df7cb2f12b508d3184450d75e4af1052_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df7cb2f12b508d3184450d75e4af1052_JaffaCakes118
Size

61KB
MD5

df7cb2f12b508d3184450d75e4af1052
SHA1

a19248f293b8128808b09ed8cad90c6d6a1cceb5
SHA256

54618945aba6f3c689d963262d493def46d0664328ddbaa2bd0fa7f6c7f2accc
SHA512

6b397b22586fd0312dde1a1e73d91ea26a384be1da14e9f59c7ef670d5c5df730d6157cd119cc9eb5ea2987acfe86841ba91c38d954dc66dc4e5ab72805539da
SSDEEP

1536:HQpR4uRvP2vN0ZByRQqg/Wwn3cSGM+HykmuhvISknU75o:Hp4P2vNsQCqg/W8ctHLmuhw9Ua

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df7cb2f12b508d3184450d75e4af1052_JaffaCakes118

Files

df7cb2f12b508d3184450d75e4af1052_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b3903ce4a3592b898ea7a66a0ccb8ce4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

ZwClose
ZwOpenProcess
ZwOpenProcessToken
ZwQueryInformationToken
strcpy
ZwQueryInformationProcess
_strupr
strstr
wcscpy
memset
mbstowcs
wcstombs
memcpy
_aulldiv
_allmul
RtlUnwind
NtQueryVirtualMemory

kernel32

FindNextFileW
FindClose
FindFirstFileW
ExpandEnvironmentStringsW
WriteProcessMemory
SetFilePointer
GetModuleFileNameA
ReadProcessMemory
CreateFileA
lstrcatA
lstrlenA
WriteFile
CloseHandle
GetLastError
HeapAlloc
DeleteFileA
lstrcpyA
HeapFree
LoadLibraryA
HeapCreate
SetEvent
HeapReAlloc
GetTickCount
InterlockedIncrement
InterlockedDecrement
HeapDestroy
Sleep
InterlockedExchange
GetModuleHandleA
GetProcAddress
CreateEventA
lstrcatW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTempPathA
CreateThread
lstrlenW
SetWaitableTimer
WaitForMultipleObjects
CreateMutexA
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetComputerNameW
ReleaseMutex
CreateWaitableTimerA
LoadLibraryExW
SetLastError
RegisterWaitForSingleObject
UnregisterWait
GetFileAttributesA
GetTempFileNameA
GetFileAttributesW
CreateProcessA
OpenProcess
lstrcpynA
GlobalLock
GlobalUnlock
lstrcmpiA
GetCurrentProcess
ReadFile
CallNamedPipeA
lstrcmpW
FreeLibraryAndExitThread
InitializeCriticalSection
DisableThreadLibraryCalls
SleepEx
ResetEvent
SetEndOfFile
LocalAlloc
LocalFree
FreeLibrary
RaiseException
CreateRemoteThread
GetLocalTime
VirtualAllocEx
GetVersion
lstrcmpA
DeleteCriticalSection
VirtualProtect
QueueUserWorkItem

Exports

Exports

CreateProcessNotify

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3903ce4a3592b898ea7a66a0ccb8ce4

Headers

File Characteristics

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 2KB - Virtual size: 2KB

.bss Size: 3KB - Virtual size: 3KB

.reloc Size: 5KB - Virtual size: 8KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 2KB

.bss
Size: 3KB - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 8KB