c7593f2f95c5b9a4fa581234e8e903ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c7593f2f95c5b9a4fa581234e8e903ff_JaffaCakes118
Size

162KB
MD5

c7593f2f95c5b9a4fa581234e8e903ff
SHA1

a8936b373e2d6334d90176241de329c87d1921dc
SHA256

5df5b2335ef84b2d80c096ddd7198d54413cd12aaf44489059c68f13aa3f33c9
SHA512

cd4f0994e8807763d256e5d264692321b0b0dc72df793bc6184918eec6c72843f4e479a4f89a6a033789931fcdcc74da50f6f0f9079345138ace14a438ca440a
SSDEEP

3072:9OihhNC069D5VeAqg373/9ogEKdHT978HzeQYa0Lo0eI8J2:9OihLh6UAzGgEiHT9kyQj0Lf8J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7593f2f95c5b9a4fa581234e8e903ff_JaffaCakes118

Files

c7593f2f95c5b9a4fa581234e8e903ff_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3565953ee2c9d568140f26d1218001a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\plaplante\My Documents\My Projects\Vanteon\Kodak\ptp\sandbox\fn_ptpip\ptp-pdock\source\PtpITcp\platform\win32\_OUT\Release-Rendezvous\ptpitcp.pdb

Imports

ws2_32

recv
WSACleanup
closesocket
ioctlsocket
WSAIoctl
send
gethostname
recvfrom
WSAGetLastError
WSAEventSelect
sendto
bind
ntohs
connect
WSAStartup
inet_addr
select
htons
shutdown
socket
setsockopt

msvcrt

_beginthreadex
_endthreadex
realloc
strtoul
toupper
strncpy
sprintf
wcsncmp
malloc
calloc
free
_snwprintf
wcstoul
wcschr
strncmp

kernel32

LoadLibraryA
GetProcAddress
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
DisableThreadLibraryCalls
WideCharToMultiByte
InitializeCriticalSection
GetComputerNameA
CreateSemaphoreA
ReleaseSemaphore
EnterCriticalSection
CloseHandle
CreateThread
Sleep
SetEvent
CreateEventA
WaitForMultipleObjects
GetCurrentThreadId
GetTickCount

advapi32

RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey

ole32

CoCreateGuid

Exports

Exports

PtpCancelGetEvt
PtpCancelTransaction
PtpCloseDevice
PtpCloseEnum
PtpCreateEnum
PtpGetEvt
PtpGetRsp
PtpOpenDevice
PtpReadData
PtpSendCmd
PtpWaitAck
PtpWriteData
PtpiCreateTransport

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3565953ee2c9d568140f26d1218001a7

Headers

File Characteristics

PDB Paths

Imports

ws2_32

msvcrt

kernel32

advapi32

ole32

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 7KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 7KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 2KB - Virtual size: 1KB