2580af13fdf6f8a3cc0736e1a967a0f6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2580af13fdf6f8a3cc0736e1a967a0f6_JaffaCakes118
Size

243KB
MD5

2580af13fdf6f8a3cc0736e1a967a0f6
SHA1

27a37d0dffc046fc90ff85e2833fab924c975e89
SHA256

0cc050bbb697950ffc8f49e5e9894ff4c54f102908477b506fd03c50b6e55091
SHA512

f206545b1176e655d12827d341ca7a99ecb5baa77a7c13d1e54bd9591c9ba434c37629198dcadd7fa0d0067f29684bc36c2cfae9ac81144a335e0d4372ddbd67
SSDEEP

3072:uthL+edkV1NWMA1ZrGq7AUe5CBQ0YgfbVzFuZ21Yl3cz6bbQw1m:u7BANyrh8n5C20bhFc2hgb1m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2580af13fdf6f8a3cc0736e1a967a0f6_JaffaCakes118

Files

2580af13fdf6f8a3cc0736e1a967a0f6_JaffaCakes118
.dll windows:5 windows x86 arch:x86

e744815a57dc1c24a548078e68fe62f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dnsapi.pdb

Imports

advapi32

CryptGenRandom
CryptReleaseContext
TraceEvent
RegisterTraceGuidsA
UnregisterTraceGuids
GetTraceLoggerHandle
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ControlService
RegCreateKeyExW
RegOpenKeyExW
RegisterEventSourceW
ReportEventA
CryptAcquireContextA
DeregisterEventSource
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExW
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExW

kernel32

WideCharToMultiByte
LocalFree
LocalReAlloc
LoadLibraryExW
GetSystemTimeAsFileTime
HeapDestroy
GetProcessHeap
LeaveCriticalSection
CloseHandle
EnterCriticalSection
WaitForSingleObject
SetEvent
HeapAlloc
HeapFree
SetLastError
GetLastError
CreateEventA
HeapCreate
PulseEvent
WaitForMultipleObjects
CreateThread
ResetEvent
LocalAlloc
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
ExitThread
CreateSemaphoreA
ReleaseSemaphore
GetSystemDirectoryA
GetTickCount
GetEnvironmentVariableW
GetVersionExA
GetVersion
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
FreeLibrary
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MultiByteToWideChar
CompareStringW
CompareStringA
LCMapStringW
DelayLoadFailureHook

msvcrt

malloc
_initterm
free
srand
rand
atoi
_snwprintf
wcstoul
wcscat
sscanf
_adjust_fdiv
_snprintf
wcschr
strncpy
wcsncpy
_strlwr
strtoul
strncmp
_strupr
sprintf
wcslen
_except_handler3
wcscpy
fopen
wcscmp
strchr
vsprintf
fputs
time
localtime
fprintf
fgets
_strnicmp
strpbrk
fclose
rewind
swprintf
_stricmp

ntdll

RtlIpv6AddressToStringA
RtlIpv6StringToAddressW
RtlIpv6StringToAddressA

rpcrt4

NdrClientCall2
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
UuidCreateSequential
RpcBindingFree
I_RpcExceptionFilter

ws2_32

WSACleanup
bind
closesocket
setsockopt
WSASocketA
WSAJoinLeaf
WSAIoctl
shutdown
WSAStartup
connect
send
sendto
recv
ntohs
select
WSAGetLastError
recvfrom
htonl
htons
inet_addr
inet_ntoa
ntohl
getprotobyname
getprotobynumber
getservbyport

Exports

Exports

BreakRecordsIntoBlob
CombineRecordsInBlob
DnsAcquireContextHandle_A
DnsAcquireContextHandle_W
DnsAddRecordSet_A
DnsAddRecordSet_UTF8
DnsAddRecordSet_W
DnsAllocateRecord
DnsApiAlloc
DnsApiFree
DnsApiHeapReset
DnsApiRealloc
DnsApiSetDebugGlobals
DnsAsyncRegisterHostAddrs
DnsAsyncRegisterInit
DnsAsyncRegisterTerm
DnsCopyStringEx
DnsCreateReverseNameStringForIpAddress
DnsCreateStandardDnsNameCopy
DnsCreateStringCopy
DnsDhcpSrvRegisterHostName
DnsDhcpSrvRegisterInit
DnsDhcpSrvRegisterInitialize
DnsDhcpSrvRegisterTerm
DnsDowncaseDnsNameLabel
DnsExtractRecordsFromMessage_UTF8
DnsExtractRecordsFromMessage_W
DnsFindAuthoritativeZone
DnsFlushResolverCache
DnsFlushResolverCacheEntry_A
DnsFlushResolverCacheEntry_UTF8
DnsFlushResolverCacheEntry_W
DnsFree
DnsFreeConfigStructure
DnsGetBufferLengthForStringCopy
DnsGetCacheDataTable
DnsGetDnsServerList
DnsGetDomainName
DnsGetIpAddressInfoList
DnsGetLastFailedUpdateInfo
DnsGetLocalAddrArray
DnsGetLocalAddrArrayDirect
DnsGetPrimaryDomainName_A
DnsGlobals
DnsIpv6AddressToString
DnsIpv6StringToAddress
DnsIsAMailboxType
DnsIsStatusRcode
DnsIsStringCountValidForTextType
DnsMapRcodeToStatus
DnsModifyRecordSet_A
DnsModifyRecordSet_UTF8
DnsModifyRecordSet_W
DnsModifyRecordsInSet_A
DnsModifyRecordsInSet_UTF8
DnsModifyRecordsInSet_W
DnsNameCompareEx_A
DnsNameCompareEx_UTF8
DnsNameCompareEx_W
DnsNameCompare_A
DnsNameCompare_UTF8
DnsNameCompare_W
DnsNameCopy
DnsNameCopyAllocate
DnsNotifyResolver
DnsNotifyResolverClusterIp
DnsNotifyResolverEx
DnsQueryConfig
DnsQueryConfigAllocEx
DnsQueryConfigDword
DnsQueryExA
DnsQueryExUTF8
DnsQueryExW
DnsQuery_A
DnsQuery_UTF8
DnsQuery_W
DnsRecordBuild_UTF8
DnsRecordBuild_W
DnsRecordCompare
DnsRecordCopyEx
DnsRecordListFree
DnsRecordSetCompare
DnsRecordSetCopyEx
DnsRecordSetDetach
DnsRecordStringForType
DnsRecordStringForWritableType
DnsRecordTypeForName
DnsRegisterClusterAddress
DnsReleaseContextHandle
DnsRemoveRegistrations
DnsReplaceRecordSetA
DnsReplaceRecordSetUTF8
DnsReplaceRecordSetW
DnsSetConfigDword
DnsStatusString
DnsStringCopyAllocateEx
DnsUnicodeToUtf8
DnsUpdate
DnsUpdateTest_A
DnsUpdateTest_UTF8
DnsUpdateTest_W
DnsUtf8ToUnicode
DnsValidateName_A
DnsValidateName_UTF8
DnsValidateName_W
DnsValidateUtf8Byte
DnsWriteQuestionToBuffer_UTF8
DnsWriteQuestionToBuffer_W
DnsWriteReverseNameStringForIpAddress
Dns_AddRecordsToMessage
Dns_AllocateMsgBuf
Dns_BuildPacket
Dns_CacheSocketCleanup
Dns_CacheSocketInit
Dns_CleanupWinsock
Dns_CloseConnection
Dns_CloseHostFile
Dns_CloseSocket
Dns_CreateMulticastSocket
Dns_CreateSocket
Dns_CreateSocketEx
Dns_FindAuthoritativeZoneLib
Dns_GetIpAddresses
Dns_GetLocalIpAddressArray
Dns_GetRandomXid
Dns_InitQueryTimeouts
Dns_InitializeMsgRemoteSockaddr
Dns_InitializeWinsock
Dns_OpenHostFile
Dns_OpenTcpConnectionAndSend
Dns_ParseMessage
Dns_ParsePacketRecord
Dns_PingAdapterServers
Dns_ReadHostFileLine
Dns_ReadPacketName
Dns_ReadPacketNameAllocate
Dns_ReadRecordStructureFromPacket
Dns_RecvTcp
Dns_ResetNetworkInfo
Dns_SendAndRecvUdp
Dns_SendEx
Dns_SetRecordDatalength
Dns_SkipPacketName
Dns_SkipToRecord
Dns_UpdateLib
Dns_UpdateLibEx
Dns_WriteDottedNameToPacket
Dns_WriteQuestionToMessage
Dns_WriteRecordStructureToPacketEx
GetCurrentTimeInSeconds
GetRecordsForLocalName
NetInfo_Build
NetInfo_Clean
NetInfo_Copy
NetInfo_Free
NetInfo_IsForUpdate
NetInfo_ResetServerPriorities
QueryDirectEx
Query_Main
Reg_ReadGlobalsEx

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 99KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e744815a57dc1c24a548078e68fe62f2

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

rpcrt4

ws2_32

Exports

Exports

Sections

.text Size: 126KB - Virtual size: 126KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 5KB - Virtual size: 4KB

.text Size: 99KB - Virtual size: 100KB

.text
Size: 126KB - Virtual size: 126KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 99KB - Virtual size: 100KB