a2845e0384ffcdac82da3538b588a8fb_JaffaCakes118

General

Target

a2845e0384ffcdac82da3538b588a8fb_JaffaCakes118
Size

168KB
MD5

a2845e0384ffcdac82da3538b588a8fb
SHA1

1aa6feb97493b68cd8e31e1cf5e6b4dc3a3fa5ad
SHA256

956a33f27f1e391e7a85a276604c51c048118ad5d0f14e74771e543335e580b1
SHA512

797709825beff76427c62ee2d16f129620e961967ebb7e2a7e5860233f60dc7302c67e7c1e83f1211c2598582ef4d431a45da7a176a19b61af202ff246dbfb15
SSDEEP

3072:ou6ayYMCc+rKlsVOIFEJ46wWKnlyY8+uXNFLKQ0:NNsCc+WlOOIF8u4+mFLL0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2845e0384ffcdac82da3538b588a8fb_JaffaCakes118

Files

a2845e0384ffcdac82da3538b588a8fb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ce15b17916b9fcce885de7bb47e4fbc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

p:\vc5\release\_uac.pdb

Imports

ntdll

ZwOpenProcessToken
ZwQueryInformationToken
ZwOpenEvent
RtlImageNtHeader
RtlIpv4StringToAddressW
ZwEnumerateKey
RtlIpv4AddressToStringA
RtlIpv4StringToAddressA
RtlAdjustPrivilege
ZwWriteFile
strtoul
ZwCreateFile
RtlIpv4StringToAddressExA
strchr
memset
RtlNtStatusToDosError
wcscpy
wcscat
ZwProtectVirtualMemory
ZwQueryInformationProcess
RtlTimeToSecondsSince1970
ZwQueryVolumeInformationFile
sprintf
RtlRandom
ZwAllocateLocallyUniqueId
RtlStringFromGUID
ZwQueryValueKey
ZwOpenKey
RtlComputeCrc32
RtlTimeToTimeFields
ZwResumeThread
RtlFreeUnicodeString
ZwSetContextThread
ZwWriteVirtualMemory
RtlExitUserThread
ZwSetInformationFile
ZwDelayExecution
ZwClose
ZwWaitForSingleObject
ZwGetContextThread
ZwDuplicateObject
ZwOpenFile
RtlDosPathNameToNtPathName_U
LdrFindEntryForAddress
wcslen
RtlInitUnicodeString
RtlPrefixUnicodeString
RtlGetCurrentPeb
swprintf
memcpy
_allshr

kernel32

GetTickCount
GetVersion
GetSystemDefaultLangID
ExitProcess
Sleep
GetSystemTimeAsFileTime
GetLastError
DeleteTimerQueueTimer
CreateTimerQueueTimer
CreateProcessW
LocalFree
LocalAlloc
BindIoCompletionCallback

advapi32

MD5Final
MD5Init
MD5Update

ws2_32

WSAStartup
WSASocketW
WSAGetLastError
closesocket
bind
WSAIoctl
WSARecv
WSASend
setsockopt
WSASendTo
WSARecvFrom

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ce15b17916b9fcce885de7bb47e4fbc1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

ws2_32

Sections

.text Size: 163KB - Virtual size: 162KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 264B

.text
Size: 163KB - Virtual size: 162KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 264B