ed7cf17f9d505f09c46cb61680d110ce_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ed7cf17f9d505f09c46cb61680d110ce_JaffaCakes118
Size

33KB
MD5

ed7cf17f9d505f09c46cb61680d110ce
SHA1

0b705c5ace7f23de86373bc3fef4b0694d8a2902
SHA256

ec3643cb028beb8a115fe50655cc344db870b0ff67e02724b1863b74680fb954
SHA512

3dea69779f148b926355f85999c2ab15b3f952672317af59970b17d7e9851541e09fc43048cc085f96ac13cd45d51f60a12d39f38dfdb832a1b44f9d14872343
SSDEEP

768:3RgGjeAlK6vhyOKqWe7hrSKGMS/lh2Nfct6LNin:3G2wsUth2+SNin

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed7cf17f9d505f09c46cb61680d110ce_JaffaCakes118

Files

ed7cf17f9d505f09c46cb61680d110ce_JaffaCakes118
.dll windows:5 windows x64 arch:x64

4c292f6aa5fe6384cd9100554b6c374d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

p:\vc5\x64\release\INBR64.pdb

Imports

ntdll

ZwCreateKey
ZwSetValueKey
ZwQueryVolumeInformationFile
wcscmp
RtlNtStatusToDosError
ZwCreateFile
sprintf
ZwDeleteFile
ZwReadFile
ZwQueryInformationFile
ZwOpenFile
RtlFreeUnicodeString
ZwRequestPort
LdrUnloadDll
LdrAddRefDll
ZwReplyWaitReceivePort
ZwCreatePort
ZwRequestWaitReplyPort
memset
ZwOpenKey
ZwQueryValueKey
RtlStringFromGUID
RtlIpv4AddressToStringExA
ZwMapViewOfSection
ZwOpenSection
ZwOpenEvent
ZwUnmapViewOfSection
ZwSetEvent
ZwWaitForSingleObject
strchr
strlen
RtlComputeCrc32
RtlTimeToTimeFields
strtoul
memcpy
memcmp
swprintf
LdrAccessResource
LdrFindResource_U
wcslen
wcschr
RtlPrefixUnicodeString
RtlGetCurrentPeb
ZwSuspendThread
ZwRaiseHardError
wcscpy
RtlInitUnicodeString
_wcslwr
wcsstr
ZwQueryVirtualMemory
ZwClose
ZwWriteFile
RtlTimeToSecondsSince1970
__chkstk

kernel32

DisableThreadLibraryCalls
GetProcAddress
LoadLibraryW
VirtualAlloc
CreateThread
FreeLibraryAndExitThread
MultiByteToWideChar
GetSystemTimeAsFileTime
LocalFree
LocalAlloc
GetLastError
BindIoCompletionCallback
GetSystemDefaultLangID
GetVersion
WideCharToMultiByte
VirtualFree

ws2_32

WSASend
WSARecv
WSAIoctl
listen
bind
getsockname
closesocket
WSAGetLastError
WSASocketW
gethostbyname
WSAStartup

advapi32

MD5Final
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureW
CryptDestroyHash
CryptReleaseContext
MD5Init
CryptAcquireContextW
MD5Update

ole32

CLSIDFromProgID
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString
LoadTypeLibEx
SysAllocString
SysAllocStringLen

mswsock

AcceptEx

Exports

Exports

AcceptEx
GetAcceptExSockaddrs
NSPStartup
TransmitFile
WSPStartup
getnetbyname
inet_network

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c292f6aa5fe6384cd9100554b6c374d

Headers

File Characteristics

PDB Paths

Imports

ntdll

kernel32

ws2_32

advapi32

ole32

oleaut32

mswsock

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 576B

.pdata Size: 1024B - Virtual size: 888B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 300B

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 576B

.pdata
Size: 1024B - Virtual size: 888B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 300B