fbfc31d64c74dcb967f948ea03f4ceb5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fbfc31d64c74dcb967f948ea03f4ceb5_JaffaCakes118
Size

152KB
MD5

fbfc31d64c74dcb967f948ea03f4ceb5
SHA1

265aded17bf17627c50d8a6839e10dde50bde1e8
SHA256

c630c39189a1eccb5d0b0a62845daadee78312defbcf849656c159bad14b2ad1
SHA512

1bb6d1e4d01cd70a457ebcc22ab93299603699d067c377f5648c2203be626dbc366ba1d2865a74f79c9a1da7d6828835ebec292b9d9225c67a636fa0702c24b8
SSDEEP

3072:cCM10vzGWxlJCo/g6w1QPUhUapVsJfNsyU39nWshW:I1wnxlB/LUhbpGTsz35Vs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbfc31d64c74dcb967f948ea03f4ceb5_JaffaCakes118

Files

fbfc31d64c74dcb967f948ea03f4ceb5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e531bacc748133656219c5103fe6fbcc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\BUILD_AREA\jdk6\control\build\windows-i586\tmp\sun\java.net\net\obj\net.pdb

Imports

java

_JNU_NewStringPlatform@8
_JNU_ThrowByName@12
_JNU_ReleaseStringPlatformChars@12
_JNU_ThrowOutOfMemoryError@8
_JNU_ThrowByNameWithLastError@12
jio_snprintf
_JNU_ThrowNullPointerException@8
_JNU_GetStringPlatformChars@12

ws2_32

recvfrom
gethostname
gethostbyname
gethostbyaddr
WSASendDisconnect
WSAStartup
WSACleanup
recv
send
accept
listen
ioctlsocket
shutdown
__WSAFDIsSet
getprotobyname
getsockopt
socket
sendto
WSAIoctl
getsockname
WSASetLastError
ntohs
select
htonl
WSAGetLastError
setsockopt
bind
WSACreateEvent
WSAEventSelect
htons
connect
WSACloseEvent
closesocket
ntohl

jvm

_JVM_CurrentTimeMillis@8
_JVM_InitializeSocketLibrary@0
_JVM_GetSockOpt@20

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA

msvcr71

_initterm
wcscpy
strtok
strncmp
strstr
strchr
sscanf
fprintf
_adjust_fdiv
_assert
__CppXcptFilter
strerror
_errno
memset
isspace
strcmp
sprintf
strcpy
calloc
strlen
strncpy
wcslen
malloc
realloc
memcpy
free
_except_handler3
__dllonexit
_onexit
strcat
_strdup
_iob

kernel32

EnterCriticalSection
LeaveCriticalSection
GetVersionExA
LoadLibraryA
GetProcAddress
GetOverlappedResult
FreeLibrary
Sleep
SetHandleInformation
InitializeCriticalSection

Exports

Exports

_JNI_OnLoad@8
_Java_java_net_DatagramPacket_init@8
_Java_java_net_Inet4AddressImpl_getHostByAddr@12
_Java_java_net_Inet4AddressImpl_getLocalHostName@8
_Java_java_net_Inet4AddressImpl_isReachable0@24
_Java_java_net_Inet4AddressImpl_lookupAllHostAddr@12
_Java_java_net_Inet4Address_init@8
_Java_java_net_Inet6AddressImpl_getHostByAddr@12
_Java_java_net_Inet6AddressImpl_getLocalHostName@8
_Java_java_net_Inet6AddressImpl_isReachable0@32
_Java_java_net_Inet6AddressImpl_lookupAllHostAddr@12
_Java_java_net_Inet6Address_init@8
_Java_java_net_InetAddressImplFactory_isIPv6Supported@8
_Java_java_net_InetAddress_init@8
_Java_java_net_NetworkInterface_getAll@8
_Java_java_net_NetworkInterface_getAll_XP@8
_Java_java_net_NetworkInterface_getByIndex@12
_Java_java_net_NetworkInterface_getByIndex_XP@12
_Java_java_net_NetworkInterface_getByInetAddress0@12
_Java_java_net_NetworkInterface_getByInetAddress0_XP@12
_Java_java_net_NetworkInterface_getByName0@12
_Java_java_net_NetworkInterface_getByName0_XP@12
_Java_java_net_NetworkInterface_getMTU0@16
_Java_java_net_NetworkInterface_getMTU0_XP@16
_Java_java_net_NetworkInterface_getMacAddr0@20
_Java_java_net_NetworkInterface_getMacAddr0_XP@16
_Java_java_net_NetworkInterface_init@8
_Java_java_net_NetworkInterface_isLoopback0@16
_Java_java_net_NetworkInterface_isLoopback0_XP@16
_Java_java_net_NetworkInterface_isP2P0@16
_Java_java_net_NetworkInterface_isP2P0_XP@16
_Java_java_net_NetworkInterface_isUp0@16
_Java_java_net_NetworkInterface_isUp0_XP@16
_Java_java_net_NetworkInterface_supportsMulticast0@16
_Java_java_net_NetworkInterface_supportsMulticast0_XP@16
_Java_java_net_PlainDatagramSocketImpl_bind0@16
_Java_java_net_PlainDatagramSocketImpl_connect0@16
_Java_java_net_PlainDatagramSocketImpl_datagramSocketClose@8
_Java_java_net_PlainDatagramSocketImpl_datagramSocketCreate@8
_Java_java_net_PlainDatagramSocketImpl_disconnect0@12
_Java_java_net_PlainDatagramSocketImpl_getTTL@8
_Java_java_net_PlainDatagramSocketImpl_getTimeToLive@8
_Java_java_net_PlainDatagramSocketImpl_init@8
_Java_java_net_PlainDatagramSocketImpl_join@16
_Java_java_net_PlainDatagramSocketImpl_leave@16
_Java_java_net_PlainDatagramSocketImpl_peek@12
_Java_java_net_PlainDatagramSocketImpl_peekData@12
_Java_java_net_PlainDatagramSocketImpl_receive0@12
_Java_java_net_PlainDatagramSocketImpl_send@12
_Java_java_net_PlainDatagramSocketImpl_setTTL@12
_Java_java_net_PlainDatagramSocketImpl_setTimeToLive@12
_Java_java_net_PlainDatagramSocketImpl_socketGetOption@12
_Java_java_net_PlainDatagramSocketImpl_socketSetOption@16
_Java_java_net_PlainSocketImpl_initProto@8
_Java_java_net_PlainSocketImpl_socketAccept@12
_Java_java_net_PlainSocketImpl_socketAvailable@8
_Java_java_net_PlainSocketImpl_socketBind@16
_Java_java_net_PlainSocketImpl_socketClose0@12
_Java_java_net_PlainSocketImpl_socketConnect@20
_Java_java_net_PlainSocketImpl_socketCreate@12
_Java_java_net_PlainSocketImpl_socketGetOption@16
_Java_java_net_PlainSocketImpl_socketListen@12
_Java_java_net_PlainSocketImpl_socketSendUrgentData@12
_Java_java_net_PlainSocketImpl_socketSetOption@20
_Java_java_net_PlainSocketImpl_socketShutdown@12
_Java_java_net_SocketInputStream_init@8
_Java_java_net_SocketInputStream_socketRead0@28
_Java_java_net_SocketOutputStream_init@8
_Java_java_net_SocketOutputStream_socketWrite0@24
_Java_sun_net_dns_ResolverConfigurationImpl_init0@8
_Java_sun_net_dns_ResolverConfigurationImpl_loadDNSconfig0@8
_Java_sun_net_dns_ResolverConfigurationImpl_notifyAddrChange0@8
_Java_sun_net_spi_DefaultProxySelector_getSystemProxy@16
_Java_sun_net_spi_DefaultProxySelector_init@8
_Java_sun_net_www_protocol_http_NTLMAuthSequence_getCredentialsHandle@20
_Java_sun_net_www_protocol_http_NTLMAuthSequence_getNextToken@20
_Java_sun_net_www_protocol_http_NTLMAuthSequence_initFirst@8
_NET_Bind@12
_NET_BindV6@4
_NET_GetSockOpt@20
_NET_InetAddressToSockaddr@24
_NET_MapSocketOption@12
_NET_MapSocketOptionV6@12
_NET_SetSockOpt@20
_NET_SocketClose@4
_NET_ThrowNew@12
_NET_Timeout2@16
_NET_Timeout@8
_ipv6_available@0

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e531bacc748133656219c5103fe6fbcc

Headers

File Characteristics

PDB Paths

Imports

java

ws2_32

jvm

advapi32

msvcr71

kernel32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 872B

.rsrc Size: 4KB - Virtual size: 904B

.reloc Size: 4KB - Virtual size: 3KB

.text Size: 76KB - Virtual size: 76KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 872B

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 76KB - Virtual size: 76KB