10466e54d920019d7a1b3bfeb0d7f143_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

10466e54d920019d7a1b3bfeb0d7f143_JaffaCakes118
Size

31KB
MD5

10466e54d920019d7a1b3bfeb0d7f143
SHA1

22329da9e2fdd5ce295dccee4b35d76ef9a1746f
SHA256

c13ee757fb1a069a0efc3957b6e7aa8ed35c37125d9a74e518e500f808246517
SHA512

f4273c6c1a27ce64997cc2dbc83bc72337c1df89b6c96f433b364d71f35e6f4c39182348b8598b5532bba3639e16b34f37200c4d012970732f62dff1d3609517
SSDEEP

768:epK8WyXvvmT9FKbLg1CmI8FgIC5z0/N2CI2:3y/mFCLbWFnC90Ir

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10466e54d920019d7a1b3bfeb0d7f143_JaffaCakes118

Files

10466e54d920019d7a1b3bfeb0d7f143_JaffaCakes118
.dll windows:5 windows x64 arch:x64

89b919453cd8f64359868a11cc8add3d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\vc5\x64\restricted\resident.pdb

Imports

ntdll

strtoul
ZwSetInformationToken
ZwDuplicateToken
ZwOpenProcessToken
ZwQueryInformationProcess
wcslen
RtlInitUnicodeString
RtlComputeCrc32
RtlIpv4AddressToStringA
ZwClose
ZwEnumerateKey
ZwOpenKey
RtlIpv4StringToAddressW
ZwQueryValueKey
RtlTimeToTimeFields
RtlNtStatusToDosError
wcscat
wcscpy
ZwCreateFile
memcpy
ZwWriteFile
RtlFreeUnicodeString
wcsrchr
sprintf
ZwQuerySystemInformation
ZwOpenProcess
ZwQueryInformationToken
RtlEqualSid
ZwOpenFile
_wcsicmp
memset
ZwSetLowEventPair
ZwWaitHighEventPair
ZwSetHighWaitLowEventPair
ZwCreateEventPair
ZwCancelTimer
ZwTerminateThread
ZwWaitForSingleObject
memcmp
strlen
ZwDelayExecution
ZwSetTimer
ZwCreateTimer
ZwAlertThread
ZwAdjustPrivilegesToken
wcscmp
ZwSetInformationFile
ZwQueueApcThread
ZwAllocateLocallyUniqueId
RtlEqualUnicodeString
ZwSetValueKey
LdrAccessResource
LdrFindResource_U
RtlTimeToSecondsSince1970
ZwCreateKey
RtlDuplicateUnicodeString
RtlExpandEnvironmentStrings_U
swprintf
RtlFormatCurrentUserKeyPath
RtlIpv4StringToAddressA
ZwQueryVolumeInformationFile
__chkstk

kernel32

SwitchToThread
GetCurrentThreadId
Sleep
GlobalDeleteAtom
GlobalAddAtomW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetSystemTimeAsFileTime
GetLastError
BindIoCompletionCallback
GetSystemDefaultLangID
GetTickCount
CreateThread
IsDebuggerPresent
LoadLibraryW
LocalFree
LocalAlloc
GetVersion
WideCharToMultiByte
CreateProcessW

advapi32

MD5Init
MD5Update
MD5Final
CreateProcessAsUserW

ws2_32

WSARecvFrom
WSASendTo
setsockopt
WSASend
WSARecv
WSAIoctl
closesocket
WSAGetLastError
WSASocketW
WSACleanup
WSAStartup
bind

ole32

CoInitializeEx
CoCreateInstance
CLSIDFromProgID
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantClear
SysAllocStringLen
LoadTypeLibEx

user32

GetThreadDesktop
OpenDesktopW
GetWindowThreadProcessId
DefWindowProcW
SendMessageW
SetThreadDesktop
UnhookWinEvent
PackDDElParam
PostQuitMessage
SetWindowLongPtrW
GetWindowLongPtrW
PostMessageW
RegisterClassW
CreateWindowExW
SetWinEventHook
GetMessageW
FreeDDElParam
DispatchMessageW
CloseDesktop
UnpackDDElParam
UnregisterClassW
DestroyWindow

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89b919453cd8f64359868a11cc8add3d

Headers

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

ws2_32

ole32

oleaut32

user32

userenv

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 1004B

.pdata Size: 1024B - Virtual size: 864B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 306B

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 1004B

.pdata
Size: 1024B - Virtual size: 864B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 306B