6fa1c5c195798562e40c1e7721cb49cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6fa1c5c195798562e40c1e7721cb49cd_JaffaCakes118
Size

247KB
MD5

6fa1c5c195798562e40c1e7721cb49cd
SHA1

76c1cd04e16cea11c4a032a06d4dff78bc54af13
SHA256

0412b889a021bad175da9879d9bdc1c62ab49b0ce5f0fc9486a36cf064f8e024
SHA512

d42c6ccfac6841062a6c6b84c084448739ca76b876123a2077c162ff50ad4b35b5243fb7b4a0a7e603229ea312077b8ed31f514bcc0f95f76cd16371614350f3
SSDEEP

6144:LYrMGKGKuPluqXWNa6cI05vHX/xuBecKvu+JW+N:LEBI05vpuBexu+J5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fa1c5c195798562e40c1e7721cb49cd_JaffaCakes118

Files

6fa1c5c195798562e40c1e7721cb49cd_JaffaCakes118
.dll windows:6 windows x86 arch:x86

d80ca35ce48674c12ed4b10d1e457406

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ExtendedTools.pdb

Imports

processhacker.exe

PhFindLastCharInStringRef
PhCreateSimpleHashtable
_PhReferenceProcessRecord@4
PhFreeToFreeList
PhGetFileName
_PhReferenceProcessItem@4
PhCreateObject
_PhDereferenceProcessRecord@4
PhInitializeFreeList
PhfAcquireQueuedLockShared
PhAllocateFromFreeList
_PhGetGeneralCallback@4
PhInvokeCallback
PhAddEntryHashtableEx
PhEqualStringRef
PhCreateObjectType
PhfReleaseQueuedLockShared
PhHashStringRef
PhGetOwnTokenAttributes
PhDelayExecution
_PhGetWindowsVersion@0
PhIsExecutingInWow64
PhAppendStringBuilder2
PhInitializeWorkQueue
PhEnumProcesses
PhDnsQuery
PhGetSidFullName
PhHashBytes
PhFinalStringBuilderString
PhQueueItemWorkQueue
PhGetBaseName
PhGetProcedureAddress
PhFindProcessInformationByImageName
PhAppendFormatStringBuilder
PhDnsFree
PhInitializeStringBuilder
PhDnsQuery2
PhQuerySystemTime
PhFormatDateTime
_PhInitializeTreeNewColumnMenuEx@8
PhAddItemsList
PhInsertItemList
PhDoesFileExists
PhLargeIntegerToLocalSystemTime
PhFormatUInt64
_PhCopyListView@4
PhRemoveWindowContext
PhLayoutManagerLayout
_PhGetListViewContextMenuPoint@8
PhCenterWindow
PhInitializeAutoPool
PhFormatString_V
PhAddLayoutItem
PhDrainAutoPool
_PhSetApplicationWindowIcon@4
PhGetWindowContext
PhUnregisterCallback
PhDeleteAutoPool
PhAddListViewGroupItem
PhAddListViewColumn
PhSetListViewSubItem
PhDeleteLayoutManager
PhInitializeLayoutManager
PhFormatSize
PhAddListViewGroup
_PhInsertCopyListViewEMenuItem@12
PhSetWindowContext
_PhHandleCopyListViewEMenuItem@4
PhGetSelectedListViewItemParams
_PhReferenceProcessRecordForStatistics@4
PhQueryRegistryUlong
PhInitializeCircularBuffer_FLOAT
PhFormatDate
PhQueryValueKey
PhInitializeCircularBuffer_ULONG64
PhGetModuleProcAddress
PhInitializeCircularBuffer_ULONG
PhQueryRegistryUlong64
_PhGetStatisticsTimeString@8
PhfResetEvent
PhInsertEMenuItem
PhSetGraphText
PhCopyCircularBuffer_FLOAT
PhfSetEvent
PhLoadWindowPlacementFromSetting
PhGraphStateGetDrawInfo
PhDeleteGraphState
_PhSiSetColorsGraphDrawInfo@12
PhInitializeGraphState
PhSaveWindowPlacementToSetting
PhfWaitForEvent
PhCreateThreadEx
_PhAddPropPageLayoutItem@16
_PhCreateProcessPropPageContextEx@16
_PhDoPropPageLayout@4
_PhAddProcessPropPage@8
PhGlobalDpi
_PhPropPageDlgProcHeader@24
PhDivideSinglesBySingle
_PhGetStatisticsTime@12
PhAppendStringBuilder
PhGetDrawInfoGraphBuffers
PhSetWindowText
_PhFindProcessRecord@8
PhRemoveStringBuilder
PhSetDialogItemText
PhAddLayoutItemEx
PhDrawTrayIconText
PhGenerateGuid
PhFormatGuid
PhStringToGuid
PhDrawGraphDirect
PhGetProcessUnloadedDlls
PhBufferToHexString
_PhPluginGetObjectExtension@12
_PhPluginAddTreeNewColumn@24
PhGetClassObject
_PhPluginEnableTreeNewNotify@8
_PhReferenceNetworkItem@16
_PhGetProcessInformationCache@0
PhFindProcessInformation
_PhSiSizeLabelYFunction@16
PhDeleteCircularBuffer_FLOAT
_PhGetPluginCallback@8
_PhRegisterPlugin@12
PhIndexOfEMenuItem
PhSetListViewItemParam
_PhPluginSetObjectExtension@20
PhDeleteCircularBuffer_ULONG
PhAddSettings
PhPrintTimeSpan
_PhPluginCreateEMenuItem@20
PhDeleteCircularBuffer_ULONG64
_PhCreateServiceListControl@12
PhShowStatus
_PhReferenceServiceItem@4
PhCreateSymbolProvider
PhCreateAlloc
PhEnumGenericModules
_PhLoadSymbolProviderOptions@4
PhGetSymbolFromAddress
PhOpenProcess
PhLoadModuleSymbolProvider
PhSetIntegerSetting
PhOpenThread
PhShowConfirmMessage
PhAddListViewItem
_PhHandleListViewNotifyForCopy@8
PhSaveListViewColumnsToSetting
PhLoadListViewColumnsFromSetting
PhSetExtendedListView
PhCopyStringZ
PhGetListViewItemText
PhFindListViewItemByParam
PhFindItemSimpleHashtable
PhGetGlobalWorkQueue
PhGetSelectedListViewItemParam
PhSystemBasicInformation
PhGetModuleFromAddress
PhAddItemSimpleHashtable
PhFormatToBuffer
PhCreateList
PhGetStatusMessage
PhCreateString
PhGetTreeNewText
_PhShowProcessRecordDialog@8
PhFormat
_PhInitializeTreeNewFilterSupport@12
PhSetControlTheme
PhFormatString
_PhFindProcessNode@4
PhSetIntegerPairSetting
PhCreateEMenuItem
PhRemoveEntryHashtable
_PhPluginInvokeWindowCallback@12
PhSetFlagsAllEMenuItems
_PhCmLoadSettings@8
PhAddItemArray
PhCompareStringRef
_PhDeleteTreeNewColumnMenu@4
PhFindEMenuItem
PhCreateEMenu
_PhGetPluginInformation@4
PhfWakeForReleaseQueuedLock
_PhHandleCopyCellEMenuItem@4
PhAddItemList
PhMainWndHandle
_PhReferenceProcessItemForRecord@4
PhShellExploreFile
PhInitializeWindowTheme
PhGetStringSetting
_PhHandleTreeNewColumnMenu@4
PhDoesFileExistsWin32
_PhInitializeTreeNewColumnMenu@4
PhInitializeArray
PhRemoveItemList
PhSetClipboardString
_PhAddTreeNewFilter@12
PhReferenceEmptyString
_PhApplyTreeNewFiltersToNode@8
PhShowMessage2
PhGetIntegerPairSetting
_PhGetProcessSmallImageList@0
_PhFindPlugin@4
PhSetStringSetting2
PhCreateStringEx
_PhApplyTreeNewFilters@4
PhFindItemList
_PhShellExecuteUserString@20
PhShowEMenu
PhAutoDereferenceObject
PhRegisterCallback
PhRemoveItemsArray
_PhSelectAndEnsureVisibleProcessNode@4
PhGetIntegerSetting
PhDestroyEMenu
_PhCmSaveSettings@4
PhReferenceObject
_PhInsertCopyCellEMenuItem@16
PhfAcquireQueuedLockExclusive
PhWriteStringAsUtf8FileStream
PhGetGenericTreeNewLines
PhShellProperties
PhDereferenceObject
PhWriteStringAsUtf8FileStream2
PhSetFlagsEMenuItem
PhAddEntryHashtable
PhfReleaseFastLockShared
PhAllocate
PhCountStringZ
PhfAcquireFastLockExclusive
PhStringToInteger64
PhfEndInitOnce
PhClearHashtable
PhCreateHashtable
PhSplitStringRefAtChar
PhCreateThread2
PhfAcquireFastLockShared
PhFree
PhEnumHashtable
PhfReleaseFastLockExclusive
PhfBeginInitOnce
PhShowMessage
PhFindEntryHashtable

ntdll

NtSetInformationProcess
NtQueryInformationProcess
RtlSecondsSince1970ToTime
NtCancelSynchronousIoFile
NtDuplicateObject
NtQueryInformationWorkerFactory
RtlSetBits
RtlInitializeBitMap
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlEqualSid
RtlLengthSid
RtlFirstEntrySList
RtlInterlockedFlushSList
NtQueryPerformanceCounter
RtlInitializeSListHead
RtlInterlockedPushEntrySList
NtWaitForSingleObject
NtCreateEvent
NtClose
RtlUnwind

kernel32

DecodePointer
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
LocalFree
LoadLibraryW
GetLastError
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
LCMapStringW

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d80ca35ce48674c12ed4b10d1e457406

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

processhacker.exe

ntdll

kernel32

Sections

.text Size: 165KB - Virtual size: 165KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 5KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 512B

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 15KB - Virtual size: 15KB

.data Size: 3KB - Virtual size: 3KB

.text
Size: 165KB - Virtual size: 165KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 5KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 512B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 15KB - Virtual size: 15KB

.data
Size: 3KB - Virtual size: 3KB