r77 | d6a0cc984e26284450ad55e61a1fd0ac_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d6a0cc984e26284450ad55e61a1fd0ac_JaffaCakes118
Size

126KB
MD5

d6a0cc984e26284450ad55e61a1fd0ac
SHA1

f594d19c789ef7e629b1b68e4dd59662d09f4a80
SHA256

eebcf041df3295f6419e7df674c214bb8bb6a5a172fe2595e8253fdb8d5a687b
SHA512

329e5c2b001b2ec4685df7dd7c3414976c09fa33e099091e7b18a2598cef6b71723255822d1e2da46d276aabce5acd35ff56a987a330dc8a8889309a389c1c00
SSDEEP

3072:taqYCX37kvgdR4+5wrdtEo5YAEMOO/wI:tJbkYdRJ+rIo5ZOOYI

Score

10^/10

r77

Malware Config

Signatures

R77 family
r77

r77 rootkit payload 1 IoCs

Detects the payload of the r77 rootkit.

resource	yara_rule
sample	r77_payload

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6a0cc984e26284450ad55e61a1fd0ac_JaffaCakes118

Files

d6a0cc984e26284450ad55e61a1fd0ac_JaffaCakes118
.dll windows:6 windows x64 arch:x64

9e6b666c04c72594e8524ee9a348ffeb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Twent\Desktop\CheatEvolution\New folder\DeceitInternal - Copy\D3D11Hook\x64\Release\CumOnMeDaddy.pdb

Imports

kernel32

GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Sleep
DisableThreadLibraryCalls
Process32Next
CloseHandle
CreateThread
ReadProcessMemory
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
LoadLibraryA
GetProcAddress
DeleteCriticalSection
FreeLibrary
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
HeapFree
GetCurrentProcess
Thread32Next
Module32First
GetCurrentThreadId
SuspendThread
ResumeThread
HeapReAlloc
HeapAlloc
HeapDestroy
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
OpenThread
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Module32Next
GetModuleFileNameA
VirtualProtect
WriteProcessMemory
lstrcmpA
Process32First
Thread32First

user32

GetWindowThreadProcessId
MessageBoxA
CreateWindowExA
GetWindowLongPtrA
FindWindowA
RegisterClassExA
DefWindowProcA
FillRect
SetRect
GetAsyncKeyState

gdi32

DeleteObject
CreateSolidBrush
GetObjectA
GetCurrentObject

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

d3dcompiler_47

D3DCompile

d3d11

D3D11CreateDeviceAndSwapChain

vcruntime140

__std_type_info_destroy_list
memmove
memcpy
__CxxFrameHandler3
__std_terminate
_CxxThrowException
__std_exception_destroy
_purecall
__std_exception_copy
__C_specific_handler
memset

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vswprintf

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-math-l1-1-0

floorf
sqrtf
ceilf

Exports

Exports

FW1CreateFactory

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e6b666c04c72594e8524ee9a348ffeb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msvcp140

d3dcompiler_47

d3d11

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 672B

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 672B