bef423fb8935fdb4548e80628ac9d7cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bef423fb8935fdb4548e80628ac9d7cd_JaffaCakes118
Size

283KB
MD5

bef423fb8935fdb4548e80628ac9d7cd
SHA1

2341a70dcdaedfda477f9423f7d317cd0802e1bf
SHA256

7afe8317159ae5f662edd13c5e3b158f040b8c3e8ea27be4fbaa2871cc72c239
SHA512

ae12e4c37749833caaabd74afaf0495c062bc46e467687c3a26251d9a1b7bd95bb0e523050dc50344e596a41d599324198051c57fc952b9837b9117dc7769dd6
SSDEEP

6144:npXCI+zOf7K7eOaQO6Fh3brw3StFls+vbAYmNvwOfPkF:npXCI+Q7nOaQO6Fh3A3StFlsLYmNW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bef423fb8935fdb4548e80628ac9d7cd_JaffaCakes118

Files

bef423fb8935fdb4548e80628ac9d7cd_JaffaCakes118
.dll windows:5 windows x86 arch:x86

c03ecc3c5ae8e0ba1252edbc1f71d3d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\MobileP2P_1.0.0.4\Release\PanStreamer.pdb

Imports

ws2_32

setsockopt
recv
htons
select
ntohl
ioctlsocket
connect
inet_ntoa
inet_addr
bind
WSACleanup
socket
__WSAFDIsSet
closesocket
gethostbyname
send
listen
accept
WSAStartup
htonl

winmm

timeGetTime

pthreadvc2

pthread_cond_destroy
pthread_cond_wait
pthread_mutex_trylock
pthread_cond_init
pthread_cond_signal
pthread_join
pthread_create
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock

avformat-53

ord99
ord72
ord12
ord40
ord39
ord9
ord38
ord14
ord21
ord41
ord37
ord13
ord42
ord189
ord185
ord140
ord174
ord151
ord157
ord208
ord812
ord172
ord207
ord210
ord206
ord836
ord198
ord95
ord73
ord89
ord93
ord92
ord111
ord46
ord56
ord100
ord96
ord64

avutil-51

ord14
ord93
ord50

avcodec-53

ord126
ord43
ord127
ord96
ord42
ord41
ord65
ord55

kernel32

IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
Sleep

msvcp100

??1_Container_base12@std@@QAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
??Bid@locale@std@@QAEIXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
?id@?$ctype@D@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z

msvcr100

??1exception@std@@UAE@XZ
memcpy
memset
_CxxThrowException
_tempnam
??1bad_cast@std@@UAE@XZ
_purecall
??8type_info@@QBE_NABV0@@Z
??2@YAPAXI@Z
??3@YAXPAX@Z
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0bad_cast@std@@QAE@ABV01@@Z
memchr
fputc
sprintf
_unlock_file
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__CxxFrameHandler3
sscanf
??_V@YAXPAX@Z
malloc
free
_time64
fclose
fwrite
memcpy_s
srand
rand
_lock_file
setvbuf
fsetpos
fgetc
fflush
_fseeki64
fgetpos
ungetc
??0bad_cast@std@@QAE@PBD@Z

Exports

Exports

CanUpload
Initialize
Uninitialize

Sections

.text
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c03ecc3c5ae8e0ba1252edbc1f71d3d5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

winmm

pthreadvc2

avformat-53

avutil-51

avcodec-53

kernel32

msvcp100

msvcr100

Exports

Exports

Sections

.text Size: 219KB - Virtual size: 219KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 219KB - Virtual size: 219KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 20KB