ceab74a8d35e6255a006751bc4521be9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ceab74a8d35e6255a006751bc4521be9_JaffaCakes118
Size

114KB
MD5

ceab74a8d35e6255a006751bc4521be9
SHA1

31bad300d7016df5c15d06a1f7c602e174869c7c
SHA256

074934901e742551543c57a328f2da8a3e5e0a9da5e2718a3b3dd0e015d7103c
SHA512

5697eff99f998271ff9854da91771ced0f494170378474f052691e892eb2e5b789db504dbd8011b06b4bb4d27fbd222e2a85f725cad9d5dd58ac2bb17824fea4
SSDEEP

3072:9HCFqDeXkijbphHHMa1y12kPnJoNRDuUlb:RCFkeUijbphnmkkPJojDuUl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ceab74a8d35e6255a006751bc4521be9_JaffaCakes118

Files

ceab74a8d35e6255a006751bc4521be9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d1d15155b164b9f3f71c1bdc5d361c70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\VC5\release\av_install.pdb

Imports

ntdll

ZwCreateFile
memset
RtlIpv4AddressToStringA
ZwOpenThread
ZwOpenProcess
RtlEqualUnicodeString
ZwQuerySystemInformation
ZwQueryInformationProcess
RtlFreeUnicodeString
ZwResumeThread
RtlNtStatusToDosError
_vsnprintf
RtlTimeToTimeFields
wcsstr
ZwSetContextThread
RtlIpv4StringToAddressExA
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwOpenThreadTokenEx
RtlGetCurrentPeb
RtlPrefixUnicodeString
wcschr
LdrFindEntryForAddress
strtoul
ZwDuplicateObject
RtlExitUserThread
RtlCreateUserThread
ZwGetContextThread
ZwWaitForSingleObject
ZwDelayExecution
memcpy
RtlIpv4StringToAddressA
RtlIpv4StringToAddressW
ZwDeleteFile
ZwEnumerateKey
ZwDeleteKey
ZwQueryValueKey
ZwCreateKey
ZwSetValueKey
LdrFindResource_U
swprintf
wcslen
memcmp
RtlComputeCrc32
LdrAccessResource
RtlImageNtHeader
strlen
sprintf
wcscpy
ZwWriteFile
ZwSetInformationFile
ZwQueryInformationFile
ZwOpenFile
RtlIpv4AddressToStringExA
ZwSetInformationToken
ZwDuplicateToken
ZwAdjustPrivilegesToken
ZwOpenProcessToken
ZwFreeVirtualMemory
ZwWriteVirtualMemory
ZwAllocateVirtualMemory
RtlAdjustPrivilege
RtlDosPathNameToNtPathName_U
ZwImpersonateThread
RtlInitUnicodeString
ZwOpenKey
ZwQueryKey
ZwClose
DbgPrint

kernel32

GetCurrentThreadId
GetSystemTimeAsFileTime
WideCharToMultiByte
CreateRemoteThread
CreateProcessW
GetCommandLineW
ExitThread
GetLastError
BindIoCompletionCallback
DeleteTimerQueueTimer
CreateTimerQueueTimer
ExitProcess
SetThreadLocale
CopyFileW
LocalFree
LocalAlloc
GetVersion
LoadLibraryW
GetModuleHandleW

advapi32

MD5Update
MD5Init
CreateProcessAsUserW
MD5Final

user32

DestroyIcon
DestroyWindow
AdjustWindowRect
GetSystemMetrics
CreateWindowExW
PostQuitMessage
DefWindowProcW
OpenDesktopW
SetThreadDesktop
LoadIconW
LoadCursorW
RegisterClassW
GetMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW
SetDlgItemTextW
SendMessageW
GetDlgItem
EndDialog
SetWindowLongW
GetWindowLongW
DialogBoxParamW
FindWindowW
PostMessageW
GetClientRect
SetWindowTextW
MessageBoxW

comctl32

ord17

mswsock

AcceptEx

rpcrt4

UuidCreateSequential

gdi32

GetStockObject
SetBkColor
SetTextColor

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
LoadTypeLibEx
SysFreeString
VariantClear

ws2_32

WSASendTo
setsockopt
WSASend
WSARecv
WSAIoctl
bind
listen
getsockname
closesocket
WSASocketW
WSAGetLastError
WSAStartup
WSACleanup
WSARecvFrom

secur32

AcquireCredentialsHandleW
QueryContextAttributesW
FreeContextBuffer
InitializeSecurityContextW
DeleteSecurityContext
EncryptMessage
FreeCredentialsHandle
DecryptMessage

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1d15155b164b9f3f71c1bdc5d361c70

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

user32

comctl32

mswsock

rpcrt4

gdi32

ole32

oleaut32

ws2_32

secur32

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 940B

.rsrc Size: 29KB - Virtual size: 29KB

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 940B

.rsrc
Size: 29KB - Virtual size: 29KB