1900a03be7a5982f94ce149ab24a6152_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1900a03be7a5982f94ce149ab24a6152_JaffaCakes118
Size

57KB
MD5

1900a03be7a5982f94ce149ab24a6152
SHA1

1918c2ca5618b79ebcda91efe361908bbffb26ec
SHA256

7ce41cf104afdd5f5f62995f69b3c9a2237e032c160e3b3055f0c4144bf11872
SHA512

992052826603833c907e06d8fd1ab890e2a2516defccc2c357a8642021cb8391c50907c90244bb488f80fab4defbe9bd2a9446385ce3f8109d2e148f515d0320
SSDEEP

1536:WLYvJ+0uL5C/PRba5eCVgT8LIZq2dzTT:GYvJu9C/WVgw0Y2df

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1900a03be7a5982f94ce149ab24a6152_JaffaCakes118

Files

1900a03be7a5982f94ce149ab24a6152_JaffaCakes118
.dll windows:4 windows x86 arch:x86

07391c61713fa9f27261d8e3d854d28b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

strlen
strchr
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ObReferenceObjectByHandle
PsCreateSystemThread
NtBuildNumber
InterlockedCompareExchange
KeSetEvent
_stricmp
ZwQuerySystemInformation
IofCompleteRequest
InterlockedIncrement
RtlUnicodeStringToInteger
ObfDereferenceObject
InterlockedDecrement
RtlFreeUnicodeString
PsTerminateSystemThread
KeWaitForSingleObject
swprintf
strstr
strncmp
sprintf
memmove
KeInitializeEvent
atol
InterlockedExchange
IoDeleteSymbolicLink
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
ZwCreateEvent
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeInitializeSemaphore
KeReleaseMutex
KeReleaseSemaphore
_except_handler3
KeReadStateSemaphore
KeSetPriorityThread
KeGetCurrentThread
KeInitializeMutex
KeInitializeSpinLock
ZwQueryVolumeInformationFile
ZwQueryInformationProcess
memset
ZwEnumerateKey
ZwDeleteKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwOpenKey
KeServiceDescriptorTable
ZwQueryValueKey
ZwSetValueKey
ZwCreateFile
ZwOpenFile
ZwReadFile
ZwWriteFile
ZwDeleteFile
ZwClose
ZwQueryInformationFile
ZwSetInformationFile
ZwQueryDirectoryFile
RtlInitUnicodeString
RtlCompareUnicodeString
ExFreePool
RtlCompareMemory
ExAllocatePoolWithTag
memcpy
atoi
KeQuerySystemTime

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisFreePacketPool
NdisFreeSpinLock
NdisDprAllocatePacket
NdisDprFreePacket
NdisUnchainBufferAtFront
NdisAllocateBufferPool
NdisAllocatePacketPoolEx
NdisMSleep
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisFreeBufferPool
NdisQueryBuffer
NdisFreeBuffer
NdisAllocatePacket
NdisAllocateBuffer
NdisFreePacket
NdisAllocateSpinLock
NdisDprAcquireSpinLock
NdisDprReleaseSpinLock
NdisAcquireSpinLock
NdisReleaseSpinLock
NdisCloseAdapter
NdisGetFirstBufferFromPacket
NdisOpenAdapter

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07391c61713fa9f27261d8e3d854d28b

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 38KB - Virtual size: 37KB

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 1024B - Virtual size: 680B

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 71KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 38KB - Virtual size: 37KB

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1024B - Virtual size: 680B

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 71KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 3KB