729d48311514da1841da4d4f17b81f34_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

729d48311514da1841da4d4f17b81f34_JaffaCakes118
Size

39KB
MD5

729d48311514da1841da4d4f17b81f34
SHA1

21446c162e1c6a22030b8fd2053603e925ea1fcc
SHA256

0fb7c6ecf30d4812dc27916f5fe29cffd7a61625b7802ae34daf589c04a5f546
SHA512

97ca3af1ed1176b1e7130e8cf6e8710a977a951c9808123153c110f336b1377426b7cddbdbf4c43ad8ca9d9f09feb1fa6c1b9108003ccb2393040ed48b5efb4e
SSDEEP

384:/NqjkPHoJxWFSpKQVTqoJ6snPlRnpId3F94wKC/uVFjRiYs5:c+TFWK4eoJDeX9fH/kM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
729d48311514da1841da4d4f17b81f34_JaffaCakes118

Files

729d48311514da1841da4d4f17b81f34_JaffaCakes118
.dll windows:5 windows x86 arch:x86

cd4963e20fbfbb88d08d57f0113a1227

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

ZwQueryDirectoryFile
ZwSetInformationFile
ZwCreateFile
RtlInitUnicodeString
RtlFreeUnicodeString
ZwWaitForSingleObject
RtlComputeCrc32
ZwAllocateLocallyUniqueId
ZwCreateEvent
RtlDosPathNameToNtPathName_U
wcslen
ZwMakeTemporaryObject
ZwCreateSymbolicLinkObject
ZwDeviceIoControlFile
ZwUnmapViewOfSection
RtlTimeToTimeFields
ZwQueryEaFile
ZwSetEaFile
strcpy
ZwQueueApcThread
wcschr
LdrGetProcedureAddress
swprintf
LdrProcessRelocationBlock
RtlImageDirectoryEntryToData
RtlImageNtHeader
ZwClose
ZwQueryVolumeInformationFile
ZwOpenFile
ZwMapViewOfSection
ZwCreateSection
RtlExitUserThread
RtlUnicodeStringToInteger
RtlTimeToSecondsSince1970
memset
RtlAddressInSectionTable
ZwFlushVirtualMemory
RtlRandomEx
ZwReadFile
ZwQueryInformationFile
RtlSecondsSince1970ToTime
ZwWriteFile
RtlIpv4AddressToStringA
RtlTimeToSecondsSince1980
qsort
memcpy
ZwSetEvent
RtlNtStatusToDosError
RtlUnwind
NtQueryVirtualMemory

kernel32

VirtualAlloc
GetLastError
BindIoCompletionCallback
GetTickCount
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
QueueUserWorkItem
CreateThread
SwitchToThread
FreeLibrary
LoadLibraryW
LoadLibraryA
LocalFree
LocalAlloc
VirtualFree

advapi32

CryptGenRandom
CryptDestroyHash
CryptVerifySignatureW
CryptHashData
CryptCreateHash
CryptImportKey
CryptReleaseContext
MD5Init
CryptAcquireContextW
CloseServiceHandle
ControlService
OpenServiceW
OpenSCManagerW
MD5Final
MD5Update

mswsock

AcceptEx

ws2_32

WSASendTo
setsockopt
WSASend
WSARecv
WSAIoctl
listen
bind
closesocket
WSAGetLastError
WSASocketW
WSACleanup
WSAStartup
WSARecvFrom

user32

FindWindowW
PostMessageW

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd4963e20fbfbb88d08d57f0113a1227

Headers

File Characteristics

Imports

ntdll

kernel32

advapi32

mswsock

ws2_32

user32

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 812B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 812B

.reloc
Size: 1KB - Virtual size: 1KB