36711888ba2f4e3ca75b8cf403e1cbd2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36711888ba2f4e3ca75b8cf403e1cbd2_JaffaCakes118
Size

130KB
MD5

36711888ba2f4e3ca75b8cf403e1cbd2
SHA1

0fab2d4f44e292c20e782fd5deb84d28d521af55
SHA256

d7b957b4f613b5e56651966da42baa6a67a6f4d4b5d7db2c83ae52adec8b9e3b
SHA512

20a14b8889053ec8975ffddd46c996d907b785d66c93377edfaa1f54af44bab1d5be98ee75e11816e9f6217b70e822fe31af00443c8be829969b58fdca3aacee
SSDEEP

3072:p5rZY0Dv0DzxOpyveIn0C2cJaJFs0r9gkJKqDm+TAnBRjvt:KzwA0C2ckJ4f+iBRjv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36711888ba2f4e3ca75b8cf403e1cbd2_JaffaCakes118

Files

36711888ba2f4e3ca75b8cf403e1cbd2_JaffaCakes118
.dll windows:5 windows x86 arch:x86

80c48e0cfbdb53b22d51d245d6f219bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

ZwAcceptConnectPort
ZwCompleteConnectPort
ZwReplyWaitReceivePort
RtlCreateUserThread
ZwCreatePort
ZwUnmapViewOfSection
RtlInitUnicodeString
swprintf
ZwClose
memcpy
ZwMapViewOfSection
ZwCreateSection
ZwQueryInformationFile
ZwOpenFile
RtlImageNtHeader
RtlAddressInSectionTable
ZwQueueApcThread
RtlImageDirectoryEntryToData

kernel32

LocalFree
VirtualFree
DisableThreadLibraryCalls
FreeLibraryAndExitThread
LocalAlloc

advapi32

CryptDestroyHash
CryptVerifySignatureW
CryptHashData
CryptCreateHash
CryptImportKey
CryptAcquireContextW
CryptReleaseContext

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 182B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ