0c7158cb39677cfb2196904b058ac138_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c7158cb39677cfb2196904b058ac138_JaffaCakes118
Size

60KB
MD5

0c7158cb39677cfb2196904b058ac138
SHA1

0fc635d8cfa36c9b62e14fcfcb4d17fbf24a7fe7
SHA256

1191dc079d9c23863c6075fa8775d2a69c1e0df3ecddc36b1df882e3ce3308ee
SHA512

2a172eeb6973043845eb0563d6ab5cbe3fe7731a32f14cb5a6dafc3e6ab3c14328a93760a82809f019b4fb9893a83d24aec0b06066e4ba32923aaeca4238dcb7
SSDEEP

1536:Vi+G1h9fJtxBWs9DCnCp+kLDbwjGChUOu7O:I91e4DCneDbwCCNu6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c7158cb39677cfb2196904b058ac138_JaffaCakes118

Files

0c7158cb39677cfb2196904b058ac138_JaffaCakes118
.exe windows:5 windows x86 arch:x86

24e5aef14efd2a4f84dd330d7960195a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlCreateQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
ZwQueryInformationFile
ZwCreateFile
ZwWriteFile
strlen
swprintf
wcsrchr
_wcsicmp
ZwFsControlFile
ZwCreateSection
ZwMapViewOfSection
RtlImageNtHeader
RtlDosPathNameToNtPathName_U
ZwUnmapViewOfSection
ZwCreateSymbolicLinkObject
ZwLoadDriver
ZwQueryKey
ZwSetSecurityObject
ZwReadFile
RtlRandom
strrchr
LdrFindResource_U
LdrAccessResource
ZwQueryInformationProcess
wcschr
RtlEqualUnicodeString
RtlIpv4StringToAddressExW
RtlAdjustPrivilege
ZwImpersonateThread
ZwOpenThread
ZwOpenProcess
ZwQuerySystemInformation
LdrFindEntryForAddress
RtlNtStatusToDosError
memset
RtlTimeToSecondsSince1970
ZwQueryVolumeInformationFile
ZwOpenFile
wcstoul
ZwSetValueKey
ZwCreateKey
RtlInitUnicodeString
RtlFreeUnicodeString
RtlStringFromGUID
sprintf
RtlIpv4AddressToStringA
ZwClose
ZwOpenKey
ZwQueryValueKey
ZwSuspendThread
ZwQueryInformationThread
_stricmp
ZwResumeThread
ZwSetContextThread
ZwWriteVirtualMemory
ZwSetInformationFile
ZwDelayExecution
ZwWaitForSingleObject
ZwGetContextThread
RtlExitUserThread
RtlCreateUserThread
_wtoi64
ZwDuplicateObject
ZwFlushVirtualMemory
memcpy

kernel32

GetProcAddress
Sleep
GetCommandLineW
ExitProcess
GetTickCount
FreeLibrary
GetVersion
LoadLibraryW
GetModuleHandleW
HeapFree
GetProcessHeap
HeapAlloc
GetSystemTimeAsFileTime
GetLastError
BindIoCompletionCallback
GetSystemDefaultLangID

advapi32

MD5Final
MD5Update
MD5Init

ws2_32

WSASend
WSARecv
WSAIoctl
bind
closesocket
WSAGetLastError
WSASocketW
WSAStartup

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24e5aef14efd2a4f84dd330d7960195a

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

ws2_32

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 480B

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 480B

.rsrc
Size: 2KB - Virtual size: 2KB