56ff57599575fcc10e54739314ff6b80_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

56ff57599575fcc10e54739314ff6b80_JaffaCakes118
Size

170KB
MD5

56ff57599575fcc10e54739314ff6b80
SHA1

63e45609d56ec54ea847e542e85f7704d825c5f1
SHA256

1649c38a4f9aaea8265b417eeca95e35cba95d9f7bfe908d7498872ab57d40b1
SHA512

f9feebe8ad06c13f48fe2b42cff1433396f57c4108660a6adda5cf98bea32bd4e551b5940a22bd09225fd23a3738c0a8d24b5f5d29360eee0c3da526fac8bf57
SSDEEP

1536:rM/kASdrxO764l8zvKm418Q7T3pagwub1hJSrm4V/YzI4pghtz4QhZM3j:rMsASdrMmXKDzoby1zkdV/YzJUt5hu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56ff57599575fcc10e54739314ff6b80_JaffaCakes118

Files

56ff57599575fcc10e54739314ff6b80_JaffaCakes118
.dll windows:4 windows x86 arch:x86

28340632e131d378ef084b38e6dbb36b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

install0.pdb

Imports

kernel32

TlsGetValue
TlsGetValue

msvcrt

malloc
free
strtod

winmm

timeGetTime

ws2_32

getprotobynumber
WSAGetOverlappedResult
WSASend
WSARemoveServiceClass
WSASocketW
WSACleanup
WSAAsyncGetHostByName
WSACloseEvent
htons
WSAEnumNetworkEvents
WSAAddressToStringW
gethostname
WSAInstallServiceClassA
WSANtohl
WSAGetServiceClassNameByClassIdW
getservbyname
WSALookupServiceBeginA
WSAInstallServiceClassW
WSAJoinLeaf
WSAGetQOSByName
closesocket
WSAAsyncGetHostByAddr
WSAGetServiceClassInfoW
getprotobyname
WSALookupServiceNextW

ntdsapi

DsWriteAccountSpnW
DsReplicaDelA
DsRemoveDsServerW
DsReplicaUpdateRefsW
DsCrackNamesW
DsListServersInSiteA
DsMapSchemaGuidsA
DsFreeSchemaGuidMapW
DsFreeNameResultW
DsBindWithCredW
DsServerRegisterSpnW
DsReplicaSyncAllA
DsReplicaDelW
DsListDomainsInSiteW
DsFreeDomainControllerInfoW
DsFreePasswordCredentials
DsGetDomainControllerInfoW
DsFreeSpnArrayA
DsReplicaSyncAllW
DsGetDomainControllerInfoA
DsReplicaConsistencyCheck

wininet

SetUrlCacheGroupAttributeA
InternetCheckConnectionW
InternetTimeFromSystemTimeA
InternetGetLastResponseInfoA
GopherGetAttributeA
ResumeSuspendedDownload
FindNextUrlCacheEntryExA
InternetReadFile
InternetOpenW
InternetClearAllPerSiteCookieDecisions
HttpSendRequestExW

rtm

RtmIsBestRoute
RtmGetEnumDests
RtmCreateRouteList
RtmLockNextHop
RtmIsMarkedForChangeNotification
RtmReleaseDestInfo
RtmGetEnumNextHops
RtmUpdateAndUnlockRoute
RtmGetNextHopInfo
RtmCreateRouteEnum
RtmReleaseRouteInfo
RtmReleaseChangedDests
RtmCreateDestEnum
RtmGetRoutePointer
RtmGetListEnumRoutes
RtmFindNextHop
RtmLockRoute
RtmGetRegisteredEntities
RtmIgnoreChangedDests
RtmBlockMethods
RtmGetChangeStatus

esent

JetRetrieveColumn
JetSetCurrentIndex4
JetCreateDatabase2
JetPrepareUpdate
JetEndSession
JetBeginTransaction
JetEscrowUpdate
JetSetIndexRange
JetDelete
JetRenameTable
JetResetSessionContext
JetOpenDatabase
JetSetColumns
JetAddColumn
JetDupSession
JetAttachDatabase
JetStopBackup
JetCloseTable
JetComputeStats
JetOpenTempTable2

Exports

Exports

ArcClipboardNavigate
DecryptCopyTableParameters
LeaveKernel
OemCertUNCServerValid
PolyDragCloseThreadTag
PrepareFloodAutoAs
SHFreeFree
ValidateWindowsPriority

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

H
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text/BA
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28340632e131d378ef084b38e6dbb36b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

winmm

ws2_32

ntdsapi

wininet

rtm

esent

Exports

Exports

Sections

.text Size: 82KB - Virtual size: 82KB

.data Size: 3KB - Virtual size: 7KB

H Size: 37KB - Virtual size: 37KB

.text/BA Size: 17KB - Virtual size: 16KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 82KB - Virtual size: 82KB

.data
Size: 3KB - Virtual size: 7KB

H
Size: 37KB - Virtual size: 37KB

.text/BA
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 512B - Virtual size: 4KB