c933adfc290398c091d0a77a66c69355_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c933adfc290398c091d0a77a66c69355_JaffaCakes118
Size

35KB
MD5

c933adfc290398c091d0a77a66c69355
SHA1

98de051509f9daeaac2dcd6595f7413ac0703e3d
SHA256

e58eea96bcf91d09d00f5f558bfdac736c9e9e925857f6c49f4bafbd43f11fbe
SHA512

ec7ff37d3e678223bf23f5567827676f977e0154e218d8949ca98c2356328d4fa95da61b5507d8b83623572ed051c637f9ef067f3840c972267ea6ce8bb5b78d
SSDEEP

768:3hGdt4fAJG40HseVgT0xKctYAp2vYqrwb2ZkKqC6qtC:FO0gZOJBewb2pqC6qt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c933adfc290398c091d0a77a66c69355_JaffaCakes118

Files

c933adfc290398c091d0a77a66c69355_JaffaCakes118
.dll windows:5 windows x64 arch:x64

a934d735d273b58e112f6214f072d102

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\vc5\x64\release\resident.pdb

Imports

ntdll

ZwOpenProcess
ZwQuerySystemInformation
sprintf
strcpy
strcmp
RtlFreeUnicodeString
ZwWriteFile
ZwCreateFile
wcscpy
wcscat
RtlDosPathNameToNtPathName_U
strchr
ZwQueryInformationToken
RtlComputeCrc32
ZwSetInformationToken
ZwDuplicateToken
ZwOpenProcessToken
ZwQueryInformationProcess
wcslen
RtlInitUnicodeString
RtlPrefixUnicodeString
RtlGetCurrentPeb
RtlIpv4StringToAddressA
RtlTimeToTimeFields
RtlNtStatusToDosError
RtlEqualSid
ZwOpenKey
memset
wcsrchr
memcpy
ZwQueryValueKey
RtlStringFromGUID
swprintf
ZwCreateKey
ZwOpenFile
ZwQueryVolumeInformationFile
RtlTimeToSecondsSince1970
LdrFindResource_U
LdrAccessResource
ZwSetValueKey
_wcsicmp
strtoul
LdrProcessRelocationBlock
RtlImageDirectoryEntryToData
RtlImageNtHeader
ZwSetLowEventPair
ZwWaitHighEventPair
ZwSetHighWaitLowEventPair
ZwCreateEventPair
ZwSetHighEventPair
memcmp
RtlExitUserThread
strlen
_strlwr
ZwOpenEventPair
LdrFindEntryForAddress
ZwWriteVirtualMemory
ZwAllocateVirtualMemory
LdrGetProcedureAddress
ZwQueryInformationThread
ZwOpenThread
ZwCancelTimer
ZwTerminateThread
ZwWaitForSingleObject
ZwDelayExecution
ZwSetTimer
ZwCreateTimer
ZwAlertThread
ZwAdjustPrivilegesToken
wcscmp
ZwSetInformationFile
ZwQueueApcThread
ZwAllocateLocallyUniqueId
ZwClose
RtlEqualUnicodeString
__chkstk

kernel32

GetModuleHandleW
GetCurrentThreadId
GlobalDeleteAtom
GlobalAddAtomW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetSystemTimeAsFileTime
GetLastError
BindIoCompletionCallback
GetSystemDefaultLangID
DisableThreadLibraryCalls
QueueUserWorkItem
LoadLibraryA
VirtualAlloc
SwitchToThread
GetTickCount
Sleep
LoadLibraryExW
CreateThread
IsDebuggerPresent
LoadLibraryW
LocalFree
LocalAlloc
GetVersion
WideCharToMultiByte
CreateProcessW
VirtualFree

advapi32

MD5Init
MD5Update
MD5Final
CreateProcessAsUserW

ws2_32

WSARecvFrom
WSASendTo
setsockopt
WSASend
WSARecv
WSAIoctl
bind
closesocket
WSASocketW
WSACleanup
WSAStartup
WSAGetLastError

ole32

CoInitializeEx
CoCreateInstance
CLSIDFromProgID
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantClear
SysAllocStringLen
LoadTypeLibEx

cabinet

ord22
ord23
ord20

user32

GetThreadDesktop
OpenDesktopW
GetWindowThreadProcessId
DefWindowProcW
SendMessageW
SetThreadDesktop
UnhookWinEvent
PackDDElParam
PostQuitMessage
SetWindowLongPtrW
GetWindowLongPtrW
PostMessageW
RegisterClassW
CreateWindowExW
SetWinEventHook
GetMessageW
FreeDDElParam
DispatchMessageW
CloseDesktop
UnpackDDElParam
UnregisterClassW
DestroyWindow

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a934d735d273b58e112f6214f072d102

Headers

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

ws2_32

ole32

oleaut32

cabinet

user32

userenv

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 972B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 320B

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 972B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 320B