886a702e986b3ebc53b4583fee8da7ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

886a702e986b3ebc53b4583fee8da7ff_JaffaCakes118
Size

149KB
MD5

886a702e986b3ebc53b4583fee8da7ff
SHA1

af3eb0ebf9d4860e21d6348f1d0040e6a667fdf5
SHA256

1584314eb3205c6347c5106bd193d5a500caef6cea4f275fd5e26b492b4c3853
SHA512

7ec5ca1700b2f38b9a8329f67eed10b722a7e9469ba62503d696734c1fe36f5832cb3963844c2a9dae0e2ffaa56654ea2dd1dd7826203f4c7284eb0195041f5c
SSDEEP

3072:mDzUEd4pDuWCLHI82QAwMe+FHrCumQVhfxUF9jfGRd5xt6uM:6zUS4pqWCTyQEHZ+ohf6bf+d5xm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
886a702e986b3ebc53b4583fee8da7ff_JaffaCakes118

Files

886a702e986b3ebc53b4583fee8da7ff_JaffaCakes118
.dll windows:4 windows x64 arch:x64

d09a63363676b64c51d1b7ee7b934855

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

ZwDeviceIoControlFile
LdrAddRefDll
ZwClose
ZwLoadDriver
RtlInitUnicodeString
_snwprintf
ZwCreateEvent
ZwRaiseHardError
ZwOpenFile
RtlTimeToSecondsSince1970
NtQuerySystemTime
ZwQueueApcThread
RtlAdjustPrivilege
memset
tolower
_snprintf
vsprintf
strlen
strcmp
strcpy
memcpy

ws2_32

WSAStartup

kernel32

FreeLibrary
LoadLibraryA
GetVersionExA
LocalAlloc
GetWindowsDirectoryW
Sleep
CreateMutexA
GetModuleFileNameA
MoveFileExA
DeleteFileA
GetModuleHandleW
GetSystemTimeAsFileTime
CreateFileA
VirtualQuery
SystemTimeToFileTime
GetCurrentProcess
Process32First
VirtualFree
OpenProcess
MultiByteToWideChar
GetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
Process32Next
GetModuleHandleA
CreateToolhelp32Snapshot
RaiseException
CloseHandle
GetCurrentProcessId
GetTempPathA
CreateThread
SetFilePointer
WriteFile
GetSystemTime
Thread32First
Thread32Next
OpenThread
OpenMutexA

advapi32

GetTokenInformation
DuplicateToken
PrivilegeCheck
OpenProcessToken
LookupPrivilegeValueA

ole32

CoInitialize
CoCreateGuid

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.j00
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i00
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.q00
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.w00
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.z00
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.m00
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.r00
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d09a63363676b64c51d1b7ee7b934855

Headers

File Characteristics

Imports

ntdll

ws2_32

kernel32

advapi32

ole32

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 696B

.pdata Size: 512B - Virtual size: 408B

.j00 Size: 21KB - Virtual size: 21KB

.i00 Size: 24KB - Virtual size: 24KB

.q00 Size: 1KB - Virtual size: 1KB

.w00 Size: 3KB - Virtual size: 3KB

.z00 Size: 4KB - Virtual size: 3KB

.m00 Size: 56KB - Virtual size: 56KB

.r00 Size: 17KB - Virtual size: 17KB

.reloc Size: 512B - Virtual size: 192B

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 696B

.pdata
Size: 512B - Virtual size: 408B

.j00
Size: 21KB - Virtual size: 21KB

.i00
Size: 24KB - Virtual size: 24KB

.q00
Size: 1KB - Virtual size: 1KB

.w00
Size: 3KB - Virtual size: 3KB

.z00
Size: 4KB - Virtual size: 3KB

.m00
Size: 56KB - Virtual size: 56KB

.r00
Size: 17KB - Virtual size: 17KB

.reloc
Size: 512B - Virtual size: 192B