0f15a32d78942210438a47f1ec115fba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f15a32d78942210438a47f1ec115fba_JaffaCakes118
Size

280KB
MD5

0f15a32d78942210438a47f1ec115fba
SHA1

930aaec98794e2ff0112e13eec7fbcb3586ef3f1
SHA256

cc05c9e5662fa28b45a2b869f18c8924fe13da89527e04e47c714d5467f18677
SHA512

9770d6f623551f917fcabee34e55b196d8930cac2351d7dc95e7f3aa53618d3d5d868c66ef0bbe635bfbc7e9a4b0b66b29280a9e28116c6b84eb05ea954f5316
SSDEEP

6144:5IEs87k0PaHy0P4k4hrhB+u0eqKdPfHEMwfP:I87k/S0PQt+u0e3vEln

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f15a32d78942210438a47f1ec115fba_JaffaCakes118

Files

0f15a32d78942210438a47f1ec115fba_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9cd578e926d618adaa7a2c8a6396e242

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kload

MasterCallNext
KDrawText
LogWithTwoNumbers
GetNextSpecialAfsFileId
DebugWithTwoNumbers
DebugWithNumber
DebugWithThreeNumbers
GetSpecialAfsFileInfo
loadReplaceFile
LogWithNumberAndString
LogWithNumber
DebugWithString
RegisterAfsReplaceCallback
MasterHookFunction
Log
GetPESInfo
RegisterKModule
HookFunction
UnhookFunction
MasterUnhookFunction
LogWithTwoStrings

kernel32

GetLastError
LCMapStringW
LCMapStringA
SetEndOfFile
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetFilePointer
ReadFile
MultiByteToWideChar
FlushFileBuffers
SetStdHandle
IsBadWritePtr
VirtualAlloc
WriteFile
VirtualProtect
CloseHandle
CreateFileA
Sleep
InterlockedExchange
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
GetProcAddress
GetModuleHandleA
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9cd578e926d618adaa7a2c8a6396e242

Headers

File Characteristics

Imports

kload

kernel32

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 26KB

.rsrc Size: 4KB - Virtual size: 808B

.reloc Size: 8KB - Virtual size: 6KB

.text Size: 188KB - Virtual size: 188KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 26KB

.rsrc
Size: 4KB - Virtual size: 808B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 188KB - Virtual size: 188KB