5ebd838a9f5ab4f1b99b638d6ca0435e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5ebd838a9f5ab4f1b99b638d6ca0435e_JaffaCakes118
Size

24KB
MD5

5ebd838a9f5ab4f1b99b638d6ca0435e
SHA1

c3efea8685690d1fa62243be5c6b1726cf067724
SHA256

d0a25d7a6abf7566dd4b9655514abd8551c69cc3f00707daf3058700d3ea9f39
SHA512

1c78545b84693317be89765d64c2f1603f13f176e663122c13b78366a19af4414140f907bc6d1838d6fadf0054bffc44db71a240080d2228b0868159a01e3020
SSDEEP

384:WYUTkOnc0mVsCexaCjwnLiSgjgWh5ZTmxTCP38inbsywh:WY7Oc0mtexatLiSgjn/qJpine

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ebd838a9f5ab4f1b99b638d6ca0435e_JaffaCakes118

Files

5ebd838a9f5ab4f1b99b638d6ca0435e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a9dc2b25c4347b89818d4a7851e95935

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlNtStatusToDosError
RtlIpv4AddressToStringExA
sprintf
ZwDeleteFile
ZwReadFile
ZwQueryInformationFile
ZwOpenFile
strtoul
ZwRequestPort
RtlTimeToSecondsSince1970
LdrAddRefDll
ZwReplyWaitReceivePort
ZwCreatePort
ZwRequestWaitReplyPort
memset
strlen
ZwOpenKey
ZwQueryValueKey
ZwQueryVolumeInformationFile
ZwSetValueKey
ZwCreateKey
RtlFreeUnicodeString
RtlStringFromGUID
ZwReleaseMutant
ZwWaitForSingleObject
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwOpenSection
ZwSetSecurityObject
ZwCreateMutant
LdrUnloadDll
strchr
memcpy
memcmp
ZwClose
ZwWriteFile
ZwCreateFile
swprintf
LdrAccessResource
LdrFindResource_U
wcslen
wcschr
RtlPrefixUnicodeString
RtlInitUnicodeString
RtlComputeCrc32
wcscmp
RtlGetCurrentPeb

kernel32

VirtualFree
FreeLibraryAndExitThread
LocalFree
LocalAlloc
GetLastError
BindIoCompletionCallback
GetVersion
GetSystemDefaultLangID
WideCharToMultiByte
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
GetProcAddress
LoadLibraryW
VirtualAlloc
CreateThread
MultiByteToWideChar

ws2_32

WSASend
WSARecv
WSAIoctl
listen
bind
getsockname
closesocket
WSAGetLastError
WSASocketW
gethostbyname

advapi32

CryptReleaseContext
CryptImportKey
MD5Final
MD5Update
MD5Init
CryptAcquireContextW
CryptDestroyHash
CryptVerifySignatureW
CryptHashData
CryptCreateHash

ole32

CLSIDFromProgID
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString
VariantClear
SysAllocString
LoadTypeLibEx

mswsock

AcceptEx

Exports

Exports

AcceptEx
GetAcceptExSockaddrs
NSPStartup
TransmitFile
WSPStartup
getnetbyname
inet_network

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9dc2b25c4347b89818d4a7851e95935

Headers

File Characteristics

Imports

ntdll

kernel32

ws2_32

advapi32

ole32

oleaut32

mswsock

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 360B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 360B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB