2a6372cf0759e35be914eed98b34aa5d_JaffaCakes118

General

Target

2a6372cf0759e35be914eed98b34aa5d_JaffaCakes118
Size

48KB
MD5

2a6372cf0759e35be914eed98b34aa5d
SHA1

eb4d028bca7911ccb02fc39d6c6061289bcce9b6
SHA256

d8e6deec599f8970f1543f265b75e4cd967c2f4ee27f5563bf07d509e4448b5b
SHA512

38face44eb6d985a17e91fc79cad222b97a5aa5e4596fedb5f6328be2a9d4f1e442c1c09e06f93f36e3f9bc1af2675e3b75f40589491195c00e2fb2a46349c61
SSDEEP

768:u6gSj00sFsVcFpwTJ25+WB90/uDff7jTP9ICkKozDeqreJALhRJcU:u9SQrVFCN2B90uDfLeKO3re21R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a6372cf0759e35be914eed98b34aa5d_JaffaCakes118

Files

2a6372cf0759e35be914eed98b34aa5d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9891b27e4a7eba657286d3cb1155b549

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

memset
MmIsDriverVerifying
RtlFindFirstRunClear
RtlEmptyAtomTable
ZwQuerySystemInformation
IoRegisterFsRegistrationChange
NtConnectPort
CcPinRead
ExInterlockedPopEntryList
KeAcquireSpinLockAtDpcLevel
mbstowcs
SeAssignSecurityEx
RtlUpcaseUnicodeToMultiByteN
ExDisableResourceBoostLite
RtlFreeOemString
KeCancelTimer
ExAllocatePool
FsRtlLookupLastLargeMcbEntryAndIndex
RtlTimeToSecondsSince1970
FsRtlAddLargeMcbEntry
SeAuditingFileEvents
PoStartNextPowerIrp
KeDelayExecutionThread
KeSetTimerEx
RtlxUnicodeStringToAnsiSize
strchr
IoGetDeviceProperty
RtlLookupElementGenericTableFull
InbvNotifyDisplayOwnershipLost
ObAssignSecurity
RtlDecompressBuffer
KeInitializeTimerEx
MmTrimAllSystemPagableMemory
KeEnterCriticalRegion
KeInitializeDpc
SeAccessCheck
Exfi386InterlockedIncrementLong
ExFreePool

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9891b27e4a7eba657286d3cb1155b549

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 28KB - Virtual size: 28KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 28KB - Virtual size: 28KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB