142b6d25644cdea92bde76d5bee0e76e_JaffaCakes118

General

Target

142b6d25644cdea92bde76d5bee0e76e_JaffaCakes118
Size

168KB
MD5

142b6d25644cdea92bde76d5bee0e76e
SHA1

1b393fc92b3bab722d960cc09c41bc4860355d68
SHA256

7b71821d529b11f06cbf4259483bd28a8243598da8753e9916d66ed92f50bfaf
SHA512

f19c9b12fecf80d97ae57abe3feac6df943fd45d489d4ff59838b3597c88d7e7a02d931712d2f661845f3b2f9606fb671df82bfc164319b9e187d5962577efa1
SSDEEP

3072:8u6ayYMCc+rKlsVOIFEJ46wWKnlyY8+uXNFLKQ0:RNsCc+WlOOIF8u4+mFLL0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
142b6d25644cdea92bde76d5bee0e76e_JaffaCakes118

Files

142b6d25644cdea92bde76d5bee0e76e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ce15b17916b9fcce885de7bb47e4fbc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

p:\vc5\release\_uac.pdb

Imports

ntdll

ZwOpenProcessToken
ZwQueryInformationToken
ZwOpenEvent
RtlImageNtHeader
RtlIpv4StringToAddressW
ZwEnumerateKey
RtlIpv4AddressToStringA
RtlIpv4StringToAddressA
RtlAdjustPrivilege
ZwWriteFile
strtoul
ZwCreateFile
RtlIpv4StringToAddressExA
strchr
memset
RtlNtStatusToDosError
wcscpy
wcscat
ZwProtectVirtualMemory
ZwQueryInformationProcess
RtlTimeToSecondsSince1970
ZwQueryVolumeInformationFile
sprintf
RtlRandom
ZwAllocateLocallyUniqueId
RtlStringFromGUID
ZwQueryValueKey
ZwOpenKey
RtlComputeCrc32
RtlTimeToTimeFields
ZwResumeThread
RtlFreeUnicodeString
ZwSetContextThread
ZwWriteVirtualMemory
RtlExitUserThread
ZwSetInformationFile
ZwDelayExecution
ZwClose
ZwWaitForSingleObject
ZwGetContextThread
ZwDuplicateObject
ZwOpenFile
RtlDosPathNameToNtPathName_U
LdrFindEntryForAddress
wcslen
RtlInitUnicodeString
RtlPrefixUnicodeString
RtlGetCurrentPeb
swprintf
memcpy
_allshr

kernel32

GetTickCount
GetVersion
GetSystemDefaultLangID
ExitProcess
Sleep
GetSystemTimeAsFileTime
GetLastError
DeleteTimerQueueTimer
CreateTimerQueueTimer
CreateProcessW
LocalFree
LocalAlloc
BindIoCompletionCallback

advapi32

MD5Final
MD5Init
MD5Update

ws2_32

WSAStartup
WSASocketW
WSAGetLastError
closesocket
bind
WSAIoctl
WSARecv
WSASend
setsockopt
WSASendTo
WSARecvFrom

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ce15b17916b9fcce885de7bb47e4fbc1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

ws2_32

Sections

.text Size: 163KB - Virtual size: 162KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 264B

.text
Size: 163KB - Virtual size: 162KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 264B