4ddcec12cc64cfca6e02c2a187bd3dc6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4ddcec12cc64cfca6e02c2a187bd3dc6_JaffaCakes118
Size

32KB
MD5

4ddcec12cc64cfca6e02c2a187bd3dc6
SHA1

a077c1e90d83c438dff4deed0a4ab02713e24f4b
SHA256

68295ab887099fb56dc3ffba13892c119f748d0deb26573dc7affe72db200370
SHA512

676b91c70b13a1cfa2064cd69546ed12eed01d379ecfee9aea705cb2c3e1f4c62af2d4ae3c10317e41784434d8fc913a97df26035aeaef0e506c707b7d6d3fa3
SSDEEP

384:iIk4gRiKLwrwit3cbv8UTOtdwfvssUS8HB4Lk9/v1S4flxhqKmvAhypXwbQaql:ZRgRixr9mO7wfvXp8hYkBtS4flJhyV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ddcec12cc64cfca6e02c2a187bd3dc6_JaffaCakes118

Files

4ddcec12cc64cfca6e02c2a187bd3dc6_JaffaCakes118
.dll windows:5 windows x86 arch:x86

3a0afb888ed182948d79f6f805e39094

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\VC5\release\kinject.dll.pdb

Imports

ntdll

RtlExitUserThread
ZwCreateIoCompletion
ZwSetInformationFile
RtlIpv4AddressToStringA
ZwProtectVirtualMemory
strchr
_stricmp
RtlImageDirectoryEntryToData
LdrGetDllHandle
strstr
wcslen
_wcsicmp
RtlEqualUnicodeString
RtlEqualString
LdrGetProcedureAddress
RtlImageNtHeader
memmove
ZwRemoveIoCompletion
ZwQueryInformationFile
swprintf
ZwWriteFile
RtlInitUnicodeString
ZwCreateFile
ZwQueryValueKey
ZwOpenKey
RtlFreeUnicodeString
sprintf
RtlStringFromGUID
ZwWaitForSingleObject
ZwReplyWaitReceivePortEx
ZwCreatePort
ZwQueryInformationProcess
RtlGetCurrentPeb
LdrUnloadDll
LdrAddRefDll
ZwRequestWaitReplyPort
ZwSetIoCompletion
_snprintf
RtlComputeCrc32
wcscmp
RtlLookupElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInsertElementGenericTableAvl
ZwTestAlert
ZwRenameKey
ZwSetSecurityObject
RtlAdjustPrivilege
ZwQueryInformationToken
ZwOpenProcessToken
ZwReadFile
strrchr
RtlUnwind
ZwRequestPort
memset
ZwClose
ZwOpenFile
strcpy
strlen
memcpy
strtoul
memcmp
strcmp
LdrFindEntryForAddress
NtQueryVirtualMemory

kernel32

InitializeCriticalSection
VirtualAlloc
CreateThread
VirtualFree
HeapAlloc
CreateProcessW
CreateFileW
GetTempPathW
WideCharToMultiByte
GetSystemTimeAsFileTime
HeapFree
GetProcessHeap
MultiByteToWideChar
DisableThreadLibraryCalls
GetModuleHandleW
TlsAlloc
GetProcAddress
GetCurrentThreadId
TlsSetValue
TlsGetValue
VirtualProtect
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection

user32

GetClassNameW
CallNextHookEx
SetWindowsHookExW
DrawTextExW
UnhookWindowsHookEx
DestroyWindow

ws2_32

WSAIoctl
closesocket
shutdown
WSASend
WSAGetLastError
WSARecv
WSAStartup
WSASocketW
gethostbyname
bind

ole32

CLSIDFromProgID
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

LoadTypeLibEx
SysFreeString
SysAllocStringLen
SysAllocString
VariantClear

rpcrt4

UuidCreateSequential

gdi32

ExtTextOutW
TextOutW

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a0afb888ed182948d79f6f805e39094

Headers

File Characteristics

PDB Paths

Imports

ntdll

kernel32

user32

ws2_32

ole32

oleaut32

rpcrt4

gdi32

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 940B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 940B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB