2e31d705cb5b874e0719d2d4e34eb2d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e31d705cb5b874e0719d2d4e34eb2d1_JaffaCakes118
Size

812KB
MD5

2e31d705cb5b874e0719d2d4e34eb2d1
SHA1

22e8b709877ed97d959cb05f870de65e4e3cf121
SHA256

703fe14dbd3bec44773516eda74603cbaf746f49f3384322704594ba9f714840
SHA512

b7b693d928b6c8b4caafcc5a70cc9bd6d56da2b7010417b7c91365cd2746fb1af86775eb72e57d664ac30d41392ce6d46fa75ba18a3c6725fbc9df3fa40e6bef
SSDEEP

12288:w3116wUMKl0Ib4QYPtX0jCpTl2TqMiPHw4wIT8EQ2w+AOtvlvNxvSMSvF+YJD71u:q116MKlXbnYVr2TqZbk26yvLvS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e31d705cb5b874e0719d2d4e34eb2d1_JaffaCakes118

Files

2e31d705cb5b874e0719d2d4e34eb2d1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a4a5d8c233fc18e54bfd3023b10daad1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Q:\build\libreoffice-3.3.1.2\berkeleydb\wntmsci12.pro\bin\libdb47.pdb

Imports

msvcr90

memset
memcpy
_crt_debugger_hook
fclose
isspace
strchr
fgets
fopen
memmove
fprintf
__iob_func
_time64
isprint
_snprintf
_vsnprintf
fflush
vfprintf
strerror
strtol
strtoul
signal
raise
_errno
printf
qsort
exit
abort
isalpha
malloc
realloc
_close
_open
_ctime64
strncpy
_snwprintf
getenv
_ftime64
wcsrchr
rand
srand
strncat
_localtime64
strftime
strncmp
atol
isdigit
_getcwd
fgetc
fwrite
strrchr
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_stricmp
_encode_pointer

kernel32

GetFileAttributesW
MultiByteToWideChar
FindFirstFileW
GetLastError
WideCharToMultiByte
FindNextFileW
FindClose
GetSystemInfo
PulseEvent
InterlockedIncrement
WaitForSingleObject
CloseHandle
InterlockedDecrement
CreateEventW
LockFileEx
InterlockedExchange
Sleep
InterlockedCompareExchange
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileInformationByHandle
SignalObjectAndWait
ReleaseMutex
CreateMutexW
SetEvent
CreateThread
GetTempPathW
GetVersionExW
GetVersion
SetEndOfFile
SetFilePointer
MoveFileW
MoveFileExW
DeleteFileW
GetDiskFreeSpaceW
CreateFileW
CreateDirectoryW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
WriteFile
ReadFile
GetEnvironmentVariableW
FormatMessageA
SetLastError
FlushFileBuffers
LockFile
UnlockFile
IsDebuggerPresent
ResetEvent

ws2_32

setsockopt
bind
listen
ntohl
send
socket
connect
accept
closesocket
WSACloseEvent
WSACreateEvent
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACleanup
WSAEventSelect
WSARecv
WSASend
WSAStartup
ioctlsocket
ntohs
WSAGetLastError
WSASetLastError
inet_addr
gethostbyname
htonl
htons

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Exports

Exports

GetVersionInfo
__bam_adj_read
__bam_cadjust_read
__bam_cdel_read
__bam_curadj_read
__bam_merge_44_read
__bam_merge_read
__bam_pgin
__bam_pgno_read
__bam_pgout
__bam_rcuradj_read
__bam_relink_43_read
__bam_relink_read
__bam_repl_read
__bam_root_read
__bam_rsplit_read
__bam_split_read
__config_split
__crdel_inmem_create_read
__crdel_inmem_remove_read
__crdel_inmem_rename_read
__crdel_metasub_read
__db_Cstrsep
__db_add_recovery_int
__db_addrem_read
__db_big_read
__db_cksum_read
__db_dbm_close
__db_dbm_delete
__db_dbm_fetch
__db_dbm_firstkey
__db_dbm_init
__db_dbm_nextkey
__db_dbm_store
__db_debug_read
__db_dispatch
__db_dl
__db_dumptree
__db_err
__db_errx
__db_get_flags_fn
__db_get_seq_flags_fn
__db_getlong
__db_getulong
__db_global_values
__db_hcreate
__db_hdestroy
__db_hsearch
__db_isbigendian
__db_loadme
__db_mkpath
__db_msg
__db_ndbm_clearerr
__db_ndbm_close
__db_ndbm_delete
__db_ndbm_dirfno
__db_ndbm_error
__db_ndbm_fetch
__db_ndbm_firstkey
__db_ndbm_nextkey
__db_ndbm_open
__db_ndbm_pagfno
__db_ndbm_rdonly
__db_ndbm_store
__db_noop_read
__db_ovref_read
__db_pg_alloc_42_read
__db_pg_alloc_read
__db_pg_free_42_read
__db_pg_free_read
__db_pg_freedata_42_read
__db_pg_freedata_read
__db_pg_init_read
__db_pg_sort_read
__db_pgin
__db_pgout
__db_pr_callback
__db_relink_42_read
__db_rpath
__db_stat_pp
__db_stat_print_pp
__db_util_cache
__db_util_interrupted
__db_util_logset
__db_util_siginit
__db_util_sigresend
__db_verify_internal
__db_win32_mutex_lock
__db_win32_mutex_unlock
__dbreg_register_read
__env_panic
__fop_create_read
__fop_file_remove_read
__fop_remove_read
__fop_rename_read
__fop_write_read
__ham_chgpg_read
__ham_copypage_read
__ham_curadj_read
__ham_func2
__ham_func3
__ham_func4
__ham_func5
__ham_get_meta
__ham_groupalloc_42_read
__ham_groupalloc_read
__ham_insdel_read
__ham_metagroup_42_read
__ham_metagroup_read
__ham_newpage_read
__ham_pgin
__ham_pgout
__ham_release_meta
__ham_replace_read
__ham_splitdata_read
__ham_test
__lock_id_set
__lock_list_print
__log_stat_pp
__mutex_set_wait_info
__os_abort
__os_abspath
__os_calloc
__os_closehandle
__os_cpu_count
__os_ctime
__os_dirfree
__os_dirlist
__os_exists
__os_fdlock
__os_fileid
__os_free
__os_freeaddrinfo
__os_fsync
__os_get_errno
__os_get_syserr
__os_getaddrinfo
__os_getenv
__os_gettime
__os_id
__os_io
__os_ioinfo
__os_isroot
__os_malloc
__os_mapfile
__os_mkdir
__os_open
__os_openhandle
__os_physwrite
__os_posix_err
__os_read
__os_realloc
__os_rename
__os_seek
__os_set_errno
__os_strdup
__os_truncate
__os_ufree
__os_umalloc
__os_unique_id
__os_unlink
__os_unmapfile
__os_urealloc
__os_write
__os_yield
__qam_add_read
__qam_del_read
__qam_delext_read
__qam_incfirst_read
__qam_mvptr_read
__qam_pgin_out
__rep_stat_print
__txn_child_read
__txn_ckp_42_read
__txn_ckp_read
__txn_id_set
__txn_recycle_read
__txn_regop_42_read
__txn_regop_read
__txn_xa_regop_read
db_create
db_env_create
db_env_set_func_free
db_env_set_func_malloc
db_env_set_func_realloc
db_sequence_create
db_strerror
db_version
db_xa_switch
log_compare

Sections

.text
Size: 702KB - Virtual size: 701KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4a5d8c233fc18e54bfd3023b10daad1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

kernel32

ws2_32

advapi32

Exports

Exports

Sections

.text Size: 702KB - Virtual size: 701KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 82KB - Virtual size: 82KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 702KB - Virtual size: 701KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 82KB - Virtual size: 82KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB