b133d12ece6661d738c4494a38d42e23_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b133d12ece6661d738c4494a38d42e23_JaffaCakes118
Size

20KB
MD5

b133d12ece6661d738c4494a38d42e23
SHA1

1744127214a4310d06583b4ed7fcc1ef9a99a4ec
SHA256

6377b521f9e25aaeb2e42e35af633f07be453794ef33249ef2f462b91cacb7c9
SHA512

5ad49df151c8e20966ace7255a19b5430f4077a0cdb1b0a26a8edfdf1d080c7baf038b8639c12355970a4bc2c58d49282d20f7b414c3cf5ef45172c795c4d1a1
SSDEEP

384:PjPR5JQQxjwWkoPGla3zcVjD8YHmFGYI4MEB1:bPR5Jfxj/koPG4jc58Km3l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b133d12ece6661d738c4494a38d42e23_JaffaCakes118

Files

b133d12ece6661d738c4494a38d42e23_JaffaCakes118
.dll windows:5 windows x86 arch:x86

85595bb59ed8452f643f2818e578ac87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlInitUnicodeString
ZwCreateFile
strtoul
ZwWriteFile
swprintf
memset
ZwClose
ZwOpenKey
RtlNtStatusToDosError
ZwOpenFile
ZwQueryInformationFile
ZwSetValueKey
ZwSetInformationFile
ZwQueryKey
ZwReadFile
wcscat
ZwDelayExecution
RtlComputeCrc32
wcslen
wcscpy
sprintf
ZwAlertThread
ZwQueryValueKey
memcpy

kernel32

GetSystemDefaultLangID
BindIoCompletionCallback
CreateThread
FreeLibraryAndExitThread
Sleep
GetSystemTime
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
GetLastError
CreateProcessW
GetTickCount
GetVersion

advapi32

MD5Final
MD5Update
MD5Init

ws2_32

WSAStartup
WSASend
WSARecv
WSAIoctl
bind
closesocket
WSAGetLastError
WSASocketW
WSACleanup

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ