48cc50194093d0b44b9a4106bfc833da_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

48cc50194093d0b44b9a4106bfc833da_JaffaCakes118
Size

143KB
MD5

48cc50194093d0b44b9a4106bfc833da
SHA1

a2f44ab320874bfb07aa460c91b6c6ba969370a1
SHA256

c1ccc357f29ea257691c26227fe07339de9fb2041b0755901fc4894a6ff5b252
SHA512

b0c18e3ef9dec68f8cf126439bf52abb80cd0c7575a92a7bd6d9712df52be2ac94e0b221bce5415f64930dbdf6214e2252e288d0951fe1ebf2981cdfefb0ec67
SSDEEP

1536:cZeqwH7X4Xf15EjsQmfM+TV0PuRgQDe7JDPHYvNVNQnAGt0lkFpzpclGbF4UCHMi:cpUIXNWspnp0PuW9HiY0NlTnM+03la

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48cc50194093d0b44b9a4106bfc833da_JaffaCakes118

Files

48cc50194093d0b44b9a4106bfc833da_JaffaCakes118
.dll windows:4 windows x86 arch:x86

02149cd4662734620f87537c549414bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Work\Projects\VNC\release\VNCDLL.pdb

Imports

ntdll

NtQuerySystemInformation
RtlEqualUnicodeString
NtQueryInformationFile
NtQueryObject
RtlInitUnicodeString
memcpy
memcmp
NtGetContextThread
ZwQueryInformationProcess
NtResumeProcess
NtSetContextThread
NtSuspendProcess
_wcsnicmp
_strnicmp
_strupr
strcpy
NtMapViewOfSection
ZwClose
RtlNtStatusToDosError
memset
NtUnmapViewOfSection
NtCreateSection
_alldiv
_aulldiv
_allmul
_chkstk
RtlUnwind
NtQueryVirtualMemory

kernel32

ReleaseMutex
GetLocaleInfoW
VerLanguageNameW
GetProcessTimes
GetSystemTimeAsFileTime
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
Process32FirstW
CreateDirectoryW
SetFilePointerEx
SetEndOfFile
GetFileInformationByHandle
DeleteFileW
DuplicateHandle
CreateToolhelp32Snapshot
WriteFile
Sleep
GetThreadContext
GetModuleHandleA
ReadProcessMemory
HeapAlloc
CloseHandle
GetCurrentProcess
HeapFree
LocalFree
WriteProcessMemory
SuspendThread
ResumeThread
GetLastError
CreateThread
SwitchToThread
VirtualProtectEx
SetEvent
GetCurrentThreadId
HeapDestroy
HeapCreate
GetVersion
GetCurrentProcessId
CreateEventA
InitializeCriticalSection
lstrcpyA
LeaveCriticalSection
lstrcmpA
lstrlenA
EnterCriticalSection
VirtualProtect
LocalAlloc
lstrlenW
SetLastError
lstrcmpiA
lstrcmpiW
lstrcpyW
lstrcatA
lstrcmpW
MultiByteToWideChar
lstrcatW
ReadFile
SetFilePointer
GetProcAddress
VirtualAlloc
VirtualAllocEx
WaitForSingleObject
VirtualFree
OpenProcess
GetModuleFileNameA
CreateFileA
GetFileSize
Process32NextW
CreateMutexA
TerminateProcess
SetErrorMode
SetUnhandledExceptionFilter
WaitForMultipleObjects
DeleteCriticalSection
IsBadStringPtrA
FreeLibrary
InterlockedExchange
LoadLibraryA
RaiseException
GetVersionExA
RemoveDirectoryW
GetProcessId
GetSystemWindowsDirectoryA
SystemTimeToFileTime
GetTickCount
MulDiv
CreateFileMappingA
UnmapViewOfFile
OpenThread
GetSystemTime
HeapReAlloc
GetTempPathW
GetLongPathNameW
OpenEventA
lstrcpynW
GetEnvironmentVariableW
FindNextFileW
CreateFileW
FindFirstFileW
FindClose
OpenFileMappingA
MapViewOfFile
lstrcpynA

Exports

Exports

VncSrvWndProc
VncStartServer
VncStopServer

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02149cd4662734620f87537c549414bc

Headers

File Characteristics

PDB Paths

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 10KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 10KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 8KB