3822ceb22923f3ad1413eb9874cea4e4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3822ceb22923f3ad1413eb9874cea4e4_JaffaCakes118
Size

353KB
MD5

3822ceb22923f3ad1413eb9874cea4e4
SHA1

d4271f772485288ae9e0b308377203687d587c26
SHA256

c4fd2ea3b89d4e066c19f53de983d059980d7838e7b293eb7b0292f938332282
SHA512

28a5b747e1e5fe39ed592780a797e986c588a8a8e09a317d762a9c20e32977061889d164f8073966c7613f5fc10dc4c98c583dc702ccacc7bd7a34464a939dd3
SSDEEP

6144:vaYjkN88uoxw8YdKXnXSloxjnHHRwjF3dzqzcLe1rO2BHFp7r:vaekNNuP8G8G+THxk1dzu2kO2BHj7r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3822ceb22923f3ad1413eb9874cea4e4_JaffaCakes118

Files

3822ceb22923f3ad1413eb9874cea4e4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8cc9eb65e98d7b229eb04e9bbff7df28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\src\epc3live\src\epc-new\src\epc2-plugins\device-discovery-rediscovery\Discovery\Release\HPEPCEnm.pdb

Imports

ws2_32

WSAAddressToStringW
select
recvfrom
recv
ntohs
sendto
bind
setsockopt
WSAIoctl
WSAStringToAddressW
WSAGetLastError
htons
gethostname
getaddrinfo
socket
freeaddrinfo
closesocket
WSAStartup

kernel32

GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
OutputDebugStringW
Sleep
FreeLibrary
GetProcAddress
LoadLibraryW
DeviceIoControl
CreateFileA
CloseHandle
WriteFile
ReadFile
GetTickCount
GetLastError
GetVersionExA
LocalFree
FormatMessageA
QueryPerformanceFrequency
GetConsoleMode
lstrcmpiA
InterlockedIncrement
CreateMutexA
OpenMutexA
SetFilePointer
OutputDebugStringA
ReleaseMutex
WaitForSingleObject
InterlockedDecrement
UnlockFile
SetEndOfFile
LockFile
GetFileSize
SetLastError
GetCurrentThreadId
GetCurrentProcessId
GetTimeFormatA
GetDateFormatA
LCMapStringA
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
QueryPerformanceCounter
RtlUnwind
MultiByteToWideChar
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EnterCriticalSection
LeaveCriticalSection
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize

user32

wsprintfA

winspool.drv

EnumPrintersW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA
RegCloseKey

Exports

Exports

??0FoundDevice@@QAE@HPADH@Z
??0FoundDevice@@QAE@XZ
??1FoundDevice@@QAE@XZ
?Confirm@FoundDevice@@QAEHXZ
?CreateIter@FoundDevice@@QAEHXZ
?GetCurrentKey@FoundDevice@@QAEHPADI@Z
?GetCurrentKey@FoundDevice@@QAEHPAGI@Z
?GetDeviceType@FoundDevice@@QAEKXZ
?GetDiscoveryType@FoundDevice@@QAEKXZ
?GetInfo@FoundDevice@@QAEHPAD0I@Z
?GetInfo@FoundDevice@@QAEHPAG0I@Z
?GetLastError@FoundDevice@@QAEKXZ
?NextIter@FoundDevice@@QAEHXZ
?ToBuffer@FoundDevice@@QAEHPADHAAH@Z
HPD_EnumDevices
HPD_FreeDevices
HPD_FromGUIDA
HPD_FromGUIDW
HPD_FromHostNameA
HPD_FromHostNameW
HPD_FromIPA
HPD_FromIPW
HPD_FromMACA
HPD_FromMACW
HPD_SetNetworkTTL

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8cc9eb65e98d7b229eb04e9bbff7df28

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

winspool.drv

advapi32

Exports

Exports

Sections

.text Size: 135KB - Virtual size: 135KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 180KB - Virtual size: 188KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 135KB - Virtual size: 135KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 180KB - Virtual size: 188KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB