f80c58d475926f1de1a0b038ed7c3ba0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f80c58d475926f1de1a0b038ed7c3ba0_JaffaCakes118
Size

39KB
MD5

f80c58d475926f1de1a0b038ed7c3ba0
SHA1

d0d0c5996ae6221afade34708c84d77c9df6f7b4
SHA256

5796d4721bd847745707eb4649c456cdf51382f57d532d0f13e6979672a5be15
SHA512

22d0d7affd1427be1b2356715b6400f4331bc9615457593055d4fd564893995121c7cbd9e81b89277f393bc04b40a7663e4b63ecccff504c2e4c09f0dcac4fda
SSDEEP

768:7XmTzlxg5RwJf3oCu+39Fae279Rjo5CwXjC4Or:TmrIwJfu+39we0fo5CijCNr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f80c58d475926f1de1a0b038ed7c3ba0_JaffaCakes118

Files

f80c58d475926f1de1a0b038ed7c3ba0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f4e8ddb8d3cd664feea77feb242c2100

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

termdd.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
wcscat
wcscpy
ExFreePoolWithTag
ExAllocatePoolWithTag
KeLeaveCriticalRegion
ExReleaseResourceLite
wcscmp
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
MmSizeOfMdl
KeSetEvent
IoInitializeIrp
KeClearEvent
MmMapLockedPages
IoGetCurrentProcess
IoGetRequestorProcess
_except_handler3
IofCompleteRequest
IoReleaseCancelSpinLock
ExRaiseAccessViolation
MmUserProbeAddress
ExDeleteResourceLite
strncpy
_stricmp
IoAcquireCancelSpinLock
KeQuerySystemTime
ExInitializeResourceLite
memchr
ExIsResourceAcquiredExclusiveLite
ProbeForWrite
RtlEqualSid
SeQueryInformationToken
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthRequiredSid
ObReferenceObjectByHandle
IoFileObjectType
KeInitializeSpinLock
IoDeleteDevice
RtlQueryRegistryValues
IoCreateDevice
ExAcquireResourceSharedLite
IoWriteErrorLogEntry
KeInitializeEvent
wcslen
ExQueueWorkItem
DbgBreakPoint
ZwQuerySystemInformation
DbgPrint
ExEventObjectType
KeDelayExecutionThread
_allmul
KeWaitForMultipleObjects
PsCreateSystemThread
_alldiv
ZwClose
KeCancelTimer
KeSetTimer
KeInitializeDpc
KeInitializeTimer
_snprintf
RtlTimeToTimeFields
ExSystemTimeToLocalTime
PsGetCurrentThread
_vsnprintf
ZwCreateFile
_wcsicmp
RtlDeleteElementGenericTable
RtlEnumerateGenericTable
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlInitializeGenericTable
IoStartPacket
memmove
IoStartNextPacket
IoDeleteController
IoCreateController
IoAttachDeviceToDeviceStack
IoInvalidateDeviceState
PoStartNextPowerIrp
PoSetPowerState
IoDetachDevice
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
IoWMIRegistrationControl
PoCallDriver
KeTickCount
KeBugCheckEx
ZwLoadDriver
IoGetDeviceObjectPointer
IoBuildDeviceIoControlRequest
ObfDereferenceObject
ZwUnloadDriver
ObfReferenceObject
IofCallDriver
IoAllocateErrorLogEntry
KeWaitForSingleObject
IoQueueThreadIrp
KeGetCurrentThread
IoBuildAsynchronousFsdRequest
IoGetRelatedDeviceObject

hal

KfAcquireSpinLock
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql
KfReleaseSpinLock

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Exports

Exports

IcaAllocateWorkItem
IcaBreakOnDebugger
IcaBufferAlloc
IcaBufferError
IcaBufferFree
IcaBufferGetUsableSpace
IcaCallNextDriver
IcaChannelInput
IcaCloseHandle
IcaCreateHandle
IcaCreateThread
IcaFlowControlSleep
IcaFlowControlWait
IcaGetSizeForNoLowWaterMark
IcaLogError
IcaQueueWorkItem
IcaQueueWorkItemEx
IcaRawInput
IcaReturnHandle
IcaSleep
IcaStackAllocatePool
IcaStackAllocatePoolWithTag
IcaStackFreePool
IcaStackTrace
IcaStackTraceBuffer
IcaSystemTrace
IcaSystemTraceBuffer
IcaTimerCancel
IcaTimerClose
IcaTimerCreate
IcaTimerStart
IcaWaitForMultipleObjects
IcaWaitForSingleObject

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4e8ddb8d3cd664feea77feb242c2100

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

wmilib.sys

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 1024B - Virtual size: 980B

.data Size: 768B - Virtual size: 760B

PAGE Size: 2KB - Virtual size: 2KB

.edata Size: 1024B - Virtual size: 964B

INIT Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 1024B - Virtual size: 980B

.data
Size: 768B - Virtual size: 760B

PAGE
Size: 2KB - Virtual size: 2KB

.edata
Size: 1024B - Virtual size: 964B

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 2KB - Virtual size: 2KB