fb8b727ae8712c19c517611221675e65_JaffaCakes118

General

Target

fb8b727ae8712c19c517611221675e65_JaffaCakes118
Size

13KB
MD5

fb8b727ae8712c19c517611221675e65
SHA1

c20bd9b01dbe5cc2abb1ac42b788cdf6211bdff9
SHA256

856b6b318c7e798caf5d7e0893fedbc763b61d30a48fc5bc4aba6f62bcf7b203
SHA512

ffe3c0a818670f71a8039abfd1ea54dd7510f5a83c3e0d3b2f7eb4aaf234af5467d03e82a05e7be0d1cde7f5841f36f787056c14e92dba6dda637424176e08f6
SSDEEP

192:3s/r4c7t9YvaV+cJjkdLFhozIthzgHpJhNwE4mKvIGslfBTPAIfV1K3Xk6Ckpbmm:cz7t/McFkdLboWuB4mKIGUlQ069C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb8b727ae8712c19c517611221675e65_JaffaCakes118

Files

fb8b727ae8712c19c517611221675e65_JaffaCakes118
.dll windows:4 windows x86 arch:x86

16d1cb3e9ae2a61eebc1f3ce2dff7541

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

nsldap32v50

ord431
ord430
ord419
ord531
ord530
ord418
ord200
ord529
ord13
ord85

nspr4

PR_CallOnce
PR_NewThreadPrivateIndex
PR_SetThreadPrivate
PR_AtomicIncrement
PR_GetCurrentThread
PR_Unlock
PR_Lock
PR_DestroyLock
PR_NewLock
PR_GetAddrInfoByName
PR_EnumerateAddrInfo
PR_FreeAddrInfo
PR_Poll
PR_Malloc
PR_Realloc
PR_Free
PR_Calloc
PR_OpenTCPSocket
PR_SetSocketOption
PR_Close
PR_Connect
PR_Send
PR_Recv
PR_MillisecondsToInterval
PR_GetError
PR_GetOSError
PR_SetError
PR_StringToNetAddr
PR_htons
PR_GetHostByAddr
PR_GetIPNodeByName
PR_GetThreadPrivate

msvcr80

__clean_type_info_names_internal
_encode_pointer
_malloc_crt
_encoded_null
free
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
memcpy
_crt_debugger_hook
__CppXcptFilter

kernel32

InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount

Exports

Exports

prldap_get_session_info
prldap_get_session_option
prldap_get_socket_info
prldap_init
prldap_install_routines
prldap_set_session_info
prldap_set_session_option
prldap_set_socket_info

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 726B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16d1cb3e9ae2a61eebc1f3ce2dff7541

Headers

File Characteristics

Imports

nsldap32v50

nspr4

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 726B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 726B