3cce0611d65ca6ee09608bf7c16d03ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3cce0611d65ca6ee09608bf7c16d03ff_JaffaCakes118
Size

48KB
MD5

3cce0611d65ca6ee09608bf7c16d03ff
SHA1

8e33634c6068f569c70eabcb50f637b96c1c8bc1
SHA256

d7570456227cec4e2a9de2f2388134fcdfa08210e4082a9636256fc19f011f78
SHA512

8487f2cdbef95fa85cf7856bfca896a2d41bbb1207f6f6aacee7d163f7b4b5d8e6d4763355eabf4b8e3fa78de5ca337861700c4ab833ec155f8602e872d6e17c
SSDEEP

768:1eGZk2d1vzKdz5U/7kFYECM61a5j81XBXgEl1V4+eCetEG8wNRb6/MAtnYiM4iPB:13bLKhuQ6rB7V4+eCeeG8qb7AtnSnino

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cce0611d65ca6ee09608bf7c16d03ff_JaffaCakes118

Files

3cce0611d65ca6ee09608bf7c16d03ff_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8f6dff663d2657ef3292714595d9d42f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

memcpy
ExFreePoolWithTag
strcpy
ExAllocatePoolWithTag
strlen
_vsnprintf
memset
ExAllocatePool
IoFreeIrp
KeSetEvent
IoFreeMdl
MmUnlockPages
KeWaitForSingleObject
MmProbeAndLockPages
IoAllocateMdl
IoAllocateIrp
KeInitializeEvent
KeGetCurrentThread
IoGetDeviceObjectPointer
RtlInitUnicodeString
ZwQueryInformationFile
ObfDereferenceObject
ObReferenceObjectByHandle
IoFileObjectType
ZwReadFile
_allmul
RtlFreeUnicodeString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlUpcaseUnicodeString
RtlCompareUnicodeString
RtlCompareMemory
KeDelayExecutionThread
strncpy
strstr
ZwSetInformationFile
ZwDeleteFile
ZwQueryDirectoryFile
ZwCreateFile
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
KeServiceDescriptorTable
MmUnmapLockedPages
strcmp
IofCompleteRequest
RtlRandom
MmMapLockedPagesSpecifyCache
wcslen
ZwQueryValueKey
wcscat
wcscpy
ZwEnumerateKey
ZwOpenKey
wcschr
ExReleaseFastMutexUnsafe
IoGetRelatedDeviceObject
RtlAnsiStringToUnicodeString
ExAcquireFastMutexUnsafe
strcat
KeClearEvent
KeReadStateEvent
IoDeleteDevice
RtlCopyUnicodeString
IoCreateDevice
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
strchr
KeQuerySystemTime
RtlTimeToTimeFields
ExSystemTimeToLocalTime
RtlQueryRegistryValues
ZwSetValueKey
ZwDeleteKey
_vsnwprintf
DbgPrint
_alldiv
PsCreateSystemThread
atol
strncmp
IofCallDriver
IoBuildDeviceIoControlRequest
_except_handler3
IoCancelIrp

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f6dff663d2657ef3292714595d9d42f

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 19KB

INIT Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 19KB

INIT
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB