2fbc83c5a4eafdb18b32376798dff3b1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2fbc83c5a4eafdb18b32376798dff3b1_JaffaCakes118
Size

37KB
MD5

2fbc83c5a4eafdb18b32376798dff3b1
SHA1

06796592eced74884b10acee5f1204f4987093a7
SHA256

4153f724e84e4c97f8fcec6189c66b857ca06c31bc1324c682d215e55c75f15a
SHA512

d7e22def476f113b4e5c44edd5a0df175edd56108e01e9359cb94c0fe4b336432f28277619dfde185093ddc20715429b2e66699613eb75aca6510f66823852bb
SSDEEP

768:8g1m3G3PxusYslzKhMZhDiGjHalAn1AmJaOArh5EMV3:8gYec94zKOZh+yHalAnumJjArb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fbc83c5a4eafdb18b32376798dff3b1_JaffaCakes118

Files

2fbc83c5a4eafdb18b32376798dff3b1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6e3693b98060161dff5cf0e8f4c4785b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

LdrAddRefDll
ZwCreateIoCompletion
LdrUnloadDll
RtlIpv4AddressToStringA
ZwGetContextThread
ZwWriteVirtualMemory
ZwSetContextThread
ZwResumeThread
RtlInsertElementGenericTableAvl
ZwProtectVirtualMemory
strcmp
_stricmp
RtlImageDirectoryEntryToData
LdrGetDllHandle
ZwTestAlert
wcstoul
strrchr
swprintf
strcpy
strchr
RtlExitUserThread
wcslen
NtWriteFile
ZwSetInformationFile
_wcsicmp
wcsrchr
RtlEqualUnicodeString
RtlEqualString
LdrGetProcedureAddress
RtlImageNtHeader
memmove
ZwReadFile
ZwQueryInformationFile
ZwOpenFile
ZwWriteFile
RtlInitUnicodeString
ZwCreateFile
ZwQueryValueKey
ZwOpenKey
RtlFreeUnicodeString
RtlStringFromGUID
ZwWaitForSingleObject
ZwRequestPort
ZwRemoveIoCompletion
ZwSetIoCompletion
ZwQueryKey
RtlTimeToSecondsSince1970
ZwSetValueKey
ZwCreateKey
RtlFormatCurrentUserKeyPath
ZwQueryDirectoryFile
_snprintf
RtlGetFrame
RtlComputeCrc32
wcscmp
RtlLookupElementGenericTableAvl
RtlInitializeGenericTableAvl
strstr
RtlDeleteElementGenericTableAvl
ZwReplyWaitReceivePortEx
ZwCreatePort
ZwQueryInformationProcess
RtlGetCurrentPeb
RtlUnwind
_alldiv
_allmul
ZwRequestWaitReplyPort
memset
ZwClose
sprintf
RtlPushFrame
strlen
memcpy
strtoul
memcmp
ZwQuerySystemInformation
LdrFindEntryForAddress
NtQueryVirtualMemory

kernel32

DeleteCriticalSection
InitializeCriticalSection
VirtualAlloc
CreateThread
VirtualFree
LeaveCriticalSection
EnterCriticalSection
ExitThread
CreateRemoteThread
CreateFileW
GetTempPathW
WideCharToMultiByte
GetSystemTimeAsFileTime
HeapFree
GetProcessHeap
HeapAlloc
DisableThreadLibraryCalls
GetModuleHandleW
TlsAlloc
GetProcAddress
TlsSetValue
TlsGetValue
GetTickCount
GetCurrentThreadId
VirtualProtect
LoadLibraryExW
MultiByteToWideChar

user32

GetClassNameW
CallNextHookEx
SetWindowsHookExW
DrawTextExW
UnhookWindowsHookEx
DestroyWindow

ws2_32

WSAIoctl
closesocket
shutdown
WSASend
WSAGetLastError
WSARecv
WSAStartup
WSASocketW
gethostbyname
bind

advapi32

MD5Update
MD5Final
MD5Init

ole32

CLSIDFromProgID
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocStringLen
VariantClear
SysAllocString
SysFreeString
LoadTypeLibEx

rpcrt4

UuidCreateSequential

gdi32

ExtTextOutW
TextOutW

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e3693b98060161dff5cf0e8f4c4785b

Headers

File Characteristics

Imports

ntdll

kernel32

user32

ws2_32

advapi32

ole32

oleaut32

rpcrt4

gdi32

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 996B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 996B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 2KB