D:\WORKSPACE\HZ_2.8.2\hp_client_win\Trojan\x64\Release\Trojan.pdb
Behavioral task
behavioral1
Sample
1ec43bed99eecb12133e0131f12bbb36_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
1ec43bed99eecb12133e0131f12bbb36_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
1ec43bed99eecb12133e0131f12bbb36_JaffaCakes118
-
Size
359KB
-
MD5
1ec43bed99eecb12133e0131f12bbb36
-
SHA1
10f8c9f0e7085c22f9b7c859d328f97cb2f22960
-
SHA256
9620ab858b2e6af24afa4b15bef3d1c97ec62a27d98d5d9de5ac5ae2328170b2
-
SHA512
cfe727ec71fd52d827359a236e7128000c991fddd84627196424fe93fc516c6f65c0335e9feba3f3ee703283fd030a5549a508d8793162e8d01423b4c48e3e92
-
SSDEEP
6144:jhxeGMi7lMCSHT7gU2rzbYgGrObcBPOx+oht2P7W:jvo7k3RGrOOOx+oT2K
Malware Config
Signatures
-
Detects HZRAT backdoor 1 IoCs
Processes:
resource yara_rule sample family_hzrat -
Hzrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1ec43bed99eecb12133e0131f12bbb36_JaffaCakes118
Files
-
1ec43bed99eecb12133e0131f12bbb36_JaffaCakes118.exe windows:6 windows x64 arch:x64
0f7a143a9832dc2cdfd42c6c79b892ca
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
WideCharToMultiByte
WriteConsoleW
CloseHandle
HeapSize
SetStdHandle
Process32Next
CreateToolhelp32Snapshot
GetModuleHandleA
FindClose
Process32First
GetProcAddress
LoadLibraryA
GetLastError
CreateFileW
Sleep
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
MultiByteToWideChar
LocalFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
RtlUnwind
user32
GetWindowDC
GetWindowRect
GetDesktopWindow
gdi32
BitBlt
SaveDC
SelectObject
CreateDIBSection
CreateCompatibleDC
GetDeviceCaps
DeleteDC
RestoreDC
DeleteObject
ole32
CoCreateInstance
CreateStreamOnHGlobal
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
oleaut32
VariantClear
SysAllocString
SysFreeString
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayGetUBound
gdiplus
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipFree
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipDisposeImage
GdipGetImageEncodersSize
GdipCloneImage
Sections
.text Size: 241KB - Virtual size: 240KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 91KB - Virtual size: 91KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ