2acad854cedded84e6197cf9277b949f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2acad854cedded84e6197cf9277b949f_JaffaCakes118
Size

32KB
MD5

2acad854cedded84e6197cf9277b949f
SHA1

316d0e98290d8af85c7b96d698591d55b35892c9
SHA256

7676dde47f3f093b55374f9feaeff0dda2a2e2077dbdfb65a3c51c7857f79245
SHA512

144c7be47b2f3e042acdf919cc1277d22a56b02e56c518bf5c0d92ad5d7c32417e29ad790afec9a58fc88c9d960e9c9536d7ae639584b441e28c9131ee5ebe39
SSDEEP

768:IT6nykvVrQTIddbU4XS5xTzoTkHsQ5u1/TcOkN8oRq7Kkhx/vDf:W6RQk8wSjoTkMx7cOk6oghx/7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2acad854cedded84e6197cf9277b949f_JaffaCakes118

Files

2acad854cedded84e6197cf9277b949f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8807cc9bec39277744a7ff278833460b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

MmUnmapLockedPages
MmProtectMdlSystemAddress
MmAddVerifierThunks
MmAllocateMappingAddress
MmAdvanceMdl
RtlSubtreePredecessor
RtlRealSuccessor
RtlStringFromGUID
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
ZwFsControlFile
ZwQueryFullAttributesFile
VerSetConditionMask
_wcsnicmp
ZwMapViewOfSection
RtlIntegerToUnicodeString
RtlCheckRegistryKey
RtlAppendUnicodeToString
RtlUnicodeStringToAnsiString
_strupr
wcsncat
RtlCompareString
MmAddPhysicalMemory
ZwSetEvent
RtlLengthSecurityDescriptor
RtlFreeAnsiString
strrchr
wcsspn
ZwOpenFile
RtlxUnicodeStringToAnsiSize
ZwDeleteKey
ZwLoadDriver
MmUnmapViewInSessionSpace

Exports

Exports

__ZwAllocateVirtualMemory@4
__ZwFreeVirtualMemory@8
__ZwWaitForSingleObject@4

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.excode
Size: 512B - Virtual size: 347B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8807cc9bec39277744a7ff278833460b

Headers

File Characteristics

Imports

ntoskrnl.exe

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.excode Size: 512B - Virtual size: 347B

.rdata Size: 1024B - Virtual size: 580B

.pdata Size: 16KB - Virtual size: 16KB

.edata Size: 512B - Virtual size: 162B

INIT Size: 1024B - Virtual size: 882B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 362B

.text
Size: 5KB - Virtual size: 4KB

.excode
Size: 512B - Virtual size: 347B

.rdata
Size: 1024B - Virtual size: 580B

.pdata
Size: 16KB - Virtual size: 16KB

.edata
Size: 512B - Virtual size: 162B

INIT
Size: 1024B - Virtual size: 882B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 362B