35b951ebaead04ee3557f11b40a5d7cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

35b951ebaead04ee3557f11b40a5d7cd_JaffaCakes118
Size

30KB
MD5

35b951ebaead04ee3557f11b40a5d7cd
SHA1

ac796e19a99404c35a3f6e811c3d6e148f0bd3a4
SHA256

db6cc949796762512b533e10a408c7c7767919c56e6f5e191d8249635c144146
SHA512

623e7aff32158187abb9389b37ec44e4289df1102b4a749b159e7791895b6059fc246b4b3c92daf12f01783f320fd84bc5be71c7009af7e7ac11fa730298ed0e
SSDEEP

768:MM2OIa7ABpd3LX7arZbZzpzKDONDnPqRJTH:oLYZtlzUvR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35b951ebaead04ee3557f11b40a5d7cd_JaffaCakes118

Files

35b951ebaead04ee3557f11b40a5d7cd_JaffaCakes118
.dll windows:5 windows x64 arch:x64

0b3f94f3700db2834287512334f6fdb2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

h:\VC5\x64\release\up2p.pdb

Imports

ntdll

ZwAdjustPrivilegesToken
ZwOpenThreadTokenEx
ZwImpersonateThread
ZwOpenThread
RtlNtStatusToDosError
RtlRandom
ZwCreateFile
RtlAdjustPrivilege
ZwWriteFile
RtlInitUnicodeString
swprintf
ZwSetInformationFile
ZwQueryInformationFile
ZwReadFile
strlen
ZwQuerySystemInformation
ZwDeviceIoControlFile
LdrAccessResource
LdrFindResource_U
RtlImageNtHeader
RtlAddressInSectionTable
RtlImageDirectoryEntryToData
LdrAddRefDll
ZwCreateEvent
ZwDelayExecution
ZwAllocateLocallyUniqueId
ZwAlertThread
LdrLoadDll
RtlCreateUserThread
ZwCreateSymbolicLinkObject
RtlSecondsSince1970ToTime
RtlTimeToSecondsSince1970
RtlUnicodeStringToInteger
RtlTimeToTimeFields
ZwQueryDirectoryFile
RtlComputeCrc32
memset
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
qsort
RtlIpv4AddressToStringA
ZwClose
ZwEnumerateKey
ZwOpenKey
RtlIpv4StringToAddressW
ZwQueryValueKey
memcpy
__chkstk

kernel32

DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
FreeLibraryAndExitThread
Sleep
LocalFree
LocalAlloc
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetLastError
BindIoCompletionCallback
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetTickCount

ws2_32

WSACleanup
WSAStartup
WSARecvFrom
WSASendTo
setsockopt
WSASend
WSARecv
WSAIoctl
listen
bind
closesocket
WSASocketW
WSAGetLastError

mswsock

AcceptEx

advapi32

CryptReleaseContext
CryptDestroyHash
CryptVerifySignatureW
CryptHashData
CryptCreateHash
CryptImportKey
CryptAcquireContextW
RegisterServiceCtrlHandlerExW
SetServiceStatus
CloseServiceHandle
QueryServiceStatus
ControlService
OpenServiceW
OpenSCManagerW
MD5Final
MD5Update
MD5Init

Exports

Exports

ServiceMain

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b3f94f3700db2834287512334f6fdb2

Headers

File Characteristics

PDB Paths

Imports

ntdll

kernel32

ws2_32

mswsock

advapi32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 184B

.reloc Size: 512B - Virtual size: 250B

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 184B

.reloc
Size: 512B - Virtual size: 250B