0c9c67224b6e0907f380ce2015f4d1bf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c9c67224b6e0907f380ce2015f4d1bf_JaffaCakes118
Size

22KB
MD5

0c9c67224b6e0907f380ce2015f4d1bf
SHA1

9e255dc2b9f56a1c34708204e0cdc7eb9c6cfb21
SHA256

47075698d3b2afa0f8126c1b94a0ac57bf037992e9f8584ddaccb0488dd7bbb6
SHA512

eca67ca659ef6aa120b15d4dd7f877a0293eac10e93fd9219263bf976b5dc1030c2c4820286eb96aa7132fdae4d749b2389d747c5abf433a37c4559f95f48a84
SSDEEP

384:crr/FMYeNifbMxBB5VXCtlWaI8h5wWLGc84JLPowz1cG5e8IAAi9rQ/WaI8h5wWL:crrGiYjk/h6itXb5e89Ai9rQFh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c9c67224b6e0907f380ce2015f4d1bf_JaffaCakes118

Files

0c9c67224b6e0907f380ce2015f4d1bf_JaffaCakes118
.sys windows:5 windows x86 arch:x86

77466e69f5d4fdf85714eabccd03f004

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tunmp.pdb

Imports

ntoskrnl.exe

KeTickCount
ObSetSecurityObjectByPointer
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlLengthSid
SeExports
ExAllocatePoolWithTag
RtlLengthRequiredSid
RtlInitializeSid
RtlCreateAcl
RtlAddAccessAllowedAce
DbgPrint
ExFreePoolWithTag
Exfi386InterlockedDecrementLong
MmMapLockedPagesSpecifyCache
IoReleaseCancelSpinLock
IofCompleteRequest
KeInitializeSpinLock
RtlIntegerToUnicodeString
wcscpy
RtlInitUnicodeString
KeBugCheckEx
RtlAppendUnicodeStringToString

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisMRegisterMiniport
NdisMRegisterUnloadHandler
NdisTerminateWrapper
NdisFreePacket
NdisAllocateMemoryWithTag
NdisMSetAttributesEx
NdisOpenConfiguration
NdisReadNetworkAddress
NdisInitializeWrapper
NdisCloseConfiguration
NdisAllocatePacketPoolEx
NdisInitializeEvent
NdisWaitEvent
NdisFreePacketPool
NdisFreeMemory
NdisMRegisterDevice
NdisMDeregisterDevice
NdisAllocatePacket
NdisReadConfiguration
NdisSetEvent

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 370B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.drep
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 614B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77466e69f5d4fdf85714eabccd03f004

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 384B - Virtual size: 370B

.data Size: 384B - Virtual size: 296B

INIT Size: 1KB - Virtual size: 1KB

.drep Size: 10KB - Virtual size: 10KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 640B - Virtual size: 614B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 384B - Virtual size: 370B

.data
Size: 384B - Virtual size: 296B

INIT
Size: 1KB - Virtual size: 1KB

.drep
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 640B - Virtual size: 614B