1846e522755f3358c2cfb62d3680e9c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1846e522755f3358c2cfb62d3680e9c5_JaffaCakes118
Size

266KB
MD5

1846e522755f3358c2cfb62d3680e9c5
SHA1

02345f1252ce4d455f5c2f3b620649bccaebb67a
SHA256

b9c67714a8843fc9130edcde2d11e4e4932b6046d27b8b84fe044905a5068c73
SHA512

84c310ca24e4c0bcece303e4676ed75be272a98909f97a84f1d4eda67204e32c5877c1280659e4ed181f178abc0b5f66069ecbe2eed78d16a5a6e0bdc1835d64
SSDEEP

6144:XfgFVvrcVbcrnIXMI5qDj2lzQNrxEuJEIioFS//:XfOcV46X5q/2qTxtiK0/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1846e522755f3358c2cfb62d3680e9c5_JaffaCakes118

Files

1846e522755f3358c2cfb62d3680e9c5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9017d47f4082c4c7406502e4e1f64efe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlExpandEnvironmentStrings_U
RtlDuplicateUnicodeString
ZwCreateKey
ZwSetValueKey
RtlIpv4AddressToStringExW
ZwSetInformationThread
RtlTimeToTimeFields
RtlComputeCrc32
RtlTimeToSecondsSince1970
memset
RtlNtStatusToDosError
LdrFindEntryForAddress
ZwDuplicateObject
RtlFreeUnicodeString
ZwWaitForSingleObject
RtlFormatCurrentUserKeyPath
ZwSetInformationFile
RtlExitUserThread
ZwWriteVirtualMemory
ZwTerminateThread
ZwResumeThread
RtlIpv4StringToAddressExA
RtlIpv4StringToAddressW
ZwEnumerateKey
RtlIpv4AddressToStringA
RtlIpv4StringToAddressA
ZwQueryVolumeInformationFile
RtlDosPathNameToNtPathName_U
ZwWriteFile
ZwCreateFile
wcscpy
wcscat
wcslen
RtlPrefixUnicodeString
RtlGetCurrentPeb
DbgPrint
sprintf
strcpy
strlen
strchr
strtoul
memcmp
RtlStringFromGUID
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlRemoveVectoredExceptionHandler
LdrUnloadDll
LdrLoadDll
ZwMapViewOfSection
ZwCreateSection
RtlAddVectoredExceptionHandler
ZwSetContextThread
RtlGetFrame
RtlPopFrame
RtlPushFrame
strcmp
RtlImageNtHeader
ZwQueryInformationToken
ZwOpenProcessToken
RtlAdjustPrivilege
ZwQueryInformationProcess
swprintf
ZwOpenFile
ZwOpenEvent
RtlRandom
ZwAllocateLocallyUniqueId
ZwDelayExecution
RtlInitUnicodeString
ZwGetContextThread
memcpy
_allshr

kernel32

GetTickCount
Sleep
CreateThread
CreateProcessW
GetVersion
GetSystemTimeAsFileTime
BindIoCompletionCallback
GetLastError
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetModuleHandleW
ExitProcess
LocalFree
GetSystemDefaultLangID
LocalAlloc

advapi32

MD5Final
MD5Update
MD5Init

shell32

ShellExecuteExW

cabinet

ord20
ord23
ord22

ws2_32

WSACleanup
WSAStartup
WSASocketW
WSAGetLastError
closesocket
bind
WSAIoctl
WSARecv
WSASend
setsockopt
WSASendTo
WSARecvFrom

crypt32

CryptVerifyMessageSignature

Sections

.text
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9017d47f4082c4c7406502e4e1f64efe

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

shell32

cabinet

ws2_32

crypt32

Sections

.text Size: 259KB - Virtual size: 258KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 376B

.text
Size: 259KB - Virtual size: 258KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 376B