b4c4793b8a1ad09c256377c38d3eaafc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b4c4793b8a1ad09c256377c38d3eaafc_JaffaCakes118
Size

101KB
MD5

b4c4793b8a1ad09c256377c38d3eaafc
SHA1

4d818737dbfaa38ae244950a1211a982c518668a
SHA256

43fbb96db22586311816a5d789f1ffb4c950209996cdeb06c77b4bad117f735b
SHA512

cef71007f7ea64445cf54853f5ef135b51cd5bc6ffba9087c22c25da24b6310e1bae9456b488c511baf89b59bc415f61b0fcd41f077b5f52334fe1a0ee22d7d3
SSDEEP

1536:VVWZYkku7r72v86wDNt4Aeqsk65u3UTqbYt19H6vGQDP6Emmkuwi/hNh6LINOkmy:VVWZQvMxtdW5cUQgjHA7vpw80INO9Z07

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/40c46bcab9acc0d6d235491c01a66d4c6f35d884c19c6f410901af6d1e33513b
unpack001/4e39bc95e35323ab586d740725a1c8cbcde01fe453f7c4cac7cced9a26e42cc9
unpack001/5001793790939009355ba841610412e0f8d60ef5461f2ea272ccf4fd4c83b823
unpack001/7d38eb24cf5644e090e45d5efa923aff0e69a600fb0ab627e8929bb485243926
unpack001/8d7be9ed64811ea7986d788a75cbc4ca166702c6ff68c33873270d7c6597f5db
unpack001/9cd5127ef31da0e8a4e36292f2af5a9ec1de3b294da367d7c05786fe2d5de44f
unpack001/a0d82c3730bc41e267711480c8009883d1412b68977ab175421eabc34e4ef355
unpack001/a7493fac96345a989b1a03772444075754a2ef11daa22a7600466adc1f69a669
unpack001/a7e3ad8ea7edf1ca10b0e5b0d976675c3016e5933219f97e94900dea0d470abe
unpack001/b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047
unpack001/c0cf8e008fbfa0cb2c61d968057b4a077d62f64d7320769982d28107db370513
unpack001/e1ba03a10a40aab909b2ba58dcdfd378b4d264f1f4a554b669797bbb8c8ac902
unpack001/f1d903251db466d35533c28e3c032b7212aa43c8d64ddf8c5521b43031e69e1e

Files

b4c4793b8a1ad09c256377c38d3eaafc_JaffaCakes118
.zip

Password: infected
40c46bcab9acc0d6d235491c01a66d4c6f35d884c19c6f410901af6d1e33513b
.dll windows:5 windows x86 arch:x86

87b3255f800c54f1af63c438fc053143

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

memcpy
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ExFreePool
NtBuildNumber
ZwQuerySystemInformation
ZwCreateFile
memset
ZwQueryInformationFile
ExAllocatePoolWithTag
RtlUnicodeStringToInteger
mbstowcs
wcstombs
_vsnprintf
strncpy
strncmp
_strnicmp
_wcsnicmp
wcschr
strrchr
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ZwOpenKey
ZwQueryValueKey
ZwClose
RtlFreeUnicodeString
_except_handler3

hal

KeGetCurrentIrql
KeQueryPerformanceCounter

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 914B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4e39bc95e35323ab586d740725a1c8cbcde01fe453f7c4cac7cced9a26e42cc9
.dll windows:5 windows x86 arch:x86

35c12126fb9b8baedde3f556b6cae6ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

memset
memcpy
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ExFreePool
strncmp
atoi
strrchr
strncpy
NtBuildNumber
_strnicmp
ZwQuerySystemInformation
_snprintf
ZwCreateFile
ZwQueryInformationFile
strchr
ExAllocatePoolWithTag
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ZwOpenKey
ZwQueryValueKey
ZwClose
RtlFreeUnicodeString
_except_handler3

hal

KeQueryPerformanceCounter

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 642B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 718B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5001793790939009355ba841610412e0f8d60ef5461f2ea272ccf4fd4c83b823
.dll windows:5 windows x86 arch:x86

35c12126fb9b8baedde3f556b6cae6ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

memset
memcpy
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ExFreePool
strncmp
atoi
strrchr
strncpy
NtBuildNumber
_strnicmp
ZwQuerySystemInformation
_snprintf
ZwCreateFile
ZwQueryInformationFile
strchr
ExAllocatePoolWithTag
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ZwOpenKey
ZwQueryValueKey
ZwClose
RtlFreeUnicodeString
_except_handler3

hal

KeQueryPerformanceCounter

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 642B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 690B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7d38eb24cf5644e090e45d5efa923aff0e69a600fb0ab627e8929bb485243926
.dll windows:5 windows x86 arch:x86

f5b826d324210db27796ceb4a4263918

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

memcpy
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ExFreePool
NtBuildNumber
ZwQuerySystemInformation
ZwCreateFile
memset
ZwQueryInformationFile
ExAllocatePoolWithTag
mbstowcs
wcstombs
_vsnprintf
strncpy
strncmp
_strnicmp
_wcsnicmp
wcschr
strrchr
RtlInitAnsiString
RtlUnicodeStringToInteger
RtlAnsiStringToUnicodeString
ZwOpenKey
ZwQueryValueKey
ZwClose
RtlFreeUnicodeString
_except_handler3

hal

KeGetCurrentIrql
KeQueryPerformanceCounter

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8d7be9ed64811ea7986d788a75cbc4ca166702c6ff68c33873270d7c6597f5db
.dll windows:5 windows x86 arch:x86

87b3255f800c54f1af63c438fc053143

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

memcpy
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ExFreePool
NtBuildNumber
ZwQuerySystemInformation
ZwCreateFile
memset
ZwQueryInformationFile
ExAllocatePoolWithTag
RtlUnicodeStringToInteger
mbstowcs
wcstombs
_vsnprintf
strncpy
strncmp
_strnicmp
_wcsnicmp
wcschr
strrchr
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ZwOpenKey
ZwQueryValueKey
ZwClose
RtlFreeUnicodeString
_except_handler3

hal

KeGetCurrentIrql
KeQueryPerformanceCounter

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 918B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9cd5127ef31da0e8a4e36292f2af5a9ec1de3b294da367d7c05786fe2d5de44f
.sys windows:4 windows x86 arch:x86

4237fb5cda574a079eddb16048d73a2e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeQuerySystemTime
RtlUnwind
ExFreePool
ExAllocatePoolWithTag
wcscpy
ZwCreateFile
ZwQueryInformationFile
wcslen
_strnicmp
strchr
strrchr
ZwQuerySystemInformation
ExSystemTimeToLocalTime
strncmp
atoi
strncpy
NtBuildNumber
_snprintf
RtlTimeToTimeFields
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ZwOpenKey
ZwQueryValueKey
ZwClose
RtlFreeUnicodeString

hal

KeQueryPerformanceCounter

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 832B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 634B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 672B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a0d82c3730bc41e267711480c8009883d1412b68977ab175421eabc34e4ef355
.sys windows:4 windows x86 arch:x86

3f243f8268f79d4c3bb161fd3cd38b5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ExFreePool
ExAllocatePoolWithTag
wcscpy
ZwCreateFile
NtBuildNumber
ZwQueryInformationFile
wcslen
_strnicmp
strchr
strrchr
ZwQuerySystemInformation
RtlInitAnsiString
strncmp
atoi
strncpy
_snprintf
RtlAnsiStringToUnicodeString
ZwOpenKey
ZwQueryValueKey
ZwClose
RtlFreeUnicodeString
RtlUnwind

hal

KeQueryPerformanceCounter

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 832B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 634B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 672B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a7493fac96345a989b1a03772444075754a2ef11daa22a7600466adc1f69a669
.dll windows:5 windows x86 arch:x86

35c12126fb9b8baedde3f556b6cae6ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

memset
memcpy
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ExFreePool
strncmp
atoi
strrchr
strncpy
NtBuildNumber
_strnicmp
ZwQuerySystemInformation
_snprintf
ZwCreateFile
ZwQueryInformationFile
strchr
ExAllocatePoolWithTag
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ZwOpenKey
ZwQueryValueKey
ZwClose
RtlFreeUnicodeString
_except_handler3

hal

KeQueryPerformanceCounter

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 642B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 718B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a7e3ad8ea7edf1ca10b0e5b0d976675c3016e5933219f97e94900dea0d470abe
.sys windows:4 windows x86 arch:x86

a9c1041cccb87f4a7ba3b7048d4e8ad7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
ExAllocatePoolWithTag
wcscpy
ZwCreateFile
ZwQueryInformationFile
wcslen
_strnicmp
strchr
strrchr
ZwQuerySystemInformation
RtlUnwind
strncmp
atoi
strncpy
NtBuildNumber
_snprintf
KeServiceDescriptorTable
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ZwOpenKey
ZwQueryValueKey
ZwClose
RtlFreeUnicodeString

hal

KeQueryPerformanceCounter

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 832B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 608B - Virtual size: 586B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 672B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047
.sys windows:4 windows x86 arch:x86

3f243f8268f79d4c3bb161fd3cd38b5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ExFreePool
ExAllocatePoolWithTag
wcscpy
ZwCreateFile
NtBuildNumber
ZwQueryInformationFile
wcslen
_strnicmp
strchr
strrchr
ZwQuerySystemInformation
RtlInitAnsiString
strncmp
atoi
strncpy
_snprintf
RtlAnsiStringToUnicodeString
ZwOpenKey
ZwQueryValueKey
ZwClose
RtlFreeUnicodeString
RtlUnwind

hal

KeQueryPerformanceCounter

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 832B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 634B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 672B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c0cf8e008fbfa0cb2c61d968057b4a077d62f64d7320769982d28107db370513
.dll windows:5 windows x86 arch:x86

35c12126fb9b8baedde3f556b6cae6ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

memset
memcpy
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ExFreePool
strncmp
atoi
strrchr
strncpy
NtBuildNumber
_strnicmp
ZwQuerySystemInformation
_snprintf
ZwCreateFile
ZwQueryInformationFile
strchr
ExAllocatePoolWithTag
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ZwOpenKey
ZwQueryValueKey
ZwClose
RtlFreeUnicodeString
_except_handler3

hal

KeQueryPerformanceCounter

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 642B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 690B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e1ba03a10a40aab909b2ba58dcdfd378b4d264f1f4a554b669797bbb8c8ac902
.sys windows:4 windows x86 arch:x86

3f243f8268f79d4c3bb161fd3cd38b5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ExFreePool
ExAllocatePoolWithTag
wcscpy
ZwCreateFile
NtBuildNumber
ZwQueryInformationFile
wcslen
_strnicmp
strchr
strrchr
ZwQuerySystemInformation
RtlInitAnsiString
strncmp
atoi
strncpy
_snprintf
RtlAnsiStringToUnicodeString
ZwOpenKey
ZwQueryValueKey
ZwClose
RtlFreeUnicodeString
RtlUnwind

hal

KeQueryPerformanceCounter

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 832B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 634B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 672B - Virtual size: 666B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f1d903251db466d35533c28e3c032b7212aa43c8d64ddf8c5521b43031e69e1e
.sys windows:4 windows x86 arch:x86

a9c1041cccb87f4a7ba3b7048d4e8ad7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
ExAllocatePoolWithTag
wcscpy
ZwCreateFile
ZwQueryInformationFile
wcslen
_strnicmp
strchr
strrchr
ZwQuerySystemInformation
RtlUnwind
strncmp
atoi
strncpy
NtBuildNumber
_snprintf
KeServiceDescriptorTable
RtlInitAnsiString
RtlAnsiStringToUnicodeString
ZwOpenKey
ZwQueryValueKey
ZwClose
RtlFreeUnicodeString

hal

KeQueryPerformanceCounter

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 832B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 608B - Virtual size: 586B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 672B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

87b3255f800c54f1af63c438fc053143

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 512B - Virtual size: 260B

.data Size: 1024B - Virtual size: 824B

INIT Size: 1024B - Virtual size: 736B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 914B

35c12126fb9b8baedde3f556b6cae6ef

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 512B - Virtual size: 244B

.data Size: 1024B - Virtual size: 824B

INIT Size: 1024B - Virtual size: 642B

.reloc Size: 1024B - Virtual size: 718B

35c12126fb9b8baedde3f556b6cae6ef

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 512B - Virtual size: 244B

.data Size: 1024B - Virtual size: 816B

INIT Size: 1024B - Virtual size: 642B

.reloc Size: 1024B - Virtual size: 690B

f5b826d324210db27796ceb4a4263918

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 512B - Virtual size: 260B

.data Size: 1024B - Virtual size: 824B

INIT Size: 1024B - Virtual size: 736B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 904B

87b3255f800c54f1af63c438fc053143

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 512B - Virtual size: 260B

.data Size: 1024B - Virtual size: 828B

INIT Size: 1024B - Virtual size: 736B

.reloc Size: 1024B - Virtual size: 918B

4237fb5cda574a079eddb16048d73a2e

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 832B - Virtual size: 824B

INIT Size: 640B - Virtual size: 634B

.reloc Size: 672B - Virtual size: 652B

3f243f8268f79d4c3bb161fd3cd38b5c

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 512B - Virtual size: 260B

.data
Size: 1024B - Virtual size: 824B

INIT
Size: 1024B - Virtual size: 736B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 914B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 244B

.data
Size: 1024B - Virtual size: 824B

INIT
Size: 1024B - Virtual size: 642B

.reloc
Size: 1024B - Virtual size: 718B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 512B - Virtual size: 244B

.data
Size: 1024B - Virtual size: 816B

INIT
Size: 1024B - Virtual size: 642B

.reloc
Size: 1024B - Virtual size: 690B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 512B - Virtual size: 260B

.data
Size: 1024B - Virtual size: 824B

INIT
Size: 1024B - Virtual size: 736B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 904B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 512B - Virtual size: 260B

.data
Size: 1024B - Virtual size: 828B

INIT
Size: 1024B - Virtual size: 736B

.reloc
Size: 1024B - Virtual size: 918B

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 832B - Virtual size: 824B

INIT
Size: 640B - Virtual size: 634B

.reloc
Size: 672B - Virtual size: 652B

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 832B - Virtual size: 824B

INIT
Size: 640B - Virtual size: 634B

.reloc
Size: 672B - Virtual size: 668B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 244B

.data
Size: 1024B - Virtual size: 824B

INIT
Size: 1024B - Virtual size: 642B

.reloc
Size: 1024B - Virtual size: 718B

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 832B - Virtual size: 824B

INIT
Size: 608B - Virtual size: 586B

.reloc
Size: 672B - Virtual size: 644B

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 832B - Virtual size: 832B

INIT
Size: 640B - Virtual size: 634B

.reloc
Size: 672B - Virtual size: 672B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 512B - Virtual size: 244B

.data
Size: 1024B - Virtual size: 816B

INIT
Size: 1024B - Virtual size: 642B

.reloc
Size: 1024B - Virtual size: 690B

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 832B - Virtual size: 824B

INIT
Size: 640B - Virtual size: 634B

.reloc
Size: 672B - Virtual size: 666B