0c0da7329a8881ea611ed036763573e1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c0da7329a8881ea611ed036763573e1_JaffaCakes118
Size

8KB
MD5

0c0da7329a8881ea611ed036763573e1
SHA1

b322c30a3e4e0b6df3e76e7eb8102b7b98030853
SHA256

a92d8a7a05c2e5a11d0b615c4f0e54be765329732a26f8faf75f7e700fbf62bd
SHA512

3314b166da8070e89fc06674cf38612efb06586afe3b8d7a6756e8e43a73bd04aa0024d443a04d72d7468da538e1cac622971b0967c95a7cbed3240de9e82746
SSDEEP

96:BPiQnCyvczZioHUr0zmfQCLHLJIx3W1NjqsKEMRII7h6JSO/2cxZTy9P/9DosE7J:BPii1CZivI85FtmP9ESv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c0da7329a8881ea611ed036763573e1_JaffaCakes118

Files

0c0da7329a8881ea611ed036763573e1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

45a9f707749a5062ac3016025ae6b674

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

ZwQueryKey
ZwOpenFile
ZwReadFile
ZwWriteFile
ZwCreateFile
RtlComputeCrc32
ZwPlugPlayControl
memcpy
ZwSetContextThread
LdrFindEntryForAddress
RtlImageNtHeader
RtlImageDirectoryEntryToData
LdrLoadDll
memset
ZwAdjustPrivilegesToken
ZwOpenProcessToken
ZwDeleteValueKey
ZwOpenKey
wcslen
ZwSetValueKey
ZwClose
RtlInitUnicodeString
ZwCreateKey
ZwQueryAttributesFile
swprintf

kernel32

GetModuleHandleW
RemoveVectoredExceptionHandler
LoadLibraryW
CreateProcessW
GetCurrentProcess
FreeLibrary
AddVectoredExceptionHandler

advapi32

MD5Final
MD5Init
MD5Update

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ