e0e2911aa0afa0abf46306aaf4734b05_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e0e2911aa0afa0abf46306aaf4734b05_JaffaCakes118
Size

288KB
MD5

e0e2911aa0afa0abf46306aaf4734b05
SHA1

dfb11767602c0db18199705b1d3267a7f6348270
SHA256

8c54dbbe2436ec325dfb377d2b640111ce602067a60e65b44e346422256b497e
SHA512

5e56f0b104b23f400236243c2ca81f894189b90ab8a8b11b27afcfa5e1bd6bffd13c1b29088fbd3c8c284d8a45959bb6a9a994d4f7c3e65fd9839ea5277dba89
SSDEEP

6144:PAiEWfkTwknxSAQqBBYIFWsSO848iYuTRSRTl5XDhokxyga5hFIdGMMEB:PAiEWfkTw4xS07Wq9R0n5DWkfOh2MEB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0e2911aa0afa0abf46306aaf4734b05_JaffaCakes118

Files

e0e2911aa0afa0abf46306aaf4734b05_JaffaCakes118
.dll windows:5 windows x86 arch:x86

70d67be1b3aebbb470a766a0f3a7bef6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

I:\builds\main\lens_correct.barkin\psdotcomsdk\thirdparty\libcurl\lib\Win32\Release\libcurl.pdb

Imports

ws2_32

recvfrom
sendto
send
select
__WSAFDIsSet
inet_ntoa
gethostname
WSASetLastError
gethostbyname
listen
accept
WSAStartup
WSACleanup
recv
socket
connect
closesocket
setsockopt
getsockopt
inet_addr
htons
bind
getsockname
ntohs
WSAGetLastError
ioctlsocket

wldap32

ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46

ssleay32

ord108
ord242
ord61
ord157
ord43
ord127
ord130
ord110
ord116
ord113
ord172
ord12
ord243
ord6
ord15
ord141
ord21
ord90
ord87
ord31
ord78
ord58
ord96
ord86
ord8
ord76
ord74
ord183
ord235
ord17
ord222
ord30
ord24
ord75
ord49
ord126
ord48
ord5
ord77

libeay32

ord1
ord641
ord653
ord680
ord1958
ord1654
ord1653
ord2023
ord1216
ord579
ord578
ord566
ord1951
ord188
ord2442
ord181
ord254
ord227
ord223
ord224
ord298
ord2291
ord1015
ord657
ord585
ord654
ord280
ord281
ord467
ord468
ord466
ord2254
ord464
ord341
ord342
ord340
ord2437
ord2436
ord2435
ord2075
ord784
ord809
ord808

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
GetStdHandle
GetFileType
ReadFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
PeekNamedPipe
FormatMessageA
Sleep
GetLastError
GetTickCount
TerminateThread
GetExitCodeThread
SetLastError
CreateMutexA
CreateEventA
WaitForMultipleObjects
SetEvent
ReleaseMutex
WaitForSingleObject
GetCurrentProcess
DuplicateHandle
CloseHandle
ExpandEnvironmentStringsA
SleepEx

msvcr90

memset
memcpy
strchr
_time64
_strtoi64
strncmp
atoi
sscanf
fclose
fgets
fopen
__iob_func
fputs
free
malloc
calloc
realloc
fwrite
fread
strtol
isxdigit
_gmtime64
isspace
_stat64
_lseeki64
_fstat64
rand
srand
isdigit
strstr
toupper
getenv
_errno
_beginthreadex
strtoul
sprintf
fputc
strncpy
_strnicmp
_mktime64
isalnum
isalpha
fflush
strerror
__sys_nerr
fseek
memchr
memmove
tolower
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_strdup
_close
_fdopen
_open
_read
_stricmp
strrchr

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

70d67be1b3aebbb470a766a0f3a7bef6

Headers

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

ssleay32

libeay32

kernel32

msvcr90

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 140KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 7KB - Virtual size: 7KB

.text Size: 108KB - Virtual size: 112KB

.text
Size: 140KB - Virtual size: 140KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 108KB - Virtual size: 112KB