2cfa0b1c7ff49727a28c222fd524fc2c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2cfa0b1c7ff49727a28c222fd524fc2c_JaffaCakes118
Size

614KB
MD5

2cfa0b1c7ff49727a28c222fd524fc2c
SHA1

14c4229e706a37f1d109aa2f2db7c3a58bb7c145
SHA256

0776cf5a136b7f287806801be96d1419dd7a3fd8283d004cfad828008b11b052
SHA512

06fd4d466d0e6052447805f36a92bc5238d0da13076fefbbd2a4499c38cea0d03ff08543571b4bcb9fbd8be56ba83f296c8479f8b313f06ceea6888228db7431
SSDEEP

12288:WyKBV08HhefD63cNPPc1yZ1t0C5sbe4j+qML4F4qggi35stnTii:WXB7h2NPPcEZ1tabeCPML4Ogi6np

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cfa0b1c7ff49727a28c222fd524fc2c_JaffaCakes118

Files

2cfa0b1c7ff49727a28c222fd524fc2c_JaffaCakes118
.exe windows:5 windows x64 arch:x64

f12ba5bcdfeb896f7ea4f5c7c4e63f67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\vc5\x64\release\shell.pdb

Imports

ntdll

RtlComputeCrc32
ZwClose
ZwOpenProcess
ZwQueryInformationThread
ZwOpenThread
RtlEqualUnicodeString
LdrFindEntryForAddress
ZwQueueApcThread
ZwWriteVirtualMemory
ZwAllocateVirtualMemory
wcslen
RtlInitUnicodeString
RtlPrefixUnicodeString
RtlGetCurrentPeb
RtlNtStatusToDosError
memset
ZwResumeThread
wcscpy
wcscat
RtlIpv4StringToAddressExW
wcstoul
ZwQuerySystemInformation
__chkstk

kernel32

ExitProcess
GetLastError
BindIoCompletionCallback
Sleep
CreateProcessW
GetCommandLineW
LocalFree
LocalAlloc
GetVersion

ws2_32

setsockopt
WSASendTo
closesocket
WSAGetLastError
WSASocketW
WSAStartup
bind

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ