0fdef49b215120a60dac1cd61bf8ad12_JaffaCakes118 | Triage

Sharing

General

Target

0fdef49b215120a60dac1cd61bf8ad12_JaffaCakes118
Size

99KB
MD5

0fdef49b215120a60dac1cd61bf8ad12
SHA1

314c62c0b02c3e7a55a4244615ee091d481a67e7
SHA256

3d7affd5c7ade12daefce877f7ba942a3f2d3f48a150c8088c088bf1b66b40a8
SHA512

4eb694447f7ac0c8948a6664109608e7e9c5505c84ee823b8963eb49e44a1257688b954f9893250d6fce9d83880edfd3033da6ea902bfd9b381c9a735738af29
SSDEEP

768:2NLxR23TSHbF0P3JOr7Nn67/nIqw/c73xfLmqeWBcR8FHhCc+g:8LxkSHbWP3JOXd6Lna/W31KhcT+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fdef49b215120a60dac1cd61bf8ad12_JaffaCakes118

Files

0fdef49b215120a60dac1cd61bf8ad12_JaffaCakes118
.exe windows:6 windows x86 arch:x86

d690bed63d4263bcc7a12fd1d7f2876a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\user\Downloads\win-devel\workspace\malware\theZoo\malwares\Source\Original\X0R-USB_Jan2009\X0R-USB - Virus Version - Jan 2009\main-opt.pdb

Imports

kernel32

CreateThread
WaitForSingleObject
TerminateThread
lstrlenA
ExitProcess
GetProcAddress
LoadLibraryA
lstrcmpiA
CreateSemaphoreA
CloseHandle
ReleaseSemaphore
GetCurrentProcess

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

vcruntime140

memset

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ