b8d79b7e65f0bb2a39b3cc2cd642f4bb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b8d79b7e65f0bb2a39b3cc2cd642f4bb_JaffaCakes118
Size

352KB
MD5

b8d79b7e65f0bb2a39b3cc2cd642f4bb
SHA1

d1ef33f74c7d8628e2b7f3705b34785117eb5ef5
SHA256

ef95c325cf59cfbd943a812f5d1d7d08cd510d50d8ee5ce60b0c6029f008bd51
SHA512

730eed20ad36bb119306abe6e8a0670bb808f2b4204447eab5e7b27e59b6b7a778a301cb0f06855383e3a14671ce5f4e3f864e941169a7f2dde51384abbc5c80
SSDEEP

6144:5YdprW/HaANu4dH475wId1OHiqDnXsGDHAQb5HaXlFHK9CsBFB:IrWyADdY7tdKbDn8GDHNjT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8d79b7e65f0bb2a39b3cc2cd642f4bb_JaffaCakes118

Files

b8d79b7e65f0bb2a39b3cc2cd642f4bb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5acf928ad780fcc8e14e9237faa5daac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bwa\BonjourWin-73\srcroot\mDNSWindows\SystemService\Win32\Release\mDNSResponder.pdb

Imports

ws2_32

WSASetLastError
WSAStringToAddressA
WSAGetLastError
send
htons
listen
accept
inet_addr
WSAStartup
connect
WSAEventSelect
WSACleanup
WSAEnumNetworkEvents
WSARecvFrom
WSARecv
ioctlsocket
getsockname
socket
setsockopt
WSAIoctl
bind
closesocket
sendto
htonl

iphlpapi

GetIpForwardTable
GetAdaptersInfo
GetNetworkParams
GetPerAdapterInfo
GetBestInterface
CreateIpForwardEntry
DeleteIpForwardEntry
GetIpAddrTable

netapi32

NetGetJoinInformation
NetShareEnum
NetApiBufferFree

powrprof

SetSuspendState

kernel32

GetTickCount
GetComputerNameExA
WideCharToMultiByte
CloseHandle
SetEvent
WaitForMultipleObjects
CreateEventW
SetWaitableTimer
DeviceIoControl
CreateFileA
QueueUserAPC
GetComputerNameExW
GetEnvironmentStringsW
GlobalAlloc
SleepEx
FreeLibrary
GetLastError
CreateWaitableTimerW
OpenThread
GetCurrentThreadId
MultiByteToWideChar
GetModuleFileNameW
CancelWaitableTimer
GetSystemPowerStatus
GetFullPathNameW
WaitForMultipleObjectsEx
GetVersionExW
SetConsoleCtrlHandler
GetModuleHandleW
HeapSetInformation
LCMapStringW
LCMapStringA
GetCommandLineA
LoadLibraryW
GetProcAddress
Sleep
FormatMessageA
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
WaitForSingleObject
FreeEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSection
RtlUnwind
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
SetStdHandle
GlobalFree
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetStdHandle
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
ExitThread
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
ExitProcess
WriteFile

user32

LoadStringW

advapi32

OpenServiceW
RegisterServiceCtrlHandlerExW
DeregisterEventSource
StartServiceCtrlDispatcherW
RegNotifyChangeKeyValue
SetServiceStatus
QueryServiceStatus
ControlService
DeleteService
CreateServiceW
StartServiceW
RegisterEventSourceW
ReportEventA
LockServiceDatabase
ChangeServiceConfig2W
UnlockServiceDatabase
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
LsaOpenPolicy
LsaNtStatusToWinError
LsaRetrievePrivateData
LsaFreeMemory
LsaClose
RegOpenKeyExW
RegCreateKeyA
RegQueryInfoKeyW
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegCreateKeyW
RegSetValueExW
RegCloseKey

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString

Sections

.text
Size: 240KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5acf928ad780fcc8e14e9237faa5daac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

iphlpapi

netapi32

powrprof

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 240KB - Virtual size: 238KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 8KB - Virtual size: 168KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 36KB - Virtual size: 33KB

.text
Size: 240KB - Virtual size: 238KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 8KB - Virtual size: 168KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 36KB - Virtual size: 33KB