D:\WORKSPACE\HP\HZ_2.9.1\Trojan\Default\Release\Default.pdb
Behavioral task
behavioral1
Sample
f4077828c43a4152295f82c8a11ee043_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f4077828c43a4152295f82c8a11ee043_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
f4077828c43a4152295f82c8a11ee043_JaffaCakes118
-
Size
196KB
-
MD5
f4077828c43a4152295f82c8a11ee043
-
SHA1
f7f957ab233b7cd7366b2ef1e2886837fdc0d97a
-
SHA256
599aa97a88dec66247bc7c7fa56af9d40af02348b11d0145413c6a5bf81127bd
-
SHA512
14259ed7d41e2ab0ac42e9479805fb5d8960ba6b5d18e01656bc21b6e2a63b60e63c7aba2285926839b3c93ede541c0e63dbbc27e366361764a62dbb18c8069a
-
SSDEEP
6144:lE9EklNwA7VKtS/xHoBvvV0uNe8/AO3uAM6:lEtlNt7VKtS/JuNe0ZM
Malware Config
Signatures
-
Detects HZRAT backdoor 1 IoCs
Processes:
resource yara_rule sample family_hzrat -
Hzrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource f4077828c43a4152295f82c8a11ee043_JaffaCakes118
Files
-
f4077828c43a4152295f82c8a11ee043_JaffaCakes118.exe windows:6 windows x86 arch:x86
8b042aa0ae3dfdc8dcc3b88b045b42cd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
ReadFile
WriteFile
CreatePipe
CreateMutexW
WaitForSingleObject
Sleep
GetTempPathA
GetLastError
CreateFileA
CloseHandle
GetFileSize
CreateProcessA
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ReadConsoleW
LocalFree
FormatMessageA
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
SetLastError
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapFree
HeapAlloc
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
WriteConsoleW
ws2_32
closesocket
ntohl
inet_pton
WSAStartup
send
WSACleanup
connect
recv
htonl
inet_ntop
htons
socket
Sections
.text Size: 125KB - Virtual size: 124KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ