eec83dbee66eb711239900aa7ebd3f98_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eec83dbee66eb711239900aa7ebd3f98_JaffaCakes118
Size

155KB
MD5

eec83dbee66eb711239900aa7ebd3f98
SHA1

e37db7d8e8d7cf2192f019bcd9abb5a350455f6f
SHA256

c223b3687ccfe78bbc2da9b06add51648cc0307a67faef3f8be7e82e1c0aa261
SHA512

62a17f93a29621a9025b67eb0db41571a1fa39697c13fb0b17b3daa18612775306e01baaf52bbfefef8910da7a3ae8096e92100fca9e52f95ffd3bcc3c79ec17
SSDEEP

3072:ZZ+2/YA2ymtvq4boBqyekb39GxWWlruynMtZfhZ4JLNRewZ5CQMY9fV6CGvGTn:ZZtD2/vq6myu9oflnMHpARN8Y+y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eec83dbee66eb711239900aa7ebd3f98_JaffaCakes118

Files

eec83dbee66eb711239900aa7ebd3f98_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a530f7ffe324191c0336c0df1ae66f61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dpwsockx.pdb

Imports

ntdll

RtlUnwind

user32

SetWindowLongA
SetFocus
GetDlgItem
GetWindowLongA
GetDlgItemTextA
EndDialog
DialogBoxParamA
GetForegroundWindow
SendMessageA

kernel32

DeleteCriticalSection
CloseHandle
CreateEventA
InitializeCriticalSection
InterlockedIncrement
GetLastError
InterlockedDecrement
WaitForMultipleObjectsEx
ExitThread
FreeLibrary
GetProcAddress
LoadLibraryA
InterlockedExchange
Sleep
ResetEvent
SetEvent
SetThreadPriority
CreateThread
WaitForSingleObject
GetVersionExA
DisableThreadLibraryCalls
HeapAlloc
GetProcessHeap
ReleaseMutex
UnmapViewOfFile
OpenMutexA
MapViewOfFile
CreateFileMappingA
HeapFree
CreateProcessA
GetSystemDirectoryA
EnterCriticalSection
GetCurrentProcessId
HeapReAlloc
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
ExitProcess
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
LeaveCriticalSection
OpenEventA

wsock32

getpeername
__WSAFDIsSet
select
sendto
inet_addr
getsockopt
recvfrom
gethostbyname
ntohs
bind
socket
ioctlsocket
WSACleanup
gethostname
WSAGetLastError
closesocket
send
htons
listen
recv
accept
getsockname
connect
setsockopt
WSAStartup
inet_ntoa

winmm

timeGetTime

advapi32

RegCloseKey
RegEnumKeyExA
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
FreeSid
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA

dplayx

gdwDPlaySPRefCount

Exports

Exports

ServiceMain
DPWS_GetEnumPort
SPInit

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a530f7ffe324191c0336c0df1ae66f61

Headers

File Characteristics

PDB Paths

Imports

ntdll

user32

kernel32

wsock32

winmm

advapi32

dplayx

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 49KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 100KB - Virtual size: 100KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 49KB - Virtual size: 49KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 100KB - Virtual size: 100KB

.reloc
Size: 3KB - Virtual size: 2KB