29b1e8bdb059bab59741207524e63da4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29b1e8bdb059bab59741207524e63da4_JaffaCakes118
Size

59KB
MD5

29b1e8bdb059bab59741207524e63da4
SHA1

29fddd965d105408d8ec6fea48d8675da82e4c63
SHA256

61b8092bb66514e761873a6601391b7c14d66f649c93a26748bc932c6fbb8a5a
SHA512

08697d261fc28b20d7cba7f8d3bf42f8884997cf99d6d7cb30e2e4739b43e9d9ceef6045acaca3d05ec8216ab62ff834ef5d264bcd079b39fca045348889d2a7
SSDEEP

1536:N2G1cyUtCy+VrsU/VK9vPLyc0OyHEKqzIVJq80/+kRVnWxo/:8Yy+VrskQ92fOCeksh+I5WW/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29b1e8bdb059bab59741207524e63da4_JaffaCakes118

Files

29b1e8bdb059bab59741207524e63da4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c3577012537d183b09f0921683a8fdcd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlCreateQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
ZwQueryInformationFile
ZwCreateFile
ZwWriteFile
strlen
swprintf
wcsrchr
_wcsicmp
ZwFsControlFile
ZwCreateSection
ZwMapViewOfSection
RtlImageNtHeader
ZwOpenFile
ZwUnmapViewOfSection
ZwCreateSymbolicLinkObject
ZwLoadDriver
ZwQueryKey
ZwSetSecurityObject
ZwReadFile
RtlRandom
strrchr
LdrFindResource_U
LdrAccessResource
ZwQueryInformationProcess
RtlEqualUnicodeString
RtlIpv4StringToAddressExW
RtlDosPathNameToNtPathName_U
RtlAdjustPrivilege
ZwImpersonateThread
ZwOpenThread
ZwOpenProcess
ZwQuerySystemInformation
LdrFindEntryForAddress
RtlNtStatusToDosError
memset
wcslen
ZwSetValueKey
ZwCreateKey
wcstoul
RtlInitUnicodeString
RtlFreeUnicodeString
RtlStringFromGUID
RtlComputeCrc32
sprintf
RtlIpv4AddressToStringA
ZwClose
ZwOpenKey
ZwQueryValueKey
ZwSuspendThread
ZwQueryInformationThread
_stricmp
ZwResumeThread
ZwSetContextThread
ZwWriteVirtualMemory
ZwSetInformationFile
ZwDelayExecution
ZwWaitForSingleObject
ZwGetContextThread
RtlExitUserThread
RtlCreateUserThread
wcschr
ZwDuplicateObject
ZwFlushVirtualMemory
memcpy

kernel32

GetProcAddress
Sleep
GetCommandLineW
ExitProcess
GetTickCount
FreeLibrary
GetVersion
LoadLibraryW
GetModuleHandleW
HeapFree
GetProcessHeap
HeapAlloc
GetSystemTimeAsFileTime
GetLastError
BindIoCompletionCallback
GetSystemDefaultLangID

advapi32

MD5Final
MD5Update
MD5Init

ws2_32

WSASend
WSARecv
WSAIoctl
bind
closesocket
WSAGetLastError
WSASocketW
WSAStartup

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3577012537d183b09f0921683a8fdcd

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

ws2_32

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 444B

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 444B

.rsrc
Size: 2KB - Virtual size: 2KB