76067bce7e3362281c5b6ed372ba3913_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

76067bce7e3362281c5b6ed372ba3913_JaffaCakes118
Size

30KB
MD5

76067bce7e3362281c5b6ed372ba3913
SHA1

455410a82efb66fa27345babb90241ebcbb056d0
SHA256

2417eb885e99559b7d53c58a9c256ae7e4229a397c794e42293f6dcc03831cc0
SHA512

06959ea3746c6cd9f4f46be0b20987c0071dbfff2b8108e2630f2e989a73c86cfd65d56dc1cb274bf64402639f6f63d264541fb2c58b9c4942d644a84195f98f
SSDEEP

768:mrxx84f8iJjP2a/Xl5tdA8kWSDuYTuBYkN4Hb2pK:G0cb/lnFHy/yi7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76067bce7e3362281c5b6ed372ba3913_JaffaCakes118

Files

76067bce7e3362281c5b6ed372ba3913_JaffaCakes118
.dll windows:5 windows x64 arch:x64

fe40ff199bfb1584ea3d756b6998a4cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\vc5\x64\restricted\resident.pdb

Imports

ntdll

wcscat
strtoul
ZwClose
ZwSetInformationToken
ZwDuplicateToken
ZwOpenProcessToken
wcscpy
wcslen
RtlInitUnicodeString
RtlIpv4StringToAddressA
_wcsicmp
wcsrchr
ZwCreateFile
ZwWriteFile
RtlFreeUnicodeString
memcpy
sprintf
ZwQuerySystemInformation
ZwQueryValueKey
ZwOpenProcess
ZwQueryInformationToken
RtlEqualSid
ZwOpenKey
ZwOpenFile
ZwQueryVolumeInformationFile
RtlFormatCurrentUserKeyPath
swprintf
RtlComputeCrc32
RtlTimeToTimeFields
RtlNtStatusToDosError
memset
ZwSetLowEventPair
ZwWaitHighEventPair
ZwSetHighWaitLowEventPair
ZwCreateEventPair
memcmp
strlen
ZwCancelTimer
ZwTerminateThread
ZwWaitForSingleObject
ZwDelayExecution
ZwSetTimer
ZwCreateTimer
ZwAlertThread
ZwAdjustPrivilegesToken
wcscmp
ZwSetInformationFile
ZwQueueApcThread
ZwAllocateLocallyUniqueId
RtlEqualUnicodeString
ZwSetValueKey
LdrAccessResource
LdrFindResource_U
RtlTimeToSecondsSince1970
ZwCreateKey
RtlDuplicateUnicodeString
ZwQueryInformationProcess
RtlExpandEnvironmentStrings_U
__chkstk

kernel32

BindIoCompletionCallback
GetCurrentThreadId
Sleep
GlobalDeleteAtom
GlobalAddAtomW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetSystemTimeAsFileTime
GetLastError
GetSystemDefaultLangID
SwitchToThread
GetTickCount
CreateThread
IsDebuggerPresent
LoadLibraryW
LocalFree
LocalAlloc
GetVersion
WideCharToMultiByte
CreateProcessW

advapi32

MD5Init
MD5Update
MD5Final
CreateProcessAsUserW

ws2_32

WSARecvFrom
WSASendTo
setsockopt
WSASend
WSARecv
bind
closesocket
WSAGetLastError
WSASocketW
WSACleanup
WSAStartup
WSAIoctl

ole32

CoInitializeEx
CoCreateInstance
CLSIDFromProgID
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantClear
SysAllocStringLen
LoadTypeLibEx

user32

GetThreadDesktop
OpenDesktopW
GetWindowThreadProcessId
DefWindowProcW
SendMessageW
SetThreadDesktop
UnhookWinEvent
PackDDElParam
PostQuitMessage
SetWindowLongPtrW
GetWindowLongPtrW
PostMessageW
RegisterClassW
CreateWindowExW
SetWinEventHook
GetMessageW
FreeDDElParam
DispatchMessageW
CloseDesktop
UnpackDDElParam
UnregisterClassW
DestroyWindow

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 286B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe40ff199bfb1584ea3d756b6998a4cd

Headers

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

ws2_32

ole32

oleaut32

user32

userenv

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 1024B - Virtual size: 956B

.pdata Size: 1024B - Virtual size: 840B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 286B

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 1024B - Virtual size: 956B

.pdata
Size: 1024B - Virtual size: 840B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 286B