flawedgracerat | 110cf4b4140ca6cddf45392ce7f2db65_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

110cf4b4140ca6cddf45392ce7f2db65_JaffaCakes118
Size

1.0MB
MD5

110cf4b4140ca6cddf45392ce7f2db65
SHA1

a8e65203c0a0d69d379d7de58ae32bf72b359efa
SHA256

985f2b2a81e40e107bb25f026274d44f2bf123fd1ca142051f1c44f921c2a5e4
SHA512

eafc4ddc2e1f47a7ddbaf4d86e155a78dd139a7469651d09e95305c3815edecd28a3e3720c61816fe52dfc709903ea2849e3622af40130cdc6181ef9624f1458
SSDEEP

24576:LU0QINf+2jAnRmoXPADkRKgiBSFHS3oaJQV7zBd4YeQm/09rA:LU0QIx+pnrXPADkRKgvHxDpz0YeQWor

Score

10^/10

loader flawedgracerat

Malware Config

Signatures

FlawedGraceRat Loader 1 IoCs
Detects FlawedGraceRat x86 loader in memory.
loader

Processes:

resource yara_rule

sample flawgrace_loader_x86
Flawedgracerat family
flawedgracerat

resource	yara_rule
sample	flawgrace_loader_x86

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
110cf4b4140ca6cddf45392ce7f2db65_JaffaCakes118

Files

110cf4b4140ca6cddf45392ce7f2db65_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d634d6861f8f6c2edf2662b140a07e5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapFree
ExitThread
HeapAlloc
GetProcessHeap
GetProcAddress
LoadLibraryW
GetModuleHandleW
Wow64DisableWow64FsRedirection
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
WriteFile
FlushFileBuffers
CloseHandle
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
FindFirstFileExA
FindClose
DecodePointer
WriteConsoleW
FindNextFileA
HeapReAlloc
GetStringTypeW
GetFileType
GetStdHandle
GetACP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetLastError
LocalFree
RtlUnwind
InterlockedFlushSList
RaiseException
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA

oleaut32

VariantClear

Sections

.text
Size: 472KB - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d634d6861f8f6c2edf2662b140a07e5e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

Sections

.text Size: 472KB - Virtual size: 468KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 408KB - Virtual size: 404KB

.reloc Size: 72KB - Virtual size: 70KB

.text
Size: 472KB - Virtual size: 468KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 408KB - Virtual size: 404KB

.reloc
Size: 72KB - Virtual size: 70KB