6fc41daf20ef1932da700e1ba87cab88_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6fc41daf20ef1932da700e1ba87cab88_JaffaCakes118
Size

45KB
MD5

6fc41daf20ef1932da700e1ba87cab88
SHA1

b41f87176842ca001453e2e396e4c4aaf6015a9d
SHA256

2c1174d204aecb65b4d57e7f81f766d4bac80a9da3b7d272e80679de224bb7b9
SHA512

984ff166278ff598334716bb9fe01a5120704aa170a9fd39b1c7f52c841ac319b3243479a24767ce7617d4912ab4335a392807d30c34d9c6886712bca7ff96f7
SSDEEP

768:cRmgKXW2sJcgaRXJtz79TwhOt6yi343U0vEXOAkZBhWyoFWjlAAFy:1gx2TgQLlTwhOEYUOEXMZjUFKGA0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fc41daf20ef1932da700e1ba87cab88_JaffaCakes118

Files

6fc41daf20ef1932da700e1ba87cab88_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a6e39269490198949810d8c829234207

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
ZwQueryInformationFile
ZwCreateFile
ZwWriteFile
strlen
swprintf
wcsrchr
_wcsicmp
ZwFsControlFile
ZwCreateSection
ZwMapViewOfSection
RtlAdjustPrivilege
ZwFlushVirtualMemory
ZwUnmapViewOfSection
ZwCreateSymbolicLinkObject
ZwLoadDriver
ZwSetSecurityObject
ZwReadFile
RtlRandom
strrchr
LdrFindResource_U
LdrAccessResource
ZwQueryInformationProcess
RtlCreateQueryDebugBuffer
ZwImpersonateThread
ZwOpenThread
ZwOpenProcess
ZwQuerySystemInformation
LdrFindEntryForAddress
RtlNtStatusToDosError
memset
wcslen
ZwSetValueKey
ZwCreateKey
wcstoul
RtlInitUnicodeString
RtlFreeUnicodeString
RtlStringFromGUID
ZwQueryKey
RtlComputeCrc32
sprintf
RtlIpv4AddressToStringA
ZwClose
ZwOpenKey
ZwQueryValueKey
RtlEqualUnicodeString
ZwSuspendThread
ZwQueryInformationThread
_stricmp
ZwResumeThread
ZwSetContextThread
ZwWriteVirtualMemory
ZwSetInformationFile
ZwDelayExecution
ZwWaitForSingleObject
ZwGetContextThread
RtlExitUserThread
RtlCreateUserThread
ZwOpenFile
ZwDuplicateObject
RtlDosPathNameToNtPathName_U
RtlImageNtHeader
memcpy
_allshr

kernel32

LoadLibraryW
Sleep
GetTickCount
FreeLibrary
GetProcAddress
GetVersion
GetModuleHandleW
HeapFree
GetProcessHeap
HeapAlloc
GetSystemTimeAsFileTime
GetLastError
BindIoCompletionCallback
ExitProcess
GetSystemDefaultLangID

advapi32

MD5Final
MD5Update
MD5Init

ws2_32

WSASend
WSARecv
WSAIoctl
bind
closesocket
WSAGetLastError
WSASocketW
WSACleanup
WSAStartup

rpcrt4

UuidCreateSequential

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6e39269490198949810d8c829234207

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

ws2_32

rpcrt4

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 444B

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 444B

.rsrc
Size: 2KB - Virtual size: 2KB