bcbbe98e7d37c8b98e32d5327d4729f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bcbbe98e7d37c8b98e32d5327d4729f3_JaffaCakes118
Size

42KB
MD5

bcbbe98e7d37c8b98e32d5327d4729f3
SHA1

9f3ef7d025aaf87433c62ef778cae0d574fe6db9
SHA256

30a73aa4682b72215b058d2e484876f06c81cbd458d4f3e3afc871dccd86a2dd
SHA512

3100dc09109c47330caca8528e56bbdf9dbe3de3a6fe2840f6c2511c0f088c4ff979255034036820cc8b9d49e40c46ebf5e0e900628cd63c34b9821338f0cc89
SSDEEP

768:xUTmAZwmEq1ojMQ3Tkf8+z9V1WHmuJuCGfQ6xdkY1PzD2gVXaTC:xA0mxDQ3ovLQGug/fQ6xe8PzqaXaTC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcbbe98e7d37c8b98e32d5327d4729f3_JaffaCakes118

Files

bcbbe98e7d37c8b98e32d5327d4729f3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a5706624ad9b86e135aed4691ec58e79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwReadFile
ZwQueryInformationFile
strrchr
ZwCreateFile
ZwWriteFile
ZwQueryVolumeInformationFile
wcslen
ZwSetInformationFile
RtlAdjustPrivilege
RtlIpv4StringToAddressA
ZwOpenThreadTokenEx
_wcsicmp
strcmp
strcpy
sprintf
memcmp
strchr
LdrFindResource_U
ZwSetSecurityObject
wcsrchr
swprintf
strlen
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlCreateQueryDebugBuffer
RtlEqualUnicodeString
ZwQuerySystemInformation
ZwSuspendThread
ZwQueryInformationThread
ZwOpenThread
_stricmp
RtlNtStatusToDosError
RtlIpv4AddressToStringA
ZwClose
ZwEnumerateKey
ZwOpenKey
ZwQueryKey
ZwResumeThread
ZwLoadDriver
ZwCreateSymbolicLinkObject
ZwUnmapViewOfSection
ZwFlushVirtualMemory
RtlImageNtHeader
ZwMapViewOfSection
ZwCreateSection
ZwFsControlFile
ZwOpenFile
ZwSetValueKey
ZwCreateKey
LdrAccessResource
RtlInitUnicodeString
ZwAdjustPrivilegesToken
memset
RtlIpv4StringToAddressW
ZwQueryValueKey
ZwImpersonateThread
memcpy

kernel32

DeleteTimerQueueTimer
Sleep
GetVersion
ExitProcess
GetTickCount
CreateTimerQueueTimer
VirtualAlloc
GetSystemTimeAsFileTime
GetLastError
BindIoCompletionCallback
LocalFree
LocalAlloc

advapi32

MD5Update
MD5Final
MD5Init

ws2_32

WSACleanup
WSARecvFrom
WSASendTo
setsockopt
WSASend
WSARecv
WSAIoctl
bind
closesocket
WSAGetLastError
WSASocketW
WSAStartup

cabinet

ord20
ord22
ord23

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 400B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5706624ad9b86e135aed4691ec58e79

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

ws2_32

cabinet

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 400B - Virtual size: 392B

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 400B - Virtual size: 392B

.rsrc
Size: 2KB - Virtual size: 2KB