72b6aa6236b63e6d1e71b053fcae0081_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

72b6aa6236b63e6d1e71b053fcae0081_JaffaCakes118
Size

114KB
MD5

72b6aa6236b63e6d1e71b053fcae0081
SHA1

a509e3ad3797fad382646af5f624b2578f63e59a
SHA256

be59ea341e50bf3d3a63f58e441b851e7f14f21fcbb47fb44c51b9a951e617ee
SHA512

db20eddf0d89545020350d78f622c14eec0c1ca8400ca65c508b2273a617f2fce346fde59d40a297e354e20f2f98acb438b113f9b2efd8b2c5f35d34382193c6
SSDEEP

1536:zeoU/bZo6wjOgyqnVRJ/O/28+XO8jRSsjd+kvQIvTjtyfGuUD0lEVXb:zeNZe6gyqnV2/a1Bjd+cQ2TjtyhleXb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72b6aa6236b63e6d1e71b053fcae0081_JaffaCakes118

Files

72b6aa6236b63e6d1e71b053fcae0081_JaffaCakes118
.dll windows:5 windows x86 arch:x86

86f3c3cc013bbc37582074de6ceb8e91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_stricmp
ZwQueryInformationThread
ZwSuspendThread
RtlEqualUnicodeString
RtlCreateQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
strlen
swprintf
wcsrchr
_wcsicmp
ZwFsControlFile
ZwCreateSection
ZwMapViewOfSection
RtlImageNtHeader
RtlFreeUnicodeString
ZwUnmapViewOfSection
ZwCreateSymbolicLinkObject
ZwLoadDriver
ZwResumeThread
ZwQueryKey
ZwSetSecurityObject
ZwReadFile
ZwQueryInformationFile
RtlNtStatusToDosError
ZwCreateFile
ZwWriteFile
ZwQueryDirectoryFile
ZwSetInformationFile
wcslen
RtlTimeToSecondsSince1980
RtlStringFromGUID
LdrAccessResource
LdrFindResource_U
ZwQueryInformationProcess
RtlTimeToSecondsSince1970
ZwQueryVolumeInformationFile
ZwOpenFile
sprintf
RtlComputeCrc32
RtlTimeToTimeFields
ZwClose
ZwOpenKey
ZwQueryValueKey
memset
ZwDuplicateObject
ZwDelayExecution
ZwOpenEvent
ZwAlertThread
RtlAdjustPrivilege
ZwQuerySystemInformation
ZwAdjustPrivilegesToken
ZwOpenThreadTokenEx
ZwImpersonateThread
ZwOpenThread
ZwSetValueKey
RtlInitUnicodeString
strrchr
ZwCreateKey
ZwFlushVirtualMemory
memcpy
_allshr

kernel32

GetLastError
GetTickCount
GetSystemTimeAsFileTime
BindIoCompletionCallback
CreateThread
DisableThreadLibraryCalls
LocalFree
LocalAlloc
GetSystemDefaultLangID
GetVersion

advapi32

MD5Final
MD5Update
MD5Init

ws2_32

WSASend
WSARecv
WSAIoctl
bind
closesocket
WSAGetLastError
WSASocketW
WSAStartup
WSACleanup

Exports

Exports

AlphaBlend

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86f3c3cc013bbc37582074de6ceb8e91

Headers

File Characteristics

Imports

ntdll

kernel32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 724B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 724B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB