93f04d29a101e227aa169fe0e0fe6647_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

93f04d29a101e227aa169fe0e0fe6647_JaffaCakes118
Size

114KB
MD5

93f04d29a101e227aa169fe0e0fe6647
SHA1

e6f25f90c972ccd68bf56bf9d06774197c1601c1
SHA256

4793fa08a7116b76351a589cfc655c56fa73f6a2dd1d226ecbae2a6f8b6bbb80
SHA512

1f776a42e52fe39e7ac4c83ae1c56436d85e3693bd23eeb2fd208f1df146404db0387bee125acfdd2fa622736e4c8041c91e08cfddcdd2552c3ed3b2e1b9ee41
SSDEEP

3072:+Gwgb9pSxXjcJbMOV07RFOTCVBqr8JgebXu9KgyBDgc:R9oNjcJwOooTCV3gMdUc

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/strace_Fuzen/Bin/strace.exe
unpack001/strace_Fuzen/Bin/strace.sys

Files

93f04d29a101e227aa169fe0e0fe6647_JaffaCakes118
.zip
strace_Fuzen/Bin/strace.exe
.exe windows:4 windows x86 arch:x86

b0cbe3fa986c711aae26803ada0464fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
LocalFree
GetProcAddress
DeviceIoControl
GetCurrentDirectoryA
GetLastError
GetVersion
CreateFileA
GetSystemDirectoryA
LoadLibraryA
GetStartupInfoA
VirtualAlloc
HeapReAlloc
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
CloseHandle
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
FlushFileBuffers
MultiByteToWideChar
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
GetCPInfo
LCMapStringA
SetFilePointer
SetStdHandle
LCMapStringW

user32

wsprintfA

advapi32

OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenSCManagerA

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
strace_Fuzen/Bin/strace.sys
.sys windows:5 windows x86 arch:x86

a3e2977e7f867ca569ea768cb0b8e18c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
IoGetCurrentProcess
PsGetCurrentProcessId
KeServiceDescriptorTable
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
strncmp
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ExAllocatePoolWithTag
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320B - Virtual size: 290B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 416B - Virtual size: 416B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 192B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
strace_Fuzen/Exe/Exe.bbs
strace_Fuzen/Exe/Exe.dsp
strace_Fuzen/Exe/Exe.dsw
strace_Fuzen/Exe/Exe.ncb
strace_Fuzen/Exe/Exe.opt
strace_Fuzen/Exe/Exe.plg
.html
strace_Fuzen/Exe/Instdrv.cpp
strace_Fuzen/Exe/Instdrv.h
strace_Fuzen/Exe/strace.c
strace_Fuzen/Exe/strace.cpp
strace_Fuzen/README
strace_Fuzen/Sys/MAKEFILE
strace_Fuzen/Sys/SOURCES
strace_Fuzen/Sys/basic.c
strace_Fuzen/Sys/buildfre.log
strace_Fuzen/Sys/buildfre.wrn
strace_Fuzen/Sys/i386/strace.pdb
strace_Fuzen/Sys/ioctlcmd.h
strace_Fuzen/Sys/obj/_objects.mac
strace_Fuzen/Sys/objfre/i386/basic.obj
strace_Fuzen/Sys/objfre/i386/rk_interrupt.obj
strace_Fuzen/Sys/rk_interrupt.c
strace_Fuzen/Sys/rk_interrupt.h

Sharing

General

Malware Config

Signatures

Files

b0cbe3fa986c711aae26803ada0464fe

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 16KB

a3e2977e7f867ca569ea768cb0b8e18c

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 320B - Virtual size: 290B

.data Size: 256B - Virtual size: 248B

INIT Size: 416B - Virtual size: 416B

.reloc Size: 192B - Virtual size: 180B

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 16KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 320B - Virtual size: 290B

.data
Size: 256B - Virtual size: 248B

INIT
Size: 416B - Virtual size: 416B

.reloc
Size: 192B - Virtual size: 180B