f7a1fa1b66952d9990c1c42982e0e447_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f7a1fa1b66952d9990c1c42982e0e447_JaffaCakes118
Size

56KB
MD5

f7a1fa1b66952d9990c1c42982e0e447
SHA1

daeaf8bd01e7d846c759e9b1a1c03d8fa85f7836
SHA256

ae785941f9e1f7e8db4b1bc036fce08ac1a76ca5973949c47f69ace317c9540a
SHA512

a0e1895720b0296bb876d784802e109357d43caef5869239b854c6c17537590c73a7b4bde54124d01b684dece9ea32146a183870521262e1c70d60e138bb765e
SSDEEP

768:007fgWBlKI/FjXp3+xC8vQV/54qNloy7sXZ4vBGxfNFobgWeIB8pmFXikt+Tl9wN:0SlTn+xZu/54wwX/o78p8ikt+nw5T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7a1fa1b66952d9990c1c42982e0e447_JaffaCakes118

Files

f7a1fa1b66952d9990c1c42982e0e447_JaffaCakes118
.dll windows:4 windows x86 arch:x86

591d369dc440c84b750dfc5161fffb44

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

ZwEnumerateKey
_stricmp
ZwCreateEvent
IoDeleteSymbolicLink
memmove
strncmp
RtlAnsiStringToUnicodeString
InterlockedIncrement
InterlockedDecrement
NtBuildNumber
InterlockedCompareExchange
strstr
IoDeleteDevice
KeSetEvent
swprintf
strchr
KeInitializeEvent
RtlInitAnsiString
atoi
ZwQuerySystemInformation
RtlFreeUnicodeString
PsCreateSystemThread
ZwDeleteKey
InterlockedExchange
IofCompleteRequest
ObReferenceObjectByHandle
KeWaitForSingleObject
KeTickCount
IoCreateSymbolicLink
ObfDereferenceObject
RtlUnicodeStringToInteger
IoCreateDevice
atol
KeInitializeMutex
KeSetPriorityThread
KeReleaseMutex
KeGetCurrentThread
KefAcquireSpinLockAtDpcLevel
KeInitializeSemaphore
KeReleaseSemaphore
KeReadStateSemaphore
KefReleaseSpinLockFromDpcLevel
KeInitializeSpinLock
ZwQueryInformationProcess
ZwQueryVolumeInformationFile
RtlAppendUnicodeStringToString
memset
RtlAppendUnicodeToString
strlen
sprintf
ZwOpenKey
ZwWriteFile
ZwQueryInformationFile
ZwOpenFile
KeServiceDescriptorTable
RtlCompareUnicodeString
ZwDeleteFile
ZwClose
ZwQueryDirectoryFile
ZwQueryValueKey
ZwCreateFile
ZwSetInformationFile
ZwSetValueKey
RtlInitUnicodeString
ZwReadFile
ExFreePool
RtlCompareMemory
KeQuerySystemTime
ExAllocatePoolWithTag
PsTerminateSystemThread
memcpy
_except_handler3

hal

KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisAllocateBuffer
NdisDprAllocatePacket
NdisFreeSpinLock
NdisQueryBufferOffset
NdisFreeBufferPool
NdisAllocateSpinLock
NdisDprFreePacket
NdisAllocateBufferPool
NdisAcquireSpinLock
NDIS_BUFFER_TO_SPAN_PAGES
NdisAllocatePacketPoolEx
NdisReleaseSpinLock
NdisUnchainBufferAtFront
NdisFreeBuffer
NdisFreePacketPool
NdisMSleep
NdisGetFirstBufferFromPacket
NdisAllocatePacket
NdisDprAcquireSpinLock
NdisFreePacket
NdisDprReleaseSpinLock
NdisQueryBuffer
NdisOpenAdapter
NdisCloseAdapter

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 677B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

591d369dc440c84b750dfc5161fffb44

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 37KB - Virtual size: 37KB

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 1024B - Virtual size: 677B

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 71KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 37KB - Virtual size: 37KB

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1024B - Virtual size: 677B

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 71KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 4KB - Virtual size: 3KB