0d0d5fad03e0d9c2dea1fae99cfdeb38_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d0d5fad03e0d9c2dea1fae99cfdeb38_JaffaCakes118
Size

45KB
MD5

0d0d5fad03e0d9c2dea1fae99cfdeb38
SHA1

7377bdf63f8e6e2526ef616268c977efcdd76bf7
SHA256

db6a53bf90e4bf0d5da3f77f364653c93b50b87ead38b0fc478b6c23d9afdd93
SHA512

3b6fb53fac56e7a2fb2a7e63bebda9144952b9356fbc3f58d87dadfd4222cc1bc95ed2f1cab2b290b1f5e182b941aab6dfc122bea5ef87057f7653045805528b
SSDEEP

768:rKgGXefEhguK0iMG45iVDCuorZv1LWAPizQy0WljCljBe6/DQlr4MLoT:+gJfsg30XB5iDCuW1LWAPi1rj8jUMQ94

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d0d5fad03e0d9c2dea1fae99cfdeb38_JaffaCakes118

Files

0d0d5fad03e0d9c2dea1fae99cfdeb38_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1d3b508a0a3c1db621a13364146d2a4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlCreateQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
ZwQueryInformationFile
ZwCreateFile
ZwWriteFile
strlen
swprintf
wcsrchr
_wcsicmp
ZwFsControlFile
ZwCreateSection
ZwMapViewOfSection
ZwImpersonateThread
ZwFlushVirtualMemory
ZwUnmapViewOfSection
ZwCreateSymbolicLinkObject
ZwLoadDriver
ZwSetSecurityObject
ZwReadFile
RtlRandom
strrchr
LdrFindResource_U
LdrAccessResource
ZwSetEvent
RtlEqualUnicodeString
ZwCreateEvent
ZwOpenThread
ZwOpenProcess
ZwQuerySystemInformation
LdrFindEntryForAddress
RtlNtStatusToDosError
memset
wcslen
ZwSetValueKey
ZwCreateKey
wcstoul
RtlInitUnicodeString
RtlFreeUnicodeString
RtlStringFromGUID
ZwQueryKey
RtlComputeCrc32
sprintf
RtlIpv4AddressToStringA
ZwClose
ZwOpenKey
ZwQueryValueKey
ZwSuspendThread
ZwQueryInformationThread
_stricmp
ZwResumeThread
ZwSetContextThread
ZwWriteVirtualMemory
ZwSetInformationFile
ZwDelayExecution
ZwWaitForSingleObject
ZwGetContextThread
RtlExitUserThread
RtlCreateUserThread
ZwDuplicateObject
RtlDosPathNameToNtPathName_U
ZwOpenFile
ZwQueryInformationProcess
RtlAdjustPrivilege
RtlImageNtHeader
memcpy
_allshr

kernel32

LoadLibraryW
ExitProcess
GetTickCount
FreeLibrary
GetProcAddress
GetVersion
GetModuleHandleW
HeapFree
GetProcessHeap
HeapAlloc
GetSystemTimeAsFileTime
GetLastError
BindIoCompletionCallback
GetSystemDefaultLangID

advapi32

MD5Final
MD5Update
MD5Init

ws2_32

WSAStartup
WSASend
WSARecv
WSAIoctl
bind
closesocket
WSAGetLastError
WSASocketW
WSACleanup

rpcrt4

UuidCreateSequential

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d3b508a0a3c1db621a13364146d2a4f

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

ws2_32

rpcrt4

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 464B

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 464B

.rsrc
Size: 2KB - Virtual size: 2KB