c95694844402fe3616a3cd4d41918d1b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c95694844402fe3616a3cd4d41918d1b_JaffaCakes118
Size

42KB
MD5

c95694844402fe3616a3cd4d41918d1b
SHA1

f58e81e22fd3358edb1bc8419876befbabe1a853
SHA256

742f61ad7a0c5c0097065f96fb87998d4f7016d908c510ddf7dc4f6f43a602ff
SHA512

283b6f163935888c45eae3b976b67b1c3edb32f50169a72f2e6171ef50b6f0b06523d14217bc6c10202a635e4818317ef14e717e2d710c868a3c19ce31146c1c
SSDEEP

768:xUTmAZwmEq1ojMQ3Tkf8+z9V1WHmuJuCGfQ6xdkY1PzD2gVXhsi:xA0mxDQ3ovLQGug/fQ6xe8PzqaXh1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c95694844402fe3616a3cd4d41918d1b_JaffaCakes118

Files

c95694844402fe3616a3cd4d41918d1b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a5706624ad9b86e135aed4691ec58e79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwReadFile
ZwQueryInformationFile
strrchr
ZwCreateFile
ZwWriteFile
ZwQueryVolumeInformationFile
wcslen
ZwSetInformationFile
RtlAdjustPrivilege
RtlIpv4StringToAddressA
ZwOpenThreadTokenEx
_wcsicmp
strcmp
strcpy
sprintf
memcmp
strchr
LdrFindResource_U
ZwSetSecurityObject
wcsrchr
swprintf
strlen
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlCreateQueryDebugBuffer
RtlEqualUnicodeString
ZwQuerySystemInformation
ZwSuspendThread
ZwQueryInformationThread
ZwOpenThread
_stricmp
RtlNtStatusToDosError
RtlIpv4AddressToStringA
ZwClose
ZwEnumerateKey
ZwOpenKey
ZwQueryKey
ZwResumeThread
ZwLoadDriver
ZwCreateSymbolicLinkObject
ZwUnmapViewOfSection
ZwFlushVirtualMemory
RtlImageNtHeader
ZwMapViewOfSection
ZwCreateSection
ZwFsControlFile
ZwOpenFile
ZwSetValueKey
ZwCreateKey
LdrAccessResource
RtlInitUnicodeString
ZwAdjustPrivilegesToken
memset
RtlIpv4StringToAddressW
ZwQueryValueKey
ZwImpersonateThread
memcpy

kernel32

DeleteTimerQueueTimer
Sleep
GetVersion
ExitProcess
GetTickCount
CreateTimerQueueTimer
VirtualAlloc
GetSystemTimeAsFileTime
GetLastError
BindIoCompletionCallback
LocalFree
LocalAlloc

advapi32

MD5Update
MD5Final
MD5Init

ws2_32

WSACleanup
WSARecvFrom
WSASendTo
setsockopt
WSASend
WSARecv
WSAIoctl
bind
closesocket
WSAGetLastError
WSASocketW
WSAStartup

cabinet

ord20
ord22
ord23

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 400B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5706624ad9b86e135aed4691ec58e79

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

ws2_32

cabinet

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 400B - Virtual size: 392B

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 400B - Virtual size: 392B

.rsrc
Size: 2KB - Virtual size: 2KB