ea8c9efe4286b1698a1546bdb770e4df_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ea8c9efe4286b1698a1546bdb770e4df_JaffaCakes118
Size

195KB
MD5

ea8c9efe4286b1698a1546bdb770e4df
SHA1

94774a4026582c60e8e7d02ebfbc0d16b9b3b64e
SHA256

481b30dbf4cec9c9c870ba6fc1d88a53d2ed1013410fa9b6d9a3653c06d9708a
SHA512

030b030a29e1378436b471d417d146107e54d1eb509cb2bcafec5b5aa8b95a153abe78a1d6b2a3b6a9316d4dd20a335ca3ce9d4121c0d79321d7f214900ac256
SSDEEP

6144:OPdYq6GMvz3pqOMKn9Y38RF72TBr7Em2OZK4x:OPmq67b30OEqF72T5Pu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea8c9efe4286b1698a1546bdb770e4df_JaffaCakes118

Files

ea8c9efe4286b1698a1546bdb770e4df_JaffaCakes118
.dll windows:5 windows x86 arch:x86

12b676b078f73f80e726a2209f88ab3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\p4\ipsprobe\bin\vc10-win32\thirdkit.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid

libeay32

ord964
ord965
ord2784
ord339
ord333
ord501
ord3314
ord3510
ord3315
ord3654
ord3312
ord3745
ord3313
ord3669
ord2023
ord657
ord3846
ord1015
ord176
ord2075
ord641
ord78
ord467
ord362
ord181
ord470
ord206
ord648
ord585
ord228
ord1882
ord204
ord466
ord578
ord248
ord576
ord866
ord1654
ord1653
ord1238
ord1182
ord653
ord566
ord1016
ord1216
ord2253
ord3823
ord3686
ord680
ord2596
ord649
ord395
ord2291
ord356
ord129
ord1017
ord2254
ord304
ord3155
ord2927
ord256
ord329
ord983
ord294
ord2996
ord1252
ord396
ord1336
ord2644
ord495
ord2720
ord961
ord486
ord213
ord3819
ord275
ord498
ord2862
ord1335
ord276
ord497
ord400
ord258
ord82
ord3019
ord1334
ord66
ord3874
ord3889
ord118
ord123
ord110
ord156
ord111
ord120
ord150
ord161
ord140
ord151
ord267
ord269
ord268
ord484
ord209
ord2206
ord253
ord3253
ord3283
ord198
ord246
ord3212
ord227
ord3189
ord298
ord2604
ord254
ord224
ord963
ord2747
ord323
ord785
ord796
ord2147
ord3217
ord3024
ord3171
ord3106
ord2412
ord2416
ord2415
ord197
ord1804
ord316
ord464

ssleay32

ord157
ord111
ord231
ord6
ord98
ord170
ord21
ord43
ord16
ord286
ord40
ord1
ord83
ord176
ord15
ord38
ord110
ord73
ord142
ord183
ord78
ord8
ord48
ord108
ord12
ord30
ord24
ord127
ord96
ord77
ord172
ord49
ord75
ord141
ord58
ord177
ord61
ord128
ord35
ord180

msvcr100

__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
__CxxFrameHandler3
memcpy
memset
_write
_close
_read
_vsnprintf
isprint
fputs
calloc
_stricmp
_strnicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
??_V@YAXPAX@Z
_purecall
strchr
_lock
__dllonexit
_unlock
strrchr
isdigit
getenv
fgets
strncpy
atoi
fflush
__iob_func
_time32
_time64
_snprintf
sprintf
fclose
fopen
memchr
isspace
_errno
strncmp
_vswprintf_c_l
malloc
realloc
free
_strdup
strtoul
strtol
memmove
__RTDynamicCast

kernel32

GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetProcessAffinityMask
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
LocalFree
CreateSemaphoreW
ReleaseSemaphore
WaitForSingleObjectEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
OpenProcess
GetCurrentProcessId
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CloseHandle
SetHandleInformation
CreateFileW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetLastError
DisableThreadLibraryCalls
SleepEx

ws2_32

htons
inet_addr
connect
gethostbyname
gethostname
shutdown
setsockopt
socket
closesocket
WSASetLastError
WSAGetLastError
recv
send
WSACloseEvent
WSAConnect
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSASocketW
WSACreateEvent
WSAIoctl
bind
getsockname
ioctlsocket
select
__WSAFDIsSet
getsockopt
WSACleanup
WSAStartup

Exports

Exports

kit3_computeHmac
kit3_decrypt
kit3_decryptFile
kit3_digest
kit3_digestFile
kit3_digestSnmpPw
kit3_encrypt
kit3_encryptFile
kit3_inFipsMode
kit3_ldapBind
kit3_randomize
kit3_runSshell

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12b676b078f73f80e726a2209f88ab3b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

libeay32

ssleay32

msvcr100

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 137KB - Virtual size: 136KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 137KB - Virtual size: 136KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB