78ec40d752bd5c80b6a2cb5c22e8ba2c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

78ec40d752bd5c80b6a2cb5c22e8ba2c_JaffaCakes118
Size

283KB
MD5

78ec40d752bd5c80b6a2cb5c22e8ba2c
SHA1

bab6222ba672e1c1d27691b69731b265ff8f48b9
SHA256

5db409f6d26e91ff0b3f8cc570f31f6d19b4fc302ab5902166839bfd842d5492
SHA512

551e2e72bba8caa8079be7e1abff8bb1c71f0b7c126c83abf307f8173caac72d647a27f0e47b36565d34f34f59c60b65edf85c14727d8ba026a16eb49c72fc97
SSDEEP

6144:e9l9vjx3MtZ4KrllCHN2pBhWE6kdisuL2r55W1rda2:e1vjxUoApBhn+2vaP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78ec40d752bd5c80b6a2cb5c22e8ba2c_JaffaCakes118

Files

78ec40d752bd5c80b6a2cb5c22e8ba2c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9f2695d3d7c6cbe6eae511f693f95d03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlDuplicateUnicodeString
ZwCreateKey
ZwSetValueKey
RtlIpv4AddressToStringExW
ZwSetInformationThread
ZwQueryVolumeInformationFile
RtlTimeToTimeFields
RtlComputeCrc32
memset
RtlNtStatusToDosError
RtlIpv4StringToAddressW
ZwEnumerateKey
RtlFreeUnicodeString
RtlIpv4StringToAddressA
RtlExpandEnvironmentStrings_U
LdrFindEntryForAddress
ZwDuplicateObject
ZwGetContextThread
ZwWaitForSingleObject
ZwDelayExecution
ZwSetInformationFile
RtlExitUserThread
ZwWriteVirtualMemory
ZwTerminateThread
ZwResumeThread
RtlFormatCurrentUserKeyPath
RtlDosPathNameToNtPathName_U
ZwWriteFile
ZwCreateFile
wcscpy
wcscat
wcslen
RtlPrefixUnicodeString
RtlGetCurrentPeb
DbgPrint
sprintf
strcpy
strlen
strchr
strtoul
memcmp
RtlStringFromGUID
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlRemoveVectoredExceptionHandler
LdrUnloadDll
LdrLoadDll
ZwMapViewOfSection
ZwCreateSection
RtlAddVectoredExceptionHandler
ZwSetContextThread
RtlGetFrame
RtlPopFrame
RtlPushFrame
strcmp
RtlImageNtHeader
ZwQueryInformationToken
ZwOpenProcessToken
RtlAdjustPrivilege
ZwQueryInformationProcess
swprintf
ZwOpenFile
ZwOpenEvent
RtlRandom
ZwAllocateLocallyUniqueId
RtlIpv4StringToAddressExA
RtlInitUnicodeString
RtlIpv4AddressToStringA
memcpy
_allshr

kernel32

GetTickCount
Sleep
CreateThread
CreateProcessW
GetVersion
GetSystemTimeAsFileTime
BindIoCompletionCallback
GetLastError
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetModuleHandleW
ExitProcess
LocalFree
GetSystemDefaultLangID
LocalAlloc

advapi32

MD5Final
MD5Update
MD5Init

shell32

ShellExecuteExW

cabinet

ord20
ord23
ord22

ws2_32

WSACleanup
WSAStartup
WSASocketW
WSAGetLastError
closesocket
bind
WSAIoctl
WSARecv
WSASend
setsockopt
WSASendTo
WSARecvFrom

crypt32

CryptVerifyMessageSignature

Sections

.text
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9f2695d3d7c6cbe6eae511f693f95d03

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

shell32

cabinet

ws2_32

crypt32

Sections

.text Size: 276KB - Virtual size: 276KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 320B

.text
Size: 276KB - Virtual size: 276KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 320B