aef8aafb5952a772b36b398bc59d8f0e_JaffaCakes118

General

Target

aef8aafb5952a772b36b398bc59d8f0e_JaffaCakes118
Size

144KB
MD5

aef8aafb5952a772b36b398bc59d8f0e
SHA1

776b0e14404d921e2845e89cba364e1928db9912
SHA256

21606dcb643873df8983b70d857ba0bbe5d2cbebfc38a326eb12e03d989e85b8
SHA512

ef91c3797b612f261f5883ce57d7868833799969e65afc8e4790d0845a884f207bc43e8153ac2f908e745c761927591e25cfcd1a146e516705c6f7534d7cc25d
SSDEEP

3072:v2yLHZOR0Y/GYLun8G0rZjE2rjdjR3eQmXA9SLMNsaONn/rxCjGD:FLHZOR098vG0pE2rjaQmX6SN1NTEjGD

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8c213b3707b0b042d769fdf543c6e8bd7c127cea6a9bc989eaf241a1505d1ed9
unpack001/f65fa71e8ffe11bb6e7c6c84c3d365f4fe729e1e9c38cb4f073d2b65058465fa

Files

aef8aafb5952a772b36b398bc59d8f0e_JaffaCakes118
.zip

Password: infected
8c213b3707b0b042d769fdf543c6e8bd7c127cea6a9bc989eaf241a1505d1ed9
.sys windows:5 windows x86 arch:x86

da7d20c6c2580de4f760d36400684804

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeUnicodeString
ZwClose
ZwReadFile
ZwSetInformationFile
ZwOpenFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ExFreePoolWithTag
ExAllocatePoolWithTag
KeServiceDescriptorTable
PsGetVersion
wcscat
wcscpy
swprintf
MmIsAddressValid
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwCreateFile
wcslen
KeUnstackDetachProcess
KeStackAttachProcess
RtlCompareMemory
_except_handler3
ZwAdjustPrivilegesToken
ZwOpenProcessToken
ZwOpenThreadToken
ZwOpenProcess
ObReferenceObjectByHandle
ZwDuplicateToken
ZwOpenProcessTokenEx
KeDelayExecutionThread
_stricmp
IoGetCurrentProcess
ObfDereferenceObject
ObOpenObjectByPointer
ZwQueryInformationProcess
ObReferenceObjectByName
IoDriverObjectType
IoGetDeviceObjectPointer
wcscmp
_allmul
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
ZwQueryDirectoryFile
ZwQuerySystemInformation
ZwEnumerateValueKey
ZwEnumerateKey
ZwWriteFile
KeLeaveCriticalRegion
KeEnterCriticalRegion
PsCreateSystemThread
IoCreateDriver
ZwQueryInformationThread
ZwWaitForSingleObject
toupper
ZwFsControlFile
ZwDeviceIoControlFile
strrchr
RtlUnicodeStringToAnsiString
RtlUpcaseUnicodeString
ZwCreateSection
ZwSetValueKey
ZwNotifyChangeKey
ZwQueryValueKey
ZwOpenKey

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Shylock.comments
f65fa71e8ffe11bb6e7c6c84c3d365f4fe729e1e9c38cb4f073d2b65058465fa
.exe windows:4 windows x86 arch:x86

cc50c5d7bc74c5389450a5d946fe0b7b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
DeleteTimerQueue
VirtualAllocEx
LoadLibraryA
VirtualProtect
GetProcAddress
GetModuleHandleA
FindFirstFileA
GetLastError
HeapSize
ResetEvent
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetCPInfo
GetOEMCP
GetACP
HeapReAlloc
ExitProcess
GetStartupInfoA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapFree
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
RtlUnwind
InterlockedExchange
VirtualQuery
HeapAlloc
GetSystemInfo

user32

LoadIconA
DestroyWindow
GetSysColorBrush
GetLastActivePopup

shell32

ShellAboutA

psapi

GetModuleBaseNameA

winmm

waveInGetDevCapsA

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

da7d20c6c2580de4f760d36400684804

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 22KB - Virtual size: 22KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

cc50c5d7bc74c5389450a5d946fe0b7b

Headers

File Characteristics

Imports

kernel32

user32

shell32

psapi

winmm

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 128KB - Virtual size: 124KB

.data Size: 32KB - Virtual size: 31KB

.rsrc Size: 88KB - Virtual size: 85KB

.text
Size: 22KB - Virtual size: 22KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 128KB - Virtual size: 124KB

.data
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 88KB - Virtual size: 85KB