JaffaCakes118_796094b4207050e77206e8bbe1c4f950

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_796094b4207050e77206e8bbe1c4f950
Size

428KB
MD5

796094b4207050e77206e8bbe1c4f950
SHA1

399d1ab2f85b5cd4e2561928cc931a01ea218af4
SHA256

6e2421522ac21d7db8a56e099db37f365e0c8cf216685994a1a80914031e437c
SHA512

a07f08c609dc3c01bf5d69096b1bb45ccc45756c8dca75931cb44bec499ed3ed4be9700ddedbe27e8009cb91f71a7561dd8a1efb786684c52b38b5a194e1cf0b
SSDEEP

6144:L8hddGKYbN+u8JWLUOKXR2R1PIWOokiv3bfz6twHt0ZkAKkUFe0rZlif/onqFHfY:ohdddJWL+CI1iP3N0ZtHUFe03iIqFHaZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_796094b4207050e77206e8bbe1c4f950

Files

JaffaCakes118_796094b4207050e77206e8bbe1c4f950
.dll windows:5 windows x86 arch:x86

95928f572075bdbc6d18acbe29ab0417

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\GarenaPlus\Working\im\FileSender\zeromq-2.2.0\lib\libzmq.pdb

Imports

ws2_32

WSAStartup
WSACleanup
getsockopt
ioctlsocket
connect
getsockname
setsockopt
recv
bind
closesocket
send
WSASocketA
listen
accept
select
__WSAFDIsSet
htonl
getaddrinfo
htons
socket
freeaddrinfo
WSAGetLastError

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

kernel32

Sleep
CloseHandle
GetSystemTimeAsFileTime
GetTickCount
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WaitForSingleObject
GetCurrentThreadId
InterlockedExchange
InterlockedCompareExchange
GetLastError
FormatMessageA
InterlockedExchangeAdd
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter

msvcr90

_unlink
_write
_close
_beginthreadex
memmove
realloc
memcpy
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
??_V@YAXPAX@Z
_read
?_open@@YAHPBDHH@Z
_lseeki64
_stat64i32
strrchr
atoi
_purecall
strerror
??2@YAPAXI@Z
_invalid_parameter_noinfo
_errno
malloc
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memmove_s
??3@YAXPAX@Z
fprintf
__iob_func
free
memset
_CxxThrowException
strchr
__CxxFrameHandler3

msvcp90

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?uncaught_exception@std@@YA_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Xlen@_String_base@std@@SAXXZ
?_Xran@_String_base@std@@SAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

Exports

Exports

zmq_bind
zmq_close
zmq_connect
zmq_device
zmq_errno
zmq_getsockopt
zmq_init
zmq_msg_close
zmq_msg_copy
zmq_msg_data
zmq_msg_init
zmq_msg_init_data
zmq_msg_init_size
zmq_msg_move
zmq_msg_size
zmq_poll
zmq_recv
zmq_send
zmq_setsockopt
zmq_sleep
zmq_socket
zmq_stopwatch_start
zmq_stopwatch_stop
zmq_strerror
zmq_term
zmq_version

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 279KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

95928f572075bdbc6d18acbe29ab0417

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

rpcrt4

kernel32

msvcr90

msvcp90

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 12KB - Virtual size: 11KB

.text Size: 279KB - Virtual size: 280KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 279KB - Virtual size: 280KB