29f1b7426bcf0ff46b03d5f50af3e8e3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29f1b7426bcf0ff46b03d5f50af3e8e3_JaffaCakes118
Size

514KB
MD5

29f1b7426bcf0ff46b03d5f50af3e8e3
SHA1

898981d4767099d8ecd9e53a6b85c4dfe6c5d0fb
SHA256

8bdbda6b4d1b1cb3288036d6a159c98bfc5594bdeabf9258028d9672a1409c8a
SHA512

bdaf8e88c953c93feef82d9acf6a267f69ae6fce142a6a1f956a4ad475d2896d79e4a5727f5a4690d206ea950fc2795548994b18af09e7955461a8abee605646
SSDEEP

12288:EQ5sKIWUmUJmns8bwpe+tt5Tc3Q/EB2eAJwCvvIs:zsKIzU7bwpeSg3Eu6JwgAs

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/samp-mysql-win32/libmysql.dll
unpack001/samp-mysql-win32/sampmysql.dll

Files

29f1b7426bcf0ff46b03d5f50af3e8e3_JaffaCakes118
.rar
samp-mysql-win32/compilation.txt
samp-mysql-win32/libmysql.dll
.dll windows:4 windows x86 arch:x86

0c24d3057c411efc40134236b7026577

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

getpeername
shutdown
closesocket
setsockopt
send
recv
inet_ntoa
inet_addr
WSAStartup
WSACleanup
gethostbyname
getservbyname
ntohs
socket
WSAGetLastError
ioctlsocket
htons
connect

kernel32

GetFullPathNameA
GetCurrentDirectoryA
GetDriveTypeA
GetLocaleInfoW
LCMapStringW
LCMapStringA
LoadLibraryA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
RaiseException
HeapSize
InterlockedExchange
SetEnvironmentVariableA
GetLocaleInfoA
LeaveCriticalSection
EnterCriticalSection
CloseHandle
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
GetLastError
UnmapViewOfFile
WaitForSingleObject
SetEvent
OpenFileMappingA
OpenEventA
InitializeCriticalSection
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetCurrentThreadId
GetFileAttributesExA
SetEndOfFile
SetFilePointer
InterlockedIncrement
DeleteCriticalSection
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateSemaphoreA
Sleep
ReadFile
WriteFile
WaitForMultipleObjects
GetFileInformationByHandle
PeekNamedPipe
MapViewOfFile
ExitProcess
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
SetEnvironmentVariableW
GetFileAttributesA
SetStdHandle
GetFileType
WideCharToMultiByte
GetTimeZoneInformation
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetVersionExA
SetHandleCount
GetStdHandle
GetStartupInfoA
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
FlushFileBuffers
VirtualProtect
GetSystemInfo
VirtualQuery
UnhandledExceptionFilter
RtlUnwind
GetCPInfo
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
CompareStringA
CompareStringW
GetACP
GetOEMCP

advapi32

RegEnumValueA
RegCloseKey
RegOpenKeyExA

Exports

Exports

_dig_vec_lower
_dig_vec_upper
bmove_upp
client_errors
delete_dynamic
free_defaults
get_defaults_options
getopt_compare_strings
getopt_ull_limit_value
handle_options
init_dynamic_array
insert_dynamic
int2str
is_prefix
list_add
list_delete
load_defaults
modify_defaults_file
my_end
my_getopt_print_errors
my_init
my_malloc
my_memdup
my_no_flags_free
my_path
my_print_help
my_print_variables
my_realloc
my_strdup
myodbc_remove_escape
mysql_affected_rows
mysql_autocommit
mysql_change_user
mysql_character_set_name
mysql_close
mysql_commit
mysql_data_seek
mysql_debug
mysql_disable_reads_from_master
mysql_disable_rpl_parse
mysql_dump_debug_info
mysql_embedded
mysql_enable_reads_from_master
mysql_enable_rpl_parse
mysql_eof
mysql_errno
mysql_error
mysql_escape_string
mysql_fetch_field
mysql_fetch_field_direct
mysql_fetch_fields
mysql_fetch_lengths
mysql_fetch_row
mysql_field_count
mysql_field_seek
mysql_field_tell
mysql_free_result
mysql_get_character_set_info
mysql_get_client_info
mysql_get_client_version
mysql_get_host_info
mysql_get_parameters
mysql_get_proto_info
mysql_get_server_info
mysql_get_server_version
mysql_hex_string
mysql_info
mysql_init
mysql_insert_id
mysql_kill
mysql_list_dbs
mysql_list_fields
mysql_list_processes
mysql_list_tables
mysql_master_query
mysql_more_results
mysql_next_result
mysql_num_fields
mysql_num_rows
mysql_odbc_escape_string
mysql_options
mysql_ping
mysql_query
mysql_read_query_result
mysql_real_connect
mysql_real_escape_string
mysql_real_query
mysql_refresh
mysql_rollback
mysql_row_seek
mysql_row_tell
mysql_rpl_parse_enabled
mysql_rpl_probe
mysql_rpl_query_type
mysql_select_db
mysql_send_query
mysql_server_end
mysql_server_init
mysql_set_character_set
mysql_set_local_infile_default
mysql_set_local_infile_handler
mysql_set_server_option
mysql_shutdown
mysql_slave_query
mysql_sqlstate
mysql_ssl_set
mysql_stat
mysql_stmt_affected_rows
mysql_stmt_attr_get
mysql_stmt_attr_set
mysql_stmt_bind_param
mysql_stmt_bind_result
mysql_stmt_close
mysql_stmt_data_seek
mysql_stmt_errno
mysql_stmt_error
mysql_stmt_execute
mysql_stmt_fetch
mysql_stmt_fetch_column
mysql_stmt_field_count
mysql_stmt_free_result
mysql_stmt_init
mysql_stmt_insert_id
mysql_stmt_num_rows
mysql_stmt_param_count
mysql_stmt_param_metadata
mysql_stmt_prepare
mysql_stmt_reset
mysql_stmt_result_metadata
mysql_stmt_row_seek
mysql_stmt_row_tell
mysql_stmt_send_long_data
mysql_stmt_sqlstate
mysql_stmt_store_result
mysql_store_result
mysql_thread_end
mysql_thread_id
mysql_thread_init
mysql_thread_safe
mysql_use_result
mysql_warning_count
set_dynamic
strcend
strcont
strdup_root
strfill
strinstr
strmake
strmov
strxmov

Sections

.text
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 980KB - Virtual size: 990KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samp-mysql-win32/sampmysql.dll
.dll windows:4 windows x86 arch:x86

d0266f7aa94089591ed9a34e21d65304

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CreateSemaphoreA
FindAtomA
GetAtomNameA
GetLastError
InterlockedDecrement
InterlockedIncrement
ReleaseSemaphore
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject

msvcrt

__dllonexit
_assert
_errno
_iob
abort
atoi
fflush
fprintf
free
malloc
memset
sprintf
strcat
strcmp
strcpy
strlen
strtok

libmysql

mysql_close
mysql_error
mysql_fetch_fields
mysql_fetch_lengths
mysql_fetch_row
mysql_free_result
mysql_init
mysql_num_fields
mysql_num_rows
mysql_ping
mysql_query
mysql_real_connect
mysql_real_escape_string
mysql_select_db
mysql_store_result

Exports

Exports

AmxLoad
AmxLoad@4
AmxUnload
AmxUnload@4
Load
Load@4
SAMPMySQLNatives
Supports
Supports@0
Unload
Unload@0
_Z13set_amxstringP6tagAMXiPci
amx_Align16
amx_Align32
amx_Allot
amx_Callback
amx_Cleanup
amx_Clone
amx_Exec
amx_FindNative
amx_FindPubVar
amx_FindPublic
amx_FindTagId
amx_Flags
amx_GetAddr
amx_GetNative
amx_GetPubVar
amx_GetPublic
amx_GetString
amx_GetTag
amx_GetUserData
amx_Init
amx_InitJIT
amx_MemInfo
amx_NameLength
amx_NativeInfo
amx_NumNatives
amx_NumPubVars
amx_NumPublics
amx_NumTags
amx_Push
amx_PushArray
amx_PushString
amx_RaiseError
amx_Register
amx_Release
amx_SetCallback
amx_SetDebugHook
amx_SetString
amx_SetUserData
amx_StrLen
amx_UTF8Check
amx_UTF8Get
amx_UTF8Len
amx_UTF8Put
assoc_row
connexion
logprintf
pAMXFunctions
ppPluginData
result
stringtosplit

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samp-mysql-win32/src/Makefile.win
samp-mysql-win32/src/SDK/amx/amx.c
samp-mysql-win32/src/SDK/amx/amx.h
samp-mysql-win32/src/SDK/amx/getch.h
samp-mysql-win32/src/SDK/amx/sclinux.h
samp-mysql-win32/src/SDK/amxplugin.cpp
samp-mysql-win32/src/SDK/amxplugin.o
samp-mysql-win32/src/SDK/getch.c
samp-mysql-win32/src/SDK/getch.o
samp-mysql-win32/src/SDK/plugin.h
samp-mysql-win32/src/SDK/plugincommon.h
samp-mysql-win32/src/libsampmysql.a
samp-mysql-win32/src/libsampmysql.def
samp-mysql-win32/src/samp-mysql.dev
samp-mysql-win32/src/samp-mysql.layout
samp-mysql-win32/src/samp-mysql_private.h
samp-mysql-win32/src/samp-mysql_private.rc
samp-mysql-win32/src/samp-mysql_private.res
samp-mysql-win32/src/sampmysql.cpp

Sharing

General

Malware Config

Signatures

Files

0c24d3057c411efc40134236b7026577

Headers

File Characteristics

Imports

wsock32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 220KB - Virtual size: 216KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 980KB - Virtual size: 990KB

.reloc Size: 20KB - Virtual size: 16KB

d0266f7aa94089591ed9a34e21d65304

Headers

File Characteristics

Imports

kernel32

msvcrt

libmysql

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.data Size: 512B - Virtual size: 192B

.rdata Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 17KB

.edata Size: 1KB - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 916B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 220KB - Virtual size: 216KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 980KB - Virtual size: 990KB

.reloc
Size: 20KB - Virtual size: 16KB

.text
Size: 21KB - Virtual size: 21KB

.data
Size: 512B - Virtual size: 192B

.rdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 17KB

.edata
Size: 1KB - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 916B

.reloc
Size: 1KB - Virtual size: 1KB