@12
_Java_java_net_PlainSocketImpl_socketSetOption@20
_Java_java_net_PlainSocketImpl_socketShutdown@12
_Java_java_net_SocketInputStream_init@8
_Java_java_net_SocketInputStream_socketRead0@28
_Java_java_net_SocketOutputStream_init@8
_Java_java_net_SocketOutputStream_socketWrite0@24
_Java_sun_net_dns_ResolverConfigurationImpl_init0@8
_Java_sun_net_dns_ResolverConfigurationImpl_loadDNSconfig0@8
_Java_sun_net_dns_ResolverConfigurationImpl_notifyAddrChange0@8
_Java_sun_net_spi_DefaultProxySelector_getSystemProxy@16
_Java_sun_net_spi_DefaultProxySelector_init@8
_Java_sun_net_www_protocol_http_NTLMAuthSequence_getCredentialsHandle@20
_Java_sun_net_www_protocol_http_NTLMAuthSequence_getNextToken@20
_Java_sun_net_www_protocol_http_NTLMAuthSequence_initFirst@8
_NET_Bind@12
_NET_BindV6@4
_NET_GetSockOpt@20
_NET_InetAddressToSockaddr@24
_NET_MapSocketOption@12
_NET_MapSocketOptionV6@12
_NET_SetSockOpt@20
_NET_SocketClose@4
_NET_ThrowNew@12
_NET_Timeout2@16
_NET_Timeout@8
_ipv6_available@0

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e531bacc748133656219c5103fe6fbcc

Headers

File Characteristics

PDB Paths

Imports

java

ws2_32

jvm

advapi32

msvcr71

kernel32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 872B

.rsrc Size: 4KB - Virtual size: 904B

.reloc Size: 4KB - Virtual size: 3KB

.text Size: 100KB - Virtual size: 100KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 872B

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 100KB - Virtual size: 100KB