de4ed7ce9198057747279e85f65a0c0e_JaffaCakes118

General

Target

de4ed7ce9198057747279e85f65a0c0e_JaffaCakes118
Size

12KB
MD5

de4ed7ce9198057747279e85f65a0c0e
SHA1

d2a97865e4e207a00e9901118287eaaa8eb6f3e9
SHA256

8fbe17e70aefaac4d83c8d151eeeccb1dab0e7ec50aeaa7307cdba0c35505a3c
SHA512

e3892b0659d62aff3e1649d9388f3aa502691cc4435a7dd4bc5a9fad1b9319a6ee17dc6356a166b26eda66d32f9518e911d40258a8a43d387c61ec5a71296780
SSDEEP

192:QcxMZejTs4UNtoc+vmVgqujGyiN4z3siWPa2U2HJ/SdASnpuW8RGg45HPJ9:RMOxiV+vogVSyLzVWnSpnwJiP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de4ed7ce9198057747279e85f65a0c0e_JaffaCakes118

Files

de4ed7ce9198057747279e85f65a0c0e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3e1650ee07bbbd1992f65c59a6df60f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\vc5\release\kinject.dll.pdb

Imports

ntdll

ZwSetInformationFile
_snprintf
ZwRemoveIoCompletion
RtlExitUserThread
strcmp
_stricmp
RtlImageDirectoryEntryToData
RtlGetCurrentPeb
LdrGetDllHandle
RtlInitUnicodeString
RtlEnumerateGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInsertElementGenericTableAvl
ZwClose
RtlCreateUserThread
ZwCreateIoCompletion
RtlIpv4AddressToStringA
LdrAccessResource
LdrFindResource_U
ZwTestAlert
RtlEqualUnicodeString
LdrFindEntryForAddress
RtlEqualString
LdrGetProcedureAddress
RtlImageNtHeader
RtlComputeCrc32
sprintf
ZwProtectVirtualMemory
strtoul
memcpy
RtlUnwind
NtQueryVirtualMemory

kernel32

LeaveCriticalSection
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
GetModuleHandleW
VirtualProtect
DisableThreadLibraryCalls
InitializeCriticalSection
HeapAlloc
EnterCriticalSection
DeleteCriticalSection

ws2_32

WSASocketW
bind
WSAGetLastError
closesocket
WSASend
WSARecv
shutdown
WSAIoctl

dnsapi

DnsQuery_A
DnsFree

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e1650ee07bbbd1992f65c59a6df60f7

Headers

File Characteristics

PDB Paths

Imports

ntdll

kernel32

ws2_32

dnsapi

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 484B

.rsrc Size: 512B - Virtual size: 464B

.reloc Size: 1024B - Virtual size: 812B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 484B

.rsrc
Size: 512B - Virtual size: 464B

.reloc
Size: 1024B - Virtual size: 812B